Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

WINHTTP.dll is not a valid Windows image.


  • This topic is locked This topic is locked
3 replies to this topic

#1 HiItsPeter

HiItsPeter

  • Members
  • 8 posts
  • OFFLINE
  •  

Posted 15 December 2015 - 10:47 AM

Hello, i've been advised to post into this topic from here, by following the Preparation Guide, Before Using Malware Removal Tools and Requesting Help: http://www.bleepingcomputer.com/forums/t/599264/winhttpdll-is-not-a-valid-windows-image/ . Every single information about the error generated is in the topic above.

 

 

Here are the logs from the FRST scan and the Addition:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:14-12-2015
Ran by Gica (administrator) on VIOREL (15-12-2015 17:28:42)
Running from C:\Documents and Settings\Gica\My Documents\Downloads
Loaded Profiles: Gica (Available Profiles: Gica)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 6 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe
(Valve Corporation) C:\Program Files\Steam\Steam.exe
(Valve Corporation) C:\Program Files\Steam\bin\steamwebhelper.exe
() C:\Documents and Settings\All Users\Application Data\Avira\Launcher\Temp\avira_antivirus_en-us.exe
(Avira Operations GmbH & Co. KG) C:\WINDOWS\Temp\RarSFX4\presetup.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamresearch.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [18084864 2009-01-12] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [57344 2008-06-18] (Realtek Semiconductor Corp.)
HKLM\...\Run: [NvMediaCenter] => RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [nwiz] => nwiz.exe /install
HKLM\...\Run: [Avira SystrayStartTrigger] => C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe [66320 2015-11-23] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-73586283-1965331169-1801674531-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [4810520 2014-09-25] (Piriform Ltd)
HKU\S-1-5-21-73586283-1965331169-1801674531-1003\...\Run: [Steam] => C:\Program Files\Steam\steam.exe [3013712 2015-12-14] (Valve Corporation)
HKU\S-1-5-21-73586283-1965331169-1801674531-1003\...\Run: [tsiVideo] => rundll32.exe C:\DOCUME~1\Gica\LOCALS~1\Temp\mdi064.dll,dalmat <===== ATTENTION
HKU\S-1-5-21-73586283-1965331169-1801674531-1003\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [50749056 2015-12-08] (Skype Technologies S.A.)
HKU\S-1-5-21-73586283-1965331169-1801674531-1003\...\MountPoints2: {dfce3586-8b64-11e4-b9f5-00241d0dae90} - F:\setup.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{82ECF072-79ED-4BEA-88F6-53C5D93D3072}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-73586283-1965331169-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-21-73586283-1965331169-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKU\S-1-5-21-73586283-1965331169-1801674531-1003 - DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll (DeviceVM Inc.)
URLSearchHook: HKU\S-1-5-21-73586283-1965331169-1801674531-1003 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <======= ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-73586283-1965331169-1801674531-1003 -> DefaultScope {FD63BF63-BFFF-4B8F-9D26-4267DF7F17DD} URL = hxxp://www.google.com/custom?q={searchTerms}&sa.x=0&sa.y=0&safe=active&client=pub-3794288947762788&forid=1&channel=1975384696&ie=UTF-8&oe=UTF-8&hl=en&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1
SearchScopes: HKU\S-1-5-21-73586283-1965331169-1801674531-1003 -> {FD63BF63-BFFF-4B8F-9D26-4267DF7F17DD} URL = hxxp://www.google.com/custom?q={searchTerms}&sa.x=0&sa.y=0&safe=active&client=pub-3794288947762788&forid=1&channel=1975384696&ie=UTF-8&oe=UTF-8&hl=en&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-09-27] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-09-27] (Oracle Corporation)

