Inactive [A] System Check's got ahold of me & won't let go

SCCHAS · Feb 6, 2012

I was working on my laptop (Gateway w/ win xp),Sunday,
walked away for a while and when I came back I had the System-Check menu up and tons of stacked statements telling me this or that would not run.

I finally closed every thing, but now If I start it in regular mode, I get the System-Check menu; If I try to open in Safe or Safe with Networking modes, I only get the "C:\documents and settings\administrator>" prompt ( with both safe options).

I have scanned some of the solutions, but don't have the ability to "download and run software" to fix the problem.

Any help will be greatly appreciated.

I am sending this email from my office work computer.
Thanks,

Broni · Feb 6, 2012

Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running tools or applying updates other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===============================================================

If I try to open in Safe or Safe with Networking modes, I only get the "C:\documents and settings\administrator>" prompt ( with both safe options).

I'm not sure what you're saying. More details please.

don't have the ability to "download and run software" to fix the problem.

I assume you have some other computer you're posting from?

SCCHAS · Feb 7, 2012

reply to Broni

Broni-
Thanks for your response. I hope the following answers you questions.

1. When I turn the computer on, hit F8, and select "Safe Mode" , "Safe Mode with Command Prompt" or "Safe Mode with Networking", I get to the the login screen . But after entering username & password with the "Safe Mode" or "Safe Mode with Networking" options, I get a black screen with "Safe Mode" in the top two corners. When I login in with the "Safe Mode with Command Prompt" I get a screen with "C:\documents and settings\administrator>" on it.

2. Yes, I am communicating from my office computer.
Thanks,

Broni · Feb 7, 2012

Let's see, if we can look at your computer booting from an external source.

Please download OTLPE (filesize 120,9 MB)

When downloaded double click on OTLPENet.exe and make sure there is a blank CD in your CD drive. This will automatically create a bootable CD.
Reboot your system using the boot CD you just created.
- Note : If you do not know how to set your computer to boot from CD follow the steps HERE
Your system should now display a REATOGO-X-PE desktop.
Depending on your type of internet connection, you should be able to get online as well so you can access this topic more easily.
Double-click on the OTLPE icon.
When asked Do you wish to load the remote registry, select Yes
When asked Do you wish to load remote user profile(s) for scanning, select Yes
Ensure the box Automatically Load All Remaining Users" is checked and press OK
OTL should now start.
Press Run Scan to start the scan.
When finished, the file will be saved in drive C:\OTL.txt
Copy this file to your USB drive if you do not have internet connection on this system
Please post the contents of the OTL.txt file in your reply.

SCCHAS · Feb 9, 2012

Reply to broni

I thought that I had submitted this yesterday, but for some reason it did not go through.

Booted OK from OPTLE CD, but did not ask me to use its REGISTRY . Ran SCAN and log follows. Sorry for the delay in getting this to you, realize how many issues you are probably dealing with.