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Gica\Application Data\Mozilla\Firefox\Profiles\dobj5h9s.default
FF Homepage: www.google.ro
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-19] ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-09-27] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-09-27] (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Extension: Avira Browser Safety - C:\Documents and Settings\Gica\Application Data\Mozilla\Firefox\Profiles\dobj5h9s.default\Extensions\abs@avira.com [2015-12-14] [not signed]
FF HKLM\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: HP Smart Print - C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension [2015-05-19] [not signed]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-11-18] [not signed]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Avira.ServiceHost; C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [249624 2015-11-23] (Avira Operations GmbH & Co. KG)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-09-27] (Oracle Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [6887696 2015-11-30] (TeamViewer GmbH)
S3 TunngleService; C:\Program Files\Tunngle\TnglCtrl.exe [809456 2015-12-07] (Tunngle.net GmbH) [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AmdK8; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [36864 2006-07-01] (Advanced Micro Devices)
S3 gdrv; C:\WINDOWS\gdrv.sys [16608 2014-09-27] (Windows ® 2000 DDK provider)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [170200 2015-12-15] (Malwarebytes)
R3 tap0901t; C:\WINDOWS\System32\DRIVERS\tap0901t.sys [35552 2015-12-07] (Tunngle.net)
S4 IntelIde; no ImagePath
U1 WS2IFSL; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-15 17:28 - 2015-12-15 17:28 - 00000000 ____D C:\FRST
2015-12-15 17:27 - 2015-12-15 17:28 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-12-15 17:27 - 2015-12-15 17:27 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-12-15 17:27 - 2015-12-15 17:27 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2015-12-15 17:27 - 2015-12-15 17:27 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2015-12-15 17:27 - 2015-10-05 09:50 - 00121560 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-12-15 17:27 - 2015-10-05 09:50 - 00023256 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2015-12-13 23:03 - 2015-12-13 23:03 - 00000000 ____D C:\Program Files\Speccy
2015-12-12 19:00 - 2015-12-12 19:00 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Riot Games
2015-12-12 18:54 - 2015-12-12 23:07 - 00000000 ____D C:\Documents and Settings\Gica\Application Data\TS3Client
2015-12-12 18:53 - 2015-12-12 18:53 - 00001209 _____ C:\Documents and Settings\Gica\Desktop\TeamSpeak 3 Client.lnk
2015-12-12 18:53 - 2015-12-12 18:53 - 00000000 ____D C:\Documents and Settings\Gica\Local Settings\Application Data\Overwolf
2015-12-12 18:52 - 2015-12-12 18:53 - 00000000 ____D C:\Documents and Settings\Gica\Start Menu\Programs\TeamSpeak 3 Client
2015-12-12 18:52 - 2015-12-12 18:53 - 00000000 ____D C:\Documents and Settings\Gica\Local Settings\Application Data\TeamSpeak 3 Client
2015-12-12 15:37 - 2015-12-12 15:37 - 00000000 ____D C:\Documents and Settings\Gica\Application Data\EurekaLog
2015-12-12 15:37 - 2015-12-12 15:36 - 00000678 _____ C:\Documents and Settings\Gica\Desktop\Tunngle.lnk
2015-12-12 15:36 - 2015-12-12 15:39 - 00000000 ____D C:\Documents and Settings\Gica\Application Data\Tunngle
2015-12-12 15:36 - 2015-12-12 15:37 - 00000000 ____D C:\Program Files\Tunngle
2015-12-12 15:36 - 2015-12-12 15:37 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Tunngle
2015-12-12 15:36 - 2015-12-12 15:36 - 00000000 ____D C:\Documents and Settings\Gica\My Documents\Tunngle
2015-12-12 15:36 - 2015-12-12 15:36 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Tunngle
2015-12-12 15:36 - 2015-12-07 22:30 - 00035552 _____ (Tunngle.net) C:\WINDOWS\system32\Drivers\tap0901t.sys
2015-12-12 15:32 - 2015-12-12 15:34 - 00000000 ____D C:\Documents and Settings\Gica\Application Data\Riot Games
2015-12-12 15:30 - 2015-12-12 15:30 - 00001018 _____ C:\Documents and Settings\Gica\Desktop\Play Left4dead 2 2013.lnk
2015-12-12 13:55 - 2015-12-12 13:55 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2015-12-12 13:52 - 2015-12-12 13:52 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVAST Software
2015-12-11 23:14 - 2015-12-11 23:15 - 00000000 ____D C:\Documents and Settings\Gica\Application Data\Winamp
2015-12-11 23:14 - 2015-12-11 23:14 - 00000654 _____ C:\Documents and Settings\All Users\Desktop\Winamp.lnk
2015-12-11 23:14 - 2015-12-11 23:14 - 00000000 ____D C:\Program Files\Winamp
2015-12-11 23:14 - 2015-12-11 23:14 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Winamp
2015-12-11 23:14 - 2011-03-04 21:44 - 02095600 ____N (Sonic Solutions) C:\WINDOWS\system32\pxsfs.dll
2015-12-11 23:14 - 2011-03-04 21:44 - 00698864 ____N (Sonic Solutions) C:\WINDOWS\system32\px.dll
2015-12-11 23:14 - 2011-03-04 21:44 - 00571888 ____N (Sonic Solutions) C:\WINDOWS\system32\pxdrv.dll
2015-12-11 23:14 - 2011-03-04 21:44 - 00440816 ____N (Sonic Solutions) C:\WINDOWS\system32\pxwave.dll
2015-12-11 23:14 - 2011-03-04 21:44 - 00219632 ____N (Sonic Solutions) C:\WINDOWS\system32\pxmas.dll
2015-12-11 23:14 - 2011-03-04 21:44 - 00133616 ____N (Sonic Solutions) C:\WINDOWS\system32\pxafs.dll
2015-12-11 23:14 - 2011-03-04 21:44 - 00126448 ____N (Sonic Solutions) C:\WINDOWS\system32\pxinsi64.exe
2015-12-11 23:14 - 2011-03-04 21:44 - 00123888 ____N (Sonic Solutions) C:\WINDOWS\system32\pxcpyi64.exe
2015-12-11 23:14 - 2011-03-04 21:44 - 00100848 ____N (Sonic Solutions) C:\WINDOWS\system32\vxblock.dll
2015-12-11 23:14 - 2011-03-04 21:44 - 00072176 ____N (Sonic Solutions) C:\WINDOWS\system32\pxhpinst.exe
2015-12-11 23:14 - 2011-03-04 21:44 - 00068592 ____N (Sonic Solutions) C:\WINDOWS\system32\pxinsa64.exe
2015-12-11 23:14 - 2011-03-04 21:44 - 00068080 ____N (Sonic Solutions) C:\WINDOWS\system32\pxcpya64.exe
2015-12-11 23:14 - 2011-03-04 21:44 - 00059888 ____N (Sonic Solutions) C:\WINDOWS\system32\pxwma.dll
2015-12-11 23:14 - 2011-03-04 21:44 - 00045648 ____N (Sonic Solutions) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2015-12-11 23:14 - 2011-03-04 21:44 - 00009200 ____N (Sonic Solutions) C:\WINDOWS\system32\Drivers\cdralw2k.sys
2015-12-11 23:14 - 2011-03-04 21:44 - 00009072 ____N (Sonic Solutions) C:\WINDOWS\system32\Drivers\cdr4_xp.sys
2015-12-09 23:58 - 2015-12-13 01:46 - 02343622 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-73586283-1965331169-1801674531-1003-0.dat
2015-12-09 23:58 - 2015-12-13 01:46 - 00272990 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2015-12-09 22:21 - 2015-12-09 22:21 - 00000859 _____ C:\Documents and Settings\All Users\Desktop\Avira Launcher.lnk
2015-12-09 22:21 - 2015-12-09 22:21 - 00000000 ____D C:\Program Files\Avira
2015-12-09 22:21 - 2015-12-09 22:21 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Avira
2015-12-09 22:21 - 2015-12-09 22:21 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Avira
2015-12-09 22:20 - 2015-12-09 22:20 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Package Cache
2015-12-09 21:18 - 2015-12-13 23:12 - 00000000 ____D C:\Documents and Settings\Gica\Desktop\Portofoliu Limba si Literatura Romana
2015-12-09 20:23 - 2015-12-09 20:23 - 00001878 _____ C:\Documents and Settings\All Users\Desktop\Skype.lnk
2015-12-09 20:23 - 2015-12-09 20:23 - 00000000 ___RD C:\Program Files\Skype
2015-12-09 20:23 - 2015-12-09 20:23 - 00000000 ____D C:\Program Files\Common Files\Skype
2015-12-09 20:23 - 2015-12-09 20:23 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Skype
2015-12-09 20:16 - 2015-12-13 20:36 - 00000000 ____D C:\Documents and Settings\Gica\Application Data\TeamViewer
2015-12-09 20:16 - 2015-12-09 20:16 - 00000706 _____ C:\Documents and Settings\All Users\Desktop\TeamViewer 11.lnk
2015-12-09 20:16 - 2015-12-09 20:16 - 00000000 ____D C:\Program Files\TeamViewer
2015-12-09 20:16 - 2015-12-09 20:16 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\TeamViewer 11
2015-12-09 20:08 - 2015-12-09 23:58 - 00065536 _____ C:\WINDOWS\system32\config\ODiag.evt
2015-12-09 20:08 - 2015-12-09 20:08 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office
2015-12-09 20:07 - 2015-12-09 20:07 - 00000000 ____D C:\Program Files\Microsoft Works
2015-12-09 20:07 - 2015-12-09 20:07 - 00000000 ____D C:\Program Files\Microsoft Visual Studio
2015-12-09 20:07 - 2015-12-09 20:07 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2015-12-09 20:05 - 2015-12-09 20:08 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help
2015-12-09 20:05 - 2015-12-09 20:07 - 00000000 ____D C:\WINDOWS\SHELLNEW
2015-12-09 20:05 - 2015-12-09 20:07 - 00000000 ____D C:\Program Files\Microsoft Office
2015-12-09 20:05 - 2015-12-09 20:05 - 00000000 ____D C:\Documents and Settings\Gica\Local Settings\Application Data\Microsoft Help
2015-12-09 20:04 - 2015-12-09 20:04 - 00000000 __RHD C:\MSOCache
2015-12-09 11:12 - 2015-12-09 11:12 - 00000000 ____D C:\Documents and Settings\Gica\Application Data\NVIDIA
2015-12-09 11:11 - 2015-12-09 11:11 - 00000853 _____ C:\Documents and Settings\Gica\Desktop\Counter-Strike WaRzOnE.lnk
2015-12-09 11:11 - 2015-12-09 11:11 - 00000000 ____D C:\Documents and Settings\Gica\Start Menu\Programs\HLDS
2015-12-09 11:11 - 2015-12-09 11:11 - 00000000 ____D C:\Documents and Settings\Gica\Start Menu\Programs\Half-Life
2015-12-09 11:11 - 2015-12-09 11:11 - 00000000 ____D C:\Documents and Settings\Gica\Start Menu\Programs\Counter-Strike
2015-12-09 10:35 - 2015-12-09 10:36 - 06420480 _____ C:\Program Files\GUT2A.tmp
2015-12-09 10:35 - 2015-12-09 10:35 - 00000000 ____D C:\Program Files\GUM29.tmp
2015-12-09 10:18 - 2015-12-09 10:18 - 00000000 ____D C:\Documents and Settings\Gica\Local Settings\Application Data\CEF
2015-12-09 10:17 - 2015-12-15 16:29 - 00000000 ____D C:\Program Files\Steam
2015-12-09 10:17 - 2015-12-09 10:17 - 00000638 _____ C:\Documents and Settings\All Users\Desktop\Steam.lnk
2015-12-09 10:17 - 2015-12-09 10:17 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Steam
2015-12-09 09:35 - 2015-12-09 10:04 - 00000000 ____D C:\Documents and Settings\Gica\Desktop\FIFA08U
2015-12-08 20:06 - 2015-12-09 10:40 - 00000000 ____D C:\Program Files\Google
2015-12-08 13:51 - 2015-12-08 15:51 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-12-08 11:38 - 2015-12-08 11:38 - 00000000 ____D C:\Documents and Settings\Gica\Start Menu\Programs\San Andreas Multiplayer
2015-12-08 11:34 - 2015-12-12 14:35 - 00000000 ____D C:\Documents and Settings\Gica\My Documents\GTA San Andreas User Files
2015-12-08 11:33 - 2015-12-12 14:02 - 00003584 _____ C:\Documents and Settings\Gica\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-12-08 11:21 - 2015-12-08 11:21 - 00000000 ____D C:\Documents and Settings\Gica\Application Data\WinRAR
2015-12-08 11:21 - 2015-12-08 11:12 - 00000704 _____ C:\Documents and Settings\Gica\Desktop\WinRAR.lnk
2015-12-08 11:12 - 2015-12-08 11:12 - 00000000 ____D C:\Program Files\WinRAR
2015-12-08 11:12 - 2015-12-08 11:12 - 00000000 ____D C:\Documents and Settings\Gica\Start Menu\Programs\WinRAR
2015-12-08 11:12 - 2015-12-08 11:12 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR
2015-12-08 11:09 - 2015-12-13 13:48 - 00000000 ____D C:\Documents and Settings\Gica\Application Data\BitTorrent
2015-11-19 22:14 - 2015-12-06 20:17 - 00000000 ____D C:\Documents and Settings\Gica\My Documents\Max Payne 2 Savegames
2015-11-18 19:31 - 2015-11-18 19:32 - 00000000 ____D C:\Documents and Settings\Gica\Desktop\Imprimanta HP DeskJet 2130 Series
2015-11-18 19:31 - 2015-11-18 19:31 - 00000000 ____D C:\Program Files\HP Photo Creations