**************
OTL logfile created on: 2/8/2012 6:42:12 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 778.00 Mb Available Physical Memory | 76.00% Memory free
906.00 Mb Paging File | 841.00 Mb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 87.29 Gb Total Space | 37.27 Gb Free Space | 42.69% Space Free | Partition Type: NTFS
Drive D: | 5.85 Gb Total Space | 4.39 Gb Free Space | 75.07% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto] -- -- (RegSrvc)
SRV - File not found [Auto] -- -- (PrismXL)
SRV - File not found [Auto] -- -- (McAfeeFramework)
SRV - File not found [Auto] -- -- (JavaQuickStarterService)
SRV - File not found [Auto] -- -- (EvtEng)
SRV - File not found [Auto] -- -- (CVPND)
SRV - File not found [Auto] -- -- (ASKService)
SRV - [2011/12/20 08:18:30 | 000,869,216 | -H-- | M] () [Auto] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe -- (vToolbarUpdater)
SRV - [2011/10/28 10:55:08 | 002,152,152 | -H-- | M] (Lavasoft Limited) [Auto] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/10/14 16:54:28 | 000,067,024 | RH-- | M] (iS3, Inc.) [Auto] -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe -- (szserver)
SRV - [2011/10/12 06:25:22 | 004,433,248 | -H-- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 05:09:08 | 000,192,776 | -H-- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2007/12/10 13:59:04 | 000,353,280 | -H-- | M] (Nokia.) [On_Demand] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2005/03/30 15:46:56 | 000,411,920 | -H-- | M] (Eastman Kodak Company) [On_Demand] -- C:\WINDOWS\system32\drivers\KodakCCS.exe -- (KodakCCS)
SRV - [2003/09/29 06:10:00 | 000,237,657 | ---- | M] () [Auto] -- C:\Program Files\Network Associates\VirusScan\Mcshield.exe -- (McShield)
SRV - [2003/09/29 06:10:00 | 000,069,706 | -H-- | M] (Network Associates, Inc.) [Auto] -- C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe -- (McTaskManager)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [File_System | Boot] -- -- (48296937)
DRV - File not found [Kernel | On_Demand] -- -- (.redbook)
DRV - File not found [Kernel | On_Demand] -- -- (.i8042prt)
DRV - File not found [Kernel | On_Demand] -- -- (.AFS2K)
DRV - [2011/10/07 06:23:48 | 000,230,608 | -H-- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 06:21:42 | 000,016,720 | -H-- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/26 11:21:00 | 000,061,328 | RH-- | M] (iS3 Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\SZKG.sys -- (szkg5)
DRV - [2011/09/26 11:21:00 | 000,061,328 | RH-- | M] (iS3 Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\is3srv.sys -- (is3srv)
DRV - [2011/09/13 05:30:10 | 000,032,592 | -H-- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/18 14:25:12 | 000,064,512 | -H-- | M] (Lavasoft AB) [File_System | Boot] -- C:\WINDOWS\system32\drivers\Lbd.sys -- (Lbd)
DRV - [2011/08/18 14:25:12 | 000,015,232 | -H-- | M] () [Kernel | On_Demand] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2011/08/16 16:48:30 | 000,059,080 | RH-- | M] (iS3, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\SZKGFS.sys -- (szkgfs)
DRV - [2011/08/08 05:08:58 | 000,040,016 | -H-- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 00:14:38 | 000,295,248 | -H-- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 00:14:28 | 000,024,272 | -H-- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 00:14:28 | 000,023,120 | -H-- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV - [2011/07/11 00:14:26 | 000,134,608 | -H-- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2008/04/13 14:21:00 | 000,162,816 | -H-- | M] () [Kernel | System] -- C:\WINDOWS\system32\drivers\netbt.sys -- (NetBT)
DRV - [2008/04/13 13:40:27 | 000,057,600 | -H-- | M] () [Kernel | System] -- C:\WINDOWS\system32\drivers\redbook.sys -- (redbook)
DRV - [2005/07/26 13:27:46 | 000,009,600 | -H-- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\MSTabBtn.sys -- (MSTabBtn)
DRV - [2005/07/06 23:23:34 | 000,017,280 | -H-- | M] (FinePoint Innovations) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\FpHidDrv.sys -- (FinePnt)
DRV - [2005/06/17 17:17:48 | 000,352,000 | -H-- | M] (Conexant Systems Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\camc6hal.sys -- (CAMCHALA)
DRV - [2005/06/17 17:17:00 | 000,038,144 | -H-- | M] (Conexant Systems Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\camc6aud.sys -- (CAMCAUD)
DRV - [2005/06/16 13:41:02 | 000,037,150 | -H-- | M] (Eastman Kodak Company) [Kernel | System] -- C:\WINDOWS\system32\drivers\DcCam.sys -- (DcCam)
DRV - [2005/04/29 01:37:50 | 001,132,544 | -H-- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/04/19 17:57:00 | 000,159,488 | -H-- | M] (Texas Instruments) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/04/05 18:38:32 | 000,132,352 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2005/03/31 07:00:08 | 000,152,081 | -H-- | M] (Eastman Kodak Company) [Kernel | System] -- C:\WINDOWS\system32\drivers\ExportIt.sys -- (Exportit)
DRV - [2005/03/31 06:47:56 | 000,070,262 | -H-- | M] (Eastman Kodak Company) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\DcPtp.sys -- (DcPTP)
DRV - [2005/03/31 06:47:50 | 000,008,022 | -H-- | M] (Eastman Kodak Company) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\DcLps.sys -- (DcLps)
DRV - [2005/03/31 06:47:48 | 000,038,673 | -H-- | M] (Eastman Kodak Company) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\DCFS2k.sys -- (DCFS2K)
DRV - [2005/03/31 06:47:42 | 000,061,564 | -H-- | M] (Eastman Kodak Company) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\DcFpoint.sys -- (DcFpoint)
DRV - [2005/01/25 17:27:14 | 001,038,208 | -H-- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/01/25 17:26:36 | 000,207,616 | -H-- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2005/01/25 17:26:28 | 000,703,616 | -H-- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/10/29 21:48:10 | 003,222,784 | -H-- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel(R)
DRV - [2004/10/15 14:20:04 | 000,011,354 | -H-- | M] (Intel Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2004/10/07 20:16:04 | 000,035,840 | -H-- | M] () [Kernel | System] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/08/12 11:44:04 | 000,234,496 | -H-- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\iwca.sys -- (IWCA)
DRV - [2003/12/02 10:26:22 | 000,268,872 | -H-- | M] (Cisco Systems, Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2003/09/29 06:10:00 | 000,083,008 | -H-- | M] (Network Associates, Inc.) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\naiavf5x.sys -- (NaiAvFilter1)
DRV - [2003/09/02 11:44:06 | 000,139,604 | -H-- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2003/05/01 13:26:34 | 000,005,220 | RH-- | M] (Cisco Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2001/08/17 07:10:58 | 000,069,692 | -H-- | M] (3Com Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\el575ND5.sys -- (el575nd5)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.midlandstech.edu/
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