2015-11-18 19:31 - 2015-11-18 19:31 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Visan
2015-11-18 19:31 - 2015-11-18 19:31 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HP Photo Creations
2015-11-18 19:30 - 2015-12-13 20:40 - 00000456 _____ C:\WINDOWS\Tasks\At2.job
2015-11-18 19:30 - 2015-12-13 19:30 - 00000456 _____ C:\WINDOWS\Tasks\At3.job
2015-11-18 19:30 - 2015-12-13 14:00 - 00000456 _____ C:\WINDOWS\Tasks\At4.job
2015-11-18 19:30 - 2015-12-10 10:10 - 00000456 _____ C:\WINDOWS\Tasks\At1.job
2015-11-18 19:30 - 2015-11-18 19:31 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\HP
2015-11-18 19:30 - 2014-11-04 19:51 - 02658824 _____ (Hewlett-Packard Development Company, LP) C:\WINDOWS\system32\HPScanTRDrv_DJ2130.dll
2015-11-18 19:30 - 2014-11-04 19:51 - 00650248 _____ (Hewlett-Packard Development Company, LP) C:\WINDOWS\system32\hpinkstsE111.dll
2015-11-18 19:30 - 2014-11-04 19:51 - 00480776 _____ (Hewlett-Packard) C:\WINDOWS\system32\HPWia1_DJ2130.dll
2015-11-18 19:30 - 2014-11-04 19:51 - 00304648 _____ (Hewlett-Packard Development Company, LP) C:\WINDOWS\system32\hpinkstsE111LM.dll
2015-11-18 19:30 - 2014-11-04 19:51 - 00253448 _____ (Hewlett-Packard Development Company, LP) C:\WINDOWS\system32\hpinkcoiE111.dll
2015-11-18 19:30 - 2014-11-04 17:35 - 02134024 _____ (Hewlett-Packard Development Company, LP) C:\WINDOWS\system32\hpinkinsE111.exe
2015-11-18 19:28 - 2015-11-18 19:28 - 00064200 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2015-11-18 19:28 - 2015-11-18 19:28 - 00000000 ____D C:\WINDOWS\system32\XPSViewer
2015-11-18 19:28 - 2015-11-18 19:28 - 00000000 ____D C:\Program Files\Reference Assemblies
2015-11-18 19:28 - 2015-11-18 19:28 - 00000000 ____D C:\Program Files\MSBuild
2015-11-18 19:27 - 2015-11-18 19:27 - 00000000 ____D C:\48e475918564fea37e
2015-11-18 19:27 - 2008-07-06 14:06 - 01676288 ____N (Microsoft Corporation) C:\WINDOWS\system32\xpssvcs.dll
2015-11-18 19:27 - 2008-07-06 14:06 - 01676288 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xpssvcs.dll
2015-11-18 19:27 - 2008-07-06 14:06 - 00575488 ____N (Microsoft Corporation) C:\WINDOWS\system32\xpsshhdr.dll
2015-11-18 19:27 - 2008-07-06 14:06 - 00575488 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xpsshhdr.dll
2015-11-18 19:27 - 2008-07-06 14:06 - 00117760 ____N (Microsoft Corporation) C:\WINDOWS\system32\prntvpt.dll
2015-11-18 19:27 - 2008-07-06 14:06 - 00089088 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\filterpipelineprintproc.dll
2015-11-18 19:27 - 2008-07-06 12:50 - 00597504 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\printfilterpipelinesvc.exe
2015-11-18 18:54 - 2008-04-14 00:48 - 00052480 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\i8042prt.sys
2015-11-18 18:54 - 2008-04-14 00:48 - 00052480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\i8042prt.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-15 17:29 - 2014-09-27 11:15 - 00000000 ____D C:\Documents and Settings\Gica\Local Settings\Temp
2015-12-15 17:28 - 2014-09-27 13:53 - 00000000 ____D C:\WINDOWS
2015-12-15 17:27 - 2014-09-27 11:36 - 00005850 _____ C:\WINDOWS\system32\nvAppTimestamps
2015-12-15 17:16 - 2014-09-28 16:07 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-12-15 16:35 - 2014-12-24 14:31 - 00000000 ____D C:\Documents and Settings\Gica\Application Data\Skype
2015-12-15 16:35 - 2014-09-27 11:15 - 00000000 ____D C:\Documents and Settings\Gica
2015-12-15 16:27 - 2014-09-27 11:15 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-12-14 00:36 - 2014-09-27 11:15 - 00032546 ____N C:\WINDOWS\SchedLgU.Txt
2015-12-14 00:36 - 2014-09-27 11:15 - 00000178 ___SH C:\Documents and Settings\Gica\ntuser.ini
2015-12-13 23:13 - 2014-09-27 11:15 - 00000000 ___RD C:\Documents and Settings\Gica\My Documents\My Pictures
2015-12-13 13:45 - 2014-09-27 14:00 - 00272576 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-12-13 13:45 - 2004-08-04 13:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2015-12-12 18:53 - 2014-10-17 10:17 - 00069976 _____ C:\Documents and Settings\Gica\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2015-12-12 15:36 - 2014-09-27 13:53 - 00000000 ___HD C:\WINDOWS\inf
2015-12-12 15:36 - 2014-09-27 11:15 - 00000000 ___RD C:\Documents and Settings\Gica\My Documents
2015-12-12 15:34 - 2014-09-27 11:10 - 00000000 ____D C:\WINDOWS\system32\DirectX
2015-12-09 20:23 - 2014-12-24 14:31 - 00000000 ____D C:\Documents and Settings\Gica\Local Settings\Application Data\Skype
2015-12-09 20:23 - 2014-12-24 14:31 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Skype
2015-12-09 20:07 - 2014-09-27 14:03 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2015-12-09 20:05 - 2014-09-27 11:09 - 00000000 ____D C:\Program Files\Common Files\System
2015-12-09 20:05 - 2004-08-04 13:00 - 00000552 _____ C:\WINDOWS\win.ini
2015-12-09 10:36 - 2014-09-27 13:53 - 00000000 RSHDC C:\WINDOWS\system32\dllcache
2015-12-08 20:03 - 2014-09-27 11:24 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-12-05 16:04 - 2015-05-19 13:51 - 00000000 ____D C:\Documents and Settings\Gica\Local Settings\Application Data\HP
2015-11-19 22:11 - 2014-09-27 14:03 - 00589110 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-11-18 19:30 - 2015-05-19 14:05 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HP
2015-11-18 19:30 - 2015-05-19 14:04 - 00000000 ____D C:\Program Files\HP
2015-11-18 19:27 - 2014-09-27 13:53 - 00000000 ____D C:\WINDOWS\system32\spool
2015-11-18 19:26 - 2014-09-27 13:53 - 00000000 ____D C:\WINDOWS\pchealth
2015-11-18 19:12 - 2014-09-27 11:15 - 00000792 _____ C:\Documents and Settings\Gica\Start Menu\Programs\Windows Media Player.lnk
2015-11-18 10:32 - 2014-09-27 13:59 - 00000223 __RSH C:\boot.ini
2015-11-18 10:32 - 2004-08-04 13:00 - 00000227 _____ C:\WINDOWS\system.ini