Broni · Feb 9, 2012

This is only partial log.

SCCHAS · Feb 11, 2012

reply to Bronu

Broni-

I as out of the office Friday, and have problems now maintaing a connection to the internet on the laptop from home. I reran the OTL scan & tried to paste the new log, but it was too long, so I had to attach it.

Thanks

Broni · Feb 11, 2012

According to our rules, if any log doesn't fit, split it between couple of replies.

SCCHAS · Feb 12, 2012

*******PART 1 OTL_2_10_12 log************

PART1 - OTL logfile created on: 2/10/2012 6:17:09 PM

OTL logfile created on: 2/10/2012 6:17:09 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 763.00 Mb Available Physical Memory | 75.00% Memory free
906.00 Mb Paging File | 825.00 Mb Available in Paging File | 91.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 87.29 Gb Total Space | 37.25 Gb Free Space | 42.68% Space Free | Partition Type: NTFS
Drive D: | 5.85 Gb Total Space | 4.39 Gb Free Space | 75.06% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto] -- -- (RegSrvc)
SRV - File not found [Auto] -- -- (PrismXL)
SRV - File not found [Auto] -- -- (McAfeeFramework)
SRV - File not found [Auto] -- -- (JavaQuickStarterService)
SRV - File not found [Auto] -- -- (EvtEng)
SRV - File not found [Auto] -- -- (CVPND)
SRV - File not found [Auto] -- -- (ASKService)
SRV - [2011/12/20 08:18:30 | 000,869,216 | -H-- | M] () [Auto] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe -- (vToolbarUpdater)
SRV - [2011/10/28 10:55:08 | 002,152,152 | -H-- | M] (Lavasoft Limited) [Auto] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/10/14 16:54:28 | 000,067,024 | RH-- | M] (iS3, Inc.) [Auto] -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe -- (szserver)
SRV - [2011/10/12 06:25:22 | 004,433,248 | -H-- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 05:09:08 | 000,192,776 | -H-- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2007/12/10 13:59:04 | 000,353,280 | -H-- | M] (Nokia.) [On_Demand] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2005/03/30 15:46:56 | 000,411,920 | -H-- | M] (Eastman Kodak Company) [On_Demand] -- C:\WINDOWS\system32\drivers\KodakCCS.exe -- (KodakCCS)
SRV - [2003/09/29 06:10:00 | 000,237,657 | ---- | M] () [Auto] -- C:\Program Files\Network Associates\VirusScan\Mcshield.exe -- (McShield)
SRV - [2003/09/29 06:10:00 | 000,069,706 | -H-- | M] (Network Associates, Inc.) [Auto] -- C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe -- (McTaskManager)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [File_System | Boot] -- -- (48296937)
DRV - File not found [Kernel | On_Demand] -- -- (.redbook)
DRV - File not found [Kernel | On_Demand] -- -- (.i8042prt)
DRV - File not found [Kernel | On_Demand] -- -- (.AFS2K)
DRV - [2011/10/07 06:23:48 | 000,230,608 | -H-- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 06:21:42 | 000,016,720 | -H-- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/26 11:21:00 | 000,061,328 | RH-- | M] (iS3 Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\SZKG.sys -- (szkg5)
DRV - [2011/09/26 11:21:00 | 000,061,328 | RH-- | M] (iS3 Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\is3srv.sys -- (is3srv)
DRV - [2011/09/13 05:30:10 | 000,032,592 | -H-- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/18 14:25:12 | 000,064,512 | -H-- | M] (Lavasoft AB) [File_System | Boot] -- C:\WINDOWS\system32\drivers\Lbd.sys -- (Lbd)
DRV - [2011/08/18 14:25:12 | 000,015,232 | -H-- | M] () [Kernel | On_Demand] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2011/08/16 16:48:30 | 000,059,080 | RH-- | M] (iS3, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\SZKGFS.sys -- (szkgfs)
DRV - [2011/08/08 05:08:58 | 000,040,016 | -H-- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 00:14:38 | 000,295,248 | -H-- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 00:14:28 | 000,024,272 | -H-- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 00:14:28 | 000,023,120 | -H-- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV - [2011/07/11 00:14:26 | 000,134,608 | -H-- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2008/04/13 14:21:00 | 000,162,816 | -H-- | M] () [Kernel | System] -- C:\WINDOWS\system32\drivers\netbt.sys -- (NetBT)
DRV - [2008/04/13 13:40:27 | 000,057,600 | -H-- | M] () [Kernel | System] -- C:\WINDOWS\system32\drivers\redbook.sys -- (redbook)
DRV - [2005/07/26 13:27:46 | 000,009,600 | -H-- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\MSTabBtn.sys -- (MSTabBtn)
DRV - [2005/07/06 23:23:34 | 000,017,280 | -H-- | M] (FinePoint Innovations) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\FpHidDrv.sys -- (FinePnt)
DRV - [2005/06/17 17:17:48 | 000,352,000 | -H-- | M] (Conexant Systems Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\camc6hal.sys -- (CAMCHALA)
DRV - [2005/06/17 17:17:00 | 000,038,144 | -H-- | M] (Conexant Systems Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\camc6aud.sys -- (CAMCAUD)
DRV - [2005/06/16 13:41:02 | 000,037,150 | -H-- | M] (Eastman Kodak Company) [Kernel | System] -- C:\WINDOWS\system32\drivers\DcCam.sys -- (DcCam)
DRV - [2005/04/29 01:37:50 | 001,132,544 | -H-- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/04/19 17:57:00 | 000,159,488 | -H-- | M] (Texas Instruments) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/04/05 18:38:32 | 000,132,352 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2005/03/31 07:00:08 | 000,152,081 | -H-- | M] (Eastman Kodak Company) [Kernel | System] -- C:\WINDOWS\system32\drivers\ExportIt.sys -- (Exportit)
DRV - [2005/03/31 06:47:56 | 000,070,262 | -H-- | M] (Eastman Kodak Company) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\DcPtp.sys -- (DcPTP)
DRV - [2005/03/31 06:47:50 | 000,008,022 | -H-- | M] (Eastman Kodak Company) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\DcLps.sys -- (DcLps)
DRV - [2005/03/31 06:47:48 | 000,038,673 | -H-- | M] (Eastman Kodak Company) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\DCFS2k.sys -- (DCFS2K)
DRV - [2005/03/31 06:47:42 | 000,061,564 | -H-- | M] (Eastman Kodak Company) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\DcFpoint.sys -- (DcFpoint)
DRV - [2005/01/25 17:27:14 | 001,038,208 | -H-- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/01/25 17:26:36 | 000,207,616 | -H-- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2005/01/25 17:26:28 | 000,703,616 | -H-- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/10/29 21:48:10 | 003,222,784 | -H-- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel(R)
DRV - [2004/10/15 14:20:04 | 000,011,354 | -H-- | M] (Intel Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2004/10/07 20:16:04 | 000,035,840 | -H-- | M] () [Kernel | System] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/08/12 11:44:04 | 000,234,496 | -H-- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\iwca.sys -- (IWCA)
DRV - [2003/12/02 10:26:22 | 000,268,872 | -H-- | M] (Cisco Systems, Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2003/09/29 06:10:00 | 000,083,008 | -H-- | M] (Network Associates, Inc.) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\naiavf5x.sys -- (NaiAvFilter1)
DRV - [2003/09/02 11:44:06 | 000,139,604 | -H-- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2003/05/01 13:26:34 | 000,005,220 | RH-- | M] (Cisco Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2001/08/17 07:10:58 | 000,069,692 | -H-- | M] (3Com Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\el575ND5.sys -- (el575nd5)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.midlandstech.edu/
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/?babsrc=HP_ss&affID=107763&mntrId=f8424b540000000000000013cefa4b63"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:12.0.0.1865
FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.1.9
FF - prefs.js..extensions.enabledItems: gencrawler@some.com:2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}:5.0.12
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: @themediafinder.com:1.0.1
FF - prefs.js..keyword.URL: "http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=f8424b540000000000000013cefa4b63&tlver=1.4.35.10&affID=107763"

FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.Net\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=11: C:\Program Files\Google\Google Updater\2.2.1111.1511\npCIDetect11.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine:

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2007/07/29 22:56:15 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG2012\Firefox\ [2011/12/23 09:09:48 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011/12/23 09:09:58 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/10/24 16:34:45 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\9.0.0.22\ [2011/12/20 08:18:53 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/24 16:34:31 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/02 08:23:51 | 000,000,000 | -H-D | M]

[2011/10/06 22:32:29 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2011/12/31 15:17:59 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\b5fa9dmu.default\extensions
[2011/10/02 20:57:00 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\b5fa9dmu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/04/16 08:27:56 | 000,000,000 | -H-D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\b5fa9dmu.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/03/30 11:43:53 | 000,000,000 | -H-D | M] ("ZoneAlarm Spy Blocker Toolbar") -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\b5fa9dmu.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2011/10/25 02:13:52 | 000,000,000 | -H-D | M] (Babylon) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\b5fa9dmu.default\extensions\ffxtlbr@babylon.com
[2011/12/09 10:38:38 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\b5fa9dmu.default\extensions\staged
[2011/10/21 00:51:38 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/01/29 10:00:37 | 000,000,000 | -H-D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}
[2011/09/04 10:52:38 | 000,000,000 | -H-D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2007/08/23 22:49:09 | 000,000,000 | -H-D | M] (Google Settings) -- C:\Program Files\Mozilla Firefox\extensions\google-cjk@partners.mozilla.com
[2011/10/20 00:00:42 | 000,000,000 | -H-D | M] (Media Finder plugin) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\EXTENSIONS\{EC8030F7-C20A-464F-9B0E-13A3A9E97384}\@THEMEDIAFINDER.COM
[2011/10/20 00:00:42 | 000,000,000 | -H-D | M] (General Crawler) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\EXTENSIONS\{EC8030F7-C20A-464F-9B0E-13A3A9E97384}\GENCRAWLER@SOME.COM
[2011/12/23 09:09:48 | 000,000,000 | -H-D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX
[2011/09/04 10:50:24 | 000,000,000 | -H-D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/09/04 10:50:19 | 000,476,904 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2007/12/23 15:04:03 | 000,024,673 | -H-- | M] (Check Point Software Technologies Ltd.) -- C:\Program Files\mozilla firefox\plugins\NPZoneSB.dll
[2011/12/20 08:18:18 | 000,003,766 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2011/10/25 02:13:26 | 000,002,288 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml

O1 HOSTS File: ([2011/10/15 07:15:57 | 000,436,326 | RH-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15035 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroyx\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\9.0.0.22\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Spy Blocker Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\9.0.0.22\AVG Secure Search_toolbar.dll ()
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (ZoneAlarm Spy Blocker Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (ZoneAlarm Spy Blocker Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe (HP)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [REVHmWCGeSNc.exe] C:\Documents and Settings\All Users\Application Data\REVHmWCGeSNc.exe (Microsoft Corp)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKU\Administrator_ON_C..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKU\Administrator_ON_C..\Run: [Media Finder] File not found
O4 - HKU\Administrator_ON_C..\Run: [MediaGet2] File not found
O4 - HKU\Administrator_ON_C..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroyx\TeaTimer.exe ()
O4 - HKU\LocalService_ON_C..\Run: [TabletWizard] File not found
O4 - HKU\NetworkService_ON_C..\Run: [TabletWizard] File not found
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [AutoLaunch] C:\Program Files\Lavasoft\Ad-Aware\AutoLaunch.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\Administrator_ON_C\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\systemprofile_ON_C\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\systemprofile_ON_C\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroyx\SDHelper.dll (Safer Networking Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - File not found
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab (DDRevision Class)
O16 - DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab (Java Plug-in 1.5.0_12)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\IntelWireless: DllName - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll (Intel Corporation)
O20 - Winlogon\Notify\TPSvc: DllName - TPSvc.dll - File not found
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/06/22 05:32:11 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/09/13 13:15:24 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG2012\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

File not found -- C:\WINDOWS\System32\
[2012/02/10 15:26:03 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2012/02/05 17:13:10 | 000,356,352 | -H-- | C] (Microsoft Corp) -- C:\Documents and Settings\All Users\Application Data\ZiUScmDdQAYPtc.exe
[2012/02/05 16:58:34 | 000,444,416 | -H-- | C] (Microsoft Corp) -- C:\Documents and Settings\All Users\Application Data\REVHmWCGeSNc.exe
[2012/02/01 02:34:49 | 000,000,000 | -H-D | C] -- C:\00 00 IPEDS WINTER 2011-12
[2012/01/25 14:08:41 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\PCHealth
[2012/01/25 14:08:32 | 000,016,928 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsgXP_2k3.dll
[2012/01/21 12:08:15 | 000,000,000 | -H-D | C] -- C:\c8f3db059c14eb6d57
[2009/06/26 19:36:40 | 002,472,384 | -H-- | C] (Sakysoft s.r.l. uninominale ) -- C:\Program Files\flvplayer4free_setup.exe
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Administrator\My Documents\*.tmp files -> C:\Documents and Settings\Administrator\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