==================== Files in the root of some directories =======

2015-12-09 10:35 - 2015-12-09 10:36 - 6420480 _____ () C:\Program Files\GUT2A.tmp
2015-12-08 11:33 - 2015-12-12 14:02 - 0003584 _____ () C:\Documents and Settings\Gica\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Files to move or delete:
====================
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At2.job
C:\Windows\Tasks\At3.job
C:\Windows\Tasks\At4.job


Some files in TEMP:
====================
C:\Documents and Settings\Gica\Local Settings\Temp\mdi064.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:14-12-2015
Ran by Gica (2015-12-15 17:29:41)
Running from C:\Documents and Settings\Gica\My Documents\Downloads
Microsoft Windows XP Professional Service Pack 3 (X86) (2014-09-27 09:14:01)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-73586283-1965331169-1801674531-500 - Administrator - Enabled)
ASPNET (S-1-5-21-73586283-1965331169-1801674531-1004 - Limited - Enabled)
Gica (S-1-5-21-73586283-1965331169-1801674531-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Gica
Guest (S-1-5-21-73586283-1965331169-1801674531-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-73586283-1965331169-1801674531-1000 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-73586283-1965331169-1801674531-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) - Romanian (HKLM\...\{AC76BA86-7AD7-1048-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
AMD Processor Driver (HKLM\...\{C151CE54-E7EA-4804-854B-F515368B0798}) (Version: 1.3.2.0053 - AMD)
Avira Launcher (HKLM\...\{d0e166af-1634-4c0b-ae96-2180e61f9d38}) (Version: 1.1.52.15531 - Avira Operations GmbH & Co. KG)
Avira Launcher (Version: 1.1.52.15531 - Avira Operations GmbH & Co. KG) Hidden
BitTorrent (HKU\S-1-5-21-73586283-1965331169-1801674531-1003\...\BitTorrent) (Version: 7.9.5.41373 - BitTorrent Inc.)
BitTorrent (HKU\S-1-5-21-73586283-1965331169-1801674531-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\BitTorrent) (Version: 7.9.5.41373 - BitTorrent Inc.)
Browser Configuration Utility (HKLM\...\{E8AEA11B-E60A-455E-B008-E4E763604612}) (Version: 1.0.4.9 - DeviceVM Inc.) <==== ATTENTION
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
HP DeskJet 2130 series Basic Device Software (HKLM\...\{8BECF3A4-E3DF-4A75-BB74-C7A50443A019}) (Version: 35.0.61.54677 - Hewlett-Packard Co.)
HP DeskJet 2130 series Help (HKLM\...\{1CDFD3C9-BDF8-4DDC-BDA2-EBC53F938B5F}) (Version: 35.0.0 - Hewlett Packard)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
League of Legends (HKLM\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (Version: 3.0.1 - Riot Games) Hidden
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Professional 2007 (HKLM\...\PROR) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
NVIDIA GeForce Experience 2.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA nView 141.24 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 141.24 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
Product Improvement Study for HP DeskJet 2130 series (HKLM\...\{EFF29656-8F1A-4043-B2D0-9FB4619B45AF}) (Version: 35.0.61.54677 - Hewlett-Packard Co.)
REALTEK GbE & FE Ethernet PCI-E NIC Driver (HKLM\...\{C9BED750-1211-4480-B1A5-718A3BE15525}) (Version: 1.19.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5780 - Realtek Semiconductor Corp.)
Skype™ 7.16 (HKLM\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.16.102 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.29 - Piriform)
Steam (HKLM\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKU\S-1-5-21-73586283-1965331169-1801674531-1003\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
TeamSpeak 3 Client (HKU\S-1-5-21-73586283-1965331169-1801674531-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
TeamViewer 11 (HKLM\...\TeamViewer) (Version: 11.0.52465 - TeamViewer)
Tunngle (HKLM\...\Tunngle_is1) (Version: 5.8.3 - Tunngle.net GmbH)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Winamp (HKLM\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
WinRAR 5.30 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-73586283-1965331169-1801674531-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{5F63E8CB-8F57-490A-97FE-62BC2F2A5EA4}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-73586283-1965331169-1801674531-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{66B6B493-6055-4572-8FC1-A0FA86D63545}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-73586283-1965331169-1801674531-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{8D083C4F-F8B1-42ED-851B-51017CF4C161}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-73586283-1965331169-1801674531-1003_Classes\CLSID\{5F63E8CB-8F57-490A-97FE-62BC2F2A5EA4}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-73586283-1965331169-1801674531-1003_Classes\CLSID\{66B6B493-6055-4572-8FC1-A0FA86D63545}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-73586283-1965331169-1801674531-1003_Classes\CLSID\{8D083C4F-F8B1-42ED-851B-51017CF4C161}\InprocServer32 -> no filepath

==================== Restore Points =========================

18-11-2015 10:32:06 Removed Skype™ 7.0
18-11-2015 10:35:36 Removed HP Update.
18-11-2015 10:35:47 Removed HP Deskjet 2510 series Setup Guide
18-11-2015 10:36:00 Removed HP Deskjet 2510 series Basic Device Software
18-11-2015 19:27:36 Installed Windows KB954550-v5.
18-11-2015 19:27:42 Printer Driver Microsoft XPS Document Writer Installed
18-11-2015 19:27:47 Printer Driver Microsoft XPS Document Writer Installed
21-11-2015 13:19:03 System Checkpoint
22-11-2015 13:20:00 System Checkpoint
25-11-2015 20:16:50 System Checkpoint
29-11-2015 15:53:18 System Checkpoint
30-11-2015 17:16:46 System Checkpoint
09-12-2015 20:04:49 Installed Microsoft Office Professional 2007
12-12-2015 15:33:58 Installed Microsoft Visual C++ 2005 Redistributable
12-12-2015 15:34:12 Installed League of Legends
12-12-2015 15:34:31 Installed DirectX

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2004-08-04 13:00 - 2004-08-04 13:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\At1.job => C:\Program Files\HP\HP DeskJet 2130 series\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\At2.job => C:\Program Files\HP\HP DeskJet 2130 series\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\At3.job => C:\Program Files\HP\HP DeskJet 2130 series\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\At4.job => C:\Program Files\HP\HP DeskJet 2130 series\Bin\HPCustPartic.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2014-09-27 11:32 - 2014-07-02 22:43 - 00681760 _____ () C:\Program Files\NVIDIA Corporation\nview\nvshell.dll
2015-12-09 10:28 - 2015-12-09 10:28 - 01457664 _____ () C:\Documents and Settings\Gica\Local Settings\Temp\mdi064.dll
2015-12-09 10:18 - 2015-11-10 21:55 - 00778752 _____ () C:\Program Files\Steam\SDL2.dll
2015-12-09 10:18 - 2015-07-03 18:12 - 04962816 _____ () C:\Program Files\Steam\v8.dll
2015-12-09 10:18 - 2015-07-03 18:12 - 01556992 _____ () C:\Program Files\Steam\icui18n.dll
2015-12-09 10:18 - 2015-07-03 18:12 - 01187840 _____ () C:\Program Files\Steam\icuuc.dll
2015-12-09 10:18 - 2015-12-14 22:01 - 02547280 _____ () C:\Program Files\Steam\video.dll
2015-12-09 10:18 - 2015-09-24 02:33 - 02549248 _____ () C:\Program Files\Steam\libavcodec-56.dll
2015-12-09 10:18 - 2015-09-24 02:33 - 00442880 _____ () C:\Program Files\Steam\libavutil-54.dll
2015-12-09 10:18 - 2015-09-24 02:33 - 00491008 _____ () C:\Program Files\Steam\libavformat-56.dll
2015-12-09 10:18 - 2015-09-24 02:33 - 00332800 _____ () C:\Program Files\Steam\libavresample-2.dll
2015-12-09 10:18 - 2015-09-24 02:33 - 00485888 _____ () C:\Program Files\Steam\libswscale-3.dll
2015-12-09 10:18 - 2015-12-14 22:01 - 00804432 _____ () C:\Program Files\Steam\bin\chromehtml.dll
2015-12-09 10:18 - 2015-11-17 02:31 - 47846176 _____ () C:\Program Files\Steam\bin\libcef.dll
2015-12-09 22:21 - 2015-12-15 16:32 - 221516664 _____ () C:\Documents and Settings\All Users\Application Data\Avira\Launcher\Temp\avira_antivirus_en-us.exe
2015-06-19 11:16 - 2015-06-19 11:16 - 16867504 _____ () C:\WINDOWS\system32\Macromed\Flash\NPSWF32_17_0_0_188.dll
2008-04-14 13:42 - 2008-04-14 13:42 - 01288192 _____ () C:\WINDOWS\system32\quartz.dll

==================== Alternate Data Streams (Whitelisted) =========

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> (None)
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> (None)
HKU\S-1-5-21-73586283-1965331169-1801674531-1003\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Gica\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
HKU\S-1-5-21-73586283-1965331169-1801674531-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Gica\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 192.168.1.1
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: GEST => =
MSCONFIG\startupreg: HP Software Update => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: NvBackend => "C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: NvCplDaemon => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
MSCONFIG\startupreg: nwiz => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