File not found -- C:\WINDOWS\System32\
[2012/02/10 15:28:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/02/10 15:27:30 | 1072,025,600 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/10 15:26:08 | 000,001,158 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/02/10 15:26:07 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\FinalTorrent Update Checker.job
[2012/02/10 15:25:39 | 000,000,294 | -H-- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2357849811-1876791453-1589859368-500.job
[2012/02/10 15:25:34 | 000,000,896 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/08 18:21:51 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2012/02/06 18:39:00 | 000,000,900 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/06 17:17:30 | 000,048,016 | -HS- | M] () -- C:\WINDOWS\System32\c_53016.nl_
[2012/02/05 22:38:14 | 000,000,833 | -H-- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/02/05 22:32:35 | 000,000,304 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~ZiUScmDdQAYPtc
[2012/02/05 22:32:21 | 000,000,448 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\ZiUScmDdQAYPtc
[2012/02/05 22:32:09 | 000,000,192 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~ZiUScmDdQAYPtcr
[2012/02/05 17:13:26 | 000,000,815 | -H-- | M] () -- C:\Documents and Settings\Administrator\Desktop\System Check.lnk
[2012/02/05 17:13:10 | 000,356,352 | -H-- | M] (Microsoft Corp) -- C:\Documents and Settings\All Users\Application Data\ZiUScmDdQAYPtc.exe
[2012/02/05 17:01:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Youtube Music Downloader
[2012/02/05 17:01:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Wise Disk Cleaner 3
[2012/02/05 17:01:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinPhlash
[2012/02/05 17:01:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Support Tools
[2012/02/05 17:01:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\USB Disk Security
[2012/02/05 17:01:06 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\System Recovery
[2012/02/05 17:01:06 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Tablet PC
[2012/02/05 17:01:06 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup
[2012/02/05 17:01:06 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\TurboTax Deluxe Deduction Maximizer 2006
[2012/02/05 17:01:06 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\TurboTax Deluxe 2007
[2012/02/05 17:01:06 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\STOPzilla
[2012/02/05 17:01:06 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2012/02/05 17:01:05 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\SAS
[2012/02/05 17:01:05 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\RegFix Mantra
[2012/02/05 17:01:05 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Real
[2012/02/05 17:01:05 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Quicken
[2012/02/05 17:01:05 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\PrintMe Internet Printing
[2012/02/05 17:01:05 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Network Associates
[2012/02/05 17:01:05 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox
[2012/02/05 17:01:05 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Works
[2012/02/05 17:01:04 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office
[2012/02/05 17:01:03 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Mouse
[2012/02/05 17:01:03 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Experience Pack for Tablet PC
[2012/02/05 17:01:03 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/02/05 17:01:03 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2012/02/05 17:01:03 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Intel PROSet Wireless
[2012/02/05 17:01:03 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Hewlett-Packard
[2012/02/05 17:01:02 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Gateway Documentation
[2012/02/05 17:01:02 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Updater
[2012/02/05 17:01:02 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2012/02/05 17:01:02 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
[2012/02/05 17:01:01 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Games
[2012/02/05 17:01:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\FLVPlayer4Free
[2012/02/05 17:01:00 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\FinalTorrent
[2012/02/05 17:01:00 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\DesignWorkshop Lite
[2012/02/05 17:01:00 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\CyberLink PowerDVD
[2012/02/05 17:00:58 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Cisco Systems VPN Client
[2012/02/05 17:00:57 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Burn a CD or Data DVD
[2012/02/05 17:00:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\BlackBerry
[2012/02/05 17:00:54 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools
[2012/02/05 17:00:54 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
[2012/02/05 17:00:54 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG PC Tuneup 2011
[2012/02/05 17:00:54 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2012
[2012/02/05 17:00:54 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Agent Ransack
[2012/02/05 17:00:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\7-Zip
[2012/02/05 17:00:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\2nd Story Software
[2012/02/05 16:55:24 | 000,444,416 | -H-- | M] (Microsoft Corp) -- C:\Documents and Settings\All Users\Application Data\REVHmWCGeSNc.exe
[2012/02/05 13:06:40 | 000,000,302 | -H-- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2357849811-1876791453-1589859368-500.job
[2012/01/25 14:37:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Printscreen 2000
[2012/01/25 14:08:42 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_RimUsb_01009.Wdf
[2012/01/25 14:08:41 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2012/01/23 23:09:56 | 000,001,942 | -H-- | M] () -- C:\Documents and Settings\Administrator\Desktop\Security Monitor.lnk
[2012/01/21 14:44:15 | 000,018,100 | -H-- | M] () -- C:\Documents and Settings\Administrator\My Documents\cue6.jpg
[2012/01/16 01:59:51 | 000,002,495 | -H-- | M] () -- C:\Documents and Settings\Administrator\Desktop\Excel03.lnk
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Administrator\My Documents\*.tmp files -> C:\Documents and Settings\Administrator\My Documents\*.tmp -> ]