DomainProfile\AuthorizedApplications: [C:\Program Files\Winamp\winamp.exe] => Enabled:Winamp
StandardProfile\AuthorizedApplications: [C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe] => Enabled:NVIDIA Network Service TCP Exception (HTTPS)
StandardProfile\AuthorizedApplications: [C:\Games\World_of_Tanks\WoTLauncher.exe] => Enabled:World of Tanks Launcher
StandardProfile\AuthorizedApplications: [C:\Games\World_of_Tanks\WorldOfTanks.exe] => Enabled:World of Tanks
StandardProfile\AuthorizedApplications: [C:\Program Files\Steam\Steam.exe] => Enabled:Steam
StandardProfile\AuthorizedApplications: [C:\Program Files\Steam\bin\steamwebhelper.exe] => Enabled:Steam Web Helper
StandardProfile\AuthorizedApplications: [F:\Left 4 Dead 2 - v2.0.1.1 Full ISO Standalone (Online Compatible)\Left 4 Dead 2\left4dead2.exe] => Enabled:left4dead2
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Gica\Desktop\Left 4 Dead 2\left4dead2.exe] => Enabled:left4dead2
StandardProfile\AuthorizedApplications: [D:\Left 4 Dead 2\left4dead2.exe] => Enabled:left4dead2
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\HP DeskJet 2130 series\Bin\USBSetup.exe] => :LocalSubNet:Enabled:HP Device Setup (HP DeskJet 2130 series)
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\HP DeskJet 2130 series\Bin\HPNetworkCommunicatorCom.exe] => :LocalSubNet:Enabled:HP Network Communicator COM (HP DeskJet 2130 series)
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Gica\Application Data\BitTorrent\BitTorrent.exe] => Enabled:BitTorrent (Gica)
StandardProfile\AuthorizedApplications: [C:\Program Files\Java\jre7\bin\javacpl.exe] => Enabled:Configure Java
StandardProfile\AuthorizedApplications: [D:\Jocuri\L4D\Left 4 Dead 2\left4dead2.exe] => Enabled:left4dead2
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Gica\My Documents\Descărcări\DTLiteInstaller.exe] => Enabled:DTLiteInstaller
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Gica\My Documents\Descărcări\DTLiteInstaller-69214634.exe] => Enabled:proinstaller
StandardProfile\AuthorizedApplications: [C:\DOCUME~1\Gica\LOCALS~1\Temp\RarSFX2\key.exe] => Enabled:key
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE] => Enabled:Microsoft Office Outlook
StandardProfile\AuthorizedApplications: [C:\Program Files\TeamViewer\TeamViewer.exe] => Enabled:Teamviewer Remote Control Application
StandardProfile\AuthorizedApplications: [C:\Program Files\TeamViewer\TeamViewer_Service.exe] => Enabled:Teamviewer Remote Control Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Skype\Phone\Skype.exe] => Enabled:Skype
StandardProfile\AuthorizedApplications: [C:\Program Files\Winamp\winamp.exe] => Enabled:Winamp
StandardProfile\AuthorizedApplications: [C:\Program Files\Tunngle\TnglCtrl.exe] => Enabled:Tunngle Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Tunngle\Tunngle.exe] => Enabled:Tunngle Client
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [3389:TCP] => Enabled:@xpsp2res.dll,-22009

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/14/2015 09:54:38 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application firefox.exe, version 42.0.0.5780, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (12/14/2015 11:53:12 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application firefox.exe, version 42.0.0.5780, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (12/13/2015 08:36:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application teamviewer.exe, version 11.0.52465.0, faulting module kernel32.dll, version 5.1.2600.5512, fault address 0x00012aeb.
Processing media-specific event for [teamviewer.exe!ws!]

Error: (12/13/2015 08:20:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application teamviewer.exe, version 11.0.52465.0, faulting module kernel32.dll, version 5.1.2600.5512, fault address 0x00012aeb.
Processing media-specific event for [teamviewer.exe!ws!]

Error: (12/13/2015 03:12:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application teamviewer.exe, version 11.0.52465.0, faulting module kernel32.dll, version 5.1.2600.5512, fault address 0x00012aeb.
Processing media-specific event for [teamviewer.exe!ws!]

Error: (12/13/2015 03:10:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application teamviewer.exe, version 11.0.52465.0, faulting module kernel32.dll, version 5.1.2600.5512, fault address 0x00012aeb.
Processing media-specific event for [teamviewer.exe!ws!]

Error: (12/12/2015 02:28:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application samp.exe, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (12/12/2015 01:56:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 42.0.0.5780, faulting module mozglue.dll, version 42.0.0.5780, fault address 0x0000ed50.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (12/12/2015 01:53:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application avast_free_antivirus_setup_online_cnet2.exe, version 0.0.0.0, faulting module , version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [avast_free_antivirus_setup_online_cnet2.exe!ws!]

Error: (12/12/2015 01:53:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application avast_free_antivirus_setup_online_cnet2.exe, version 0.0.0.0, faulting module , version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [avast_free_antivirus_setup_online_cnet2.exe!ws!]


System errors:
=============
Error: (12/15/2015 04:29:35 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Automatic Updates service hung on starting.

Error: (12/15/2015 04:28:10 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the NVIDIA Network Service service to connect.

Error: (12/15/2015 04:28:10 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Background Intelligent Transfer Service service terminated with the following error:
%%193

Error: (12/14/2015 09:54:38 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Automatic Updates service hung on starting.

Error: (12/14/2015 09:53:12 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the NVIDIA Network Service service to connect.

Error: (12/14/2015 09:53:12 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Background Intelligent Transfer Service service terminated with the following error:
%%193

Error: (12/14/2015 09:38:21 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Automatic Updates service hung on starting.

Error: (12/14/2015 09:36:58 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Background Intelligent Transfer Service service terminated with the following error:
%%193

Error: (12/14/2015 09:36:58 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the NVIDIA Network Service service to connect.

Error: (12/14/2015 09:36:25 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 192.168.1.2 for the Network Card with network address 00241D0DAE90 has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).


==================== Memory info ===========================

Processor: AMD Athlon™ 64 X2 Dual Core Processor 4400+
Percentage of memory in use: 58%
Total physical RAM: 2046.48 MB
Available physical RAM: 850.46 MB
Total Virtual: 3939.44 MB
Available Virtual: 2886.88 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:149.04 GB) (Free:112.74 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive d: () (Fixed) (Total:74.55 GB) (Free:53.52 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 149 GB) (Disk ID: F26EF26E)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 74.6 GB) (Disk ID: 23CE478D)
Partition 1: (Not Active) - (Size=74.6 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

 

 

In plus, here are the results after a MBAM (MalwareBytes Anti-Malware) scan:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 12/15/2015
Scan Time: 5:28:48 PM
Logfile:
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2015.12.15.04
Rootkit Database: v2015.12.07.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Gica

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 290518
Time Elapsed: 9 min, 41 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 1
Trojan.Injector, HKU\S-1-5-21-73586283-1965331169-1801674531-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|tsiVideo, rundll32.exe C:\DOCUME~1\Gica\LOCALS~1\Temp\mdi064.dll,dalmat, , [79e7cadb5e2d4fe7ec647a0e79885da3]

Registry Data: 0
(No malicious items detected)

Folders: 4
Trojan.FakeAlert, C:\Documents and Settings\Gica\Local Settings\Temp\msupdate71, , [035d0c994546d165c1edd3f9e41f39c7],
PUP.Optional.OpenCandy, C:\Documents and Settings\Gica\Application Data\OpenCandy, , [0d53dec78407ea4c1b90a0d0847e916f],
PUP.Optional.OpenCandy, C:\Documents and Settings\Gica\Application Data\OpenCandy\OpenCandy_ACA45A14714F4E088B69FCBF213EA010, , [0d53dec78407ea4c1b90a0d0847e916f],
PUP.Optional.APNToolBar.Gen, C:\Documents and Settings\All Users\Application Data\APN\APN-Stub, , [fe62e3c28a01ca6cfd61fa7ebe440df3],

Files: 14
Trojan.Injector, C:\Documents and Settings\Gica\Local Settings\Temp\mdi064.dll, , [79e7cadb5e2d4fe7ec647a0e79885da3],
PUP.Optional.OpenCandy, C:\Documents and Settings\Gica\My Documents\Downloads\ccleaner_setup_4.17.exe, , [342ca7febbd0ee486d3f68302bd98e72],
PUP.Optional.OpenCandy, C:\Documents and Settings\Gica\My Documents\Downloads\dtlite4413-0173.exe, , [7de3e3c21d6ea294901c47513dc7619f],
PUP.Optional.Amonetize, C:\Documents and Settings\Gica\My Documents\Downloads\Left+4+Dead+2+CD+Key+Gene_10924_i97188346_il345.exe, , [9fc15154bfcc8caa82c0f2c6837ed62a],
Trojan.FakeAlert, C:\Documents and Settings\Gica\Local Settings\Temp\msupdate71\dwm.exe, , [035d0c994546d165c1edd3f9e41f39c7],
Trojan.FakeAlert, C:\Documents and Settings\Gica\Local Settings\Temp\msupdate71\libcurl-4.dl1, , [035d0c994546d165c1edd3f9e41f39c7],
Trojan.FakeAlert, C:\Documents and Settings\Gica\Local Settings\Temp\msupdate71\libiconv-2.dl1, , [035d0c994546d165c1edd3f9e41f39c7],
Trojan.FakeAlert, C:\Documents and Settings\Gica\Local Settings\Temp\msupdate71\libidn-11.dl1, , [035d0c994546d165c1edd3f9e41f39c7],
Trojan.FakeAlert, C:\Documents and Settings\Gica\Local Settings\Temp\msupdate71\libintl-8.dl1, , [035d0c994546d165c1edd3f9e41f39c7],
Trojan.FakeAlert, C:\Documents and Settings\Gica\Local Settings\Temp\msupdate71\libwinpthread-1.dl1, , [035d0c994546d165c1edd3f9e41f39c7],
Trojan.FakeAlert, C:\Documents and Settings\Gica\Local Settings\Temp\msupdate71\msupdate.7z, , [035d0c994546d165c1edd3f9e41f39c7],
Trojan.FakeAlert, C:\Documents and Settings\Gica\Local Settings\Temp\msupdate71\msvcrt.dll, , [035d0c994546d165c1edd3f9e41f39c7],
Trojan.FakeAlert, C:\Documents and Settings\Gica\Local Settings\Temp\msupdate71\proxy.conf, , [035d0c994546d165c1edd3f9e41f39c7],
Trojan.FakeAlert, C:\Documents and Settings\Gica\Local Settings\Temp\msupdate71\zlib1.dl1, , [035d0c994546d165c1edd3f9e41f39c7],

Physical Sectors: 0
(No malicious items detected)


(end)

 

 

 

I'm going to remove those trojans and come back later with an edit to confirm if i'm still experiencing this error.

 

EDIT: winhttp.dll is still popping up. What should i do?


Edited by HiItsPeter, 15 December 2015 - 10:58 AM.


BC AdBot (Login to Remove)

 


#2 HiItsPeter

HiItsPeter
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  

Posted 16 December 2015 - 09:30 AM

Back to top.

 

 

 

 

 

Solved, re-installed Windows.


Edited by HiItsPeter, 16 December 2015 - 12:54 PM.


#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,972 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:35 AM

Posted 16 December 2015 - 09:15 PM

Thanks for letting us know. Sorry for the delay.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,972 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:35 AM

Posted 16 December 2015 - 09:15 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users