SCCHAS · Feb 12, 2012

PART 2-OTL logfile created on: 2/10/2012

*******PART 2 OTL Logfile created 0n 2/10/2012reated ************

========== Files Created - No Company Name ==========

[2012/02/08 18:21:25 | 1072,025,600 | -HS- | C] () -- C:\hiberfil.sys
[2012/02/06 17:16:42 | 000,048,016 | -HS- | C] () -- C:\WINDOWS\System32\c_53016.nl_
[2012/02/05 22:38:13 | 000,000,833 | -H-- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/02/05 17:13:38 | 000,000,192 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~ZiUScmDdQAYPtcr
[2012/02/05 17:13:36 | 000,000,304 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~ZiUScmDdQAYPtc
[2012/02/05 17:13:26 | 000,000,815 | -H-- | C] () -- C:\Documents and Settings\Administrator\Desktop\System Check.lnk
[2012/02/05 17:13:22 | 000,000,448 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\ZiUScmDdQAYPtc
[2012/01/25 14:08:42 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_RimUsb_01009.Wdf
[2012/01/25 14:08:41 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2012/01/23 23:09:56 | 000,001,942 | -H-- | C] () -- C:\Documents and Settings\Administrator\Desktop\Security Monitor.lnk
[2012/01/21 14:44:15 | 000,018,100 | -H-- | C] () -- C:\Documents and Settings\Administrator\My Documents\cue6.jpg
[2011/10/23 16:50:04 | 000,016,432 | -H-- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2011/10/22 14:50:31 | 000,000,016 | -H-- | C] () -- C:\Program Files\msert.exe.szfi
[2011/10/21 09:39:40 | 000,000,064 | -H-- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/10/21 09:39:40 | 000,000,044 | -H-- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/10/16 16:22:47 | 000,775,404 | -H-- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\prvlcl.dat
[2011/10/06 22:14:35 | 075,564,880 | ---- | C] () -- C:\Program Files\msert.exe
[2011/10/03 20:54:14 | 000,001,324 | -H-- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/08/11 02:09:47 | 000,000,127 | -H-- | C] () -- C:\WINDOWS\System32\MRT.INI
[2011/04/17 11:39:07 | 000,184,272 | -H-- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/04/16 20:54:42 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\TaxACT10.ini
[2009/05/27 01:06:48 | 000,000,225 | -H-- | C] () -- C:\WINDOWS\Quicken.ini
[2009/04/02 01:43:23 | 000,000,057 | -H-- | C] () -- C:\WINDOWS\TaxACT08.ini
[2009/01/29 00:24:19 | 000,000,095 | -H-- | C] () -- C:\WINDOWS\wininit.ini
[2008/12/07 23:53:59 | 000,761,856 | -H-- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/12/07 23:53:59 | 000,180,224 | -H-- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/12/07 23:53:58 | 003,596,288 | -H-- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/11/26 04:06:02 | 000,001,929 | -H-- | C] () -- C:\WINDOWS\VTruck2.ini
[2008/07/14 00:59:34 | 000,000,009 | -H-- | C] () -- C:\Documents and Settings\Administrator\usb001
[2008/07/13 22:03:22 | 000,000,503 | -H-- | C] () -- C:\WINDOWS\VTruck1.ini
[2008/06/29 23:15:11 | 000,007,793 | -H-- | C] () -- C:\WINDOWS\System32\junker.dat
[2008/06/29 22:41:53 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\jane.dat
[2008/06/11 20:21:02 | 000,025,600 | -H-- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/05/03 20:48:01 | 000,003,840 | -H-- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2008/03/20 18:54:39 | 000,000,106 | -H-- | C] () -- C:\WINDOWS\prt9532.ini
[2007/09/11 18:23:34 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\nsreg.dat
[2007/04/13 01:28:31 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2007/04/13 01:28:13 | 000,796,312 | -H-- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2007/01/06 22:34:28 | 000,035,840 | -H-- | C] () -- C:\WINDOWS\System32\drivers\AFS2K.SYS
[2007/01/06 22:28:57 | 000,001,608 | -H-- | C] () -- C:\WINDOWS\hpdj5600.ini
[2006/11/11 17:24:26 | 000,005,025 | -H-- | C] () -- C:\Documents and Settings\Administrator\pgm.asv
[2006/08/19 20:27:31 | 000,000,116 | -H-- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/08/04 19:12:47 | 000,000,008 | -H-- | C] () -- C:\Documents and Settings\Administrator\Application Data\usb.dat.bin
[2006/04/27 09:15:40 | 000,000,376 | -H-- | C] () -- C:\WINDOWS\ODBC.INI
[2006/04/15 07:34:12 | 047,369,160 | ---- | C] () -- C:\WINDOWS\System32\MRT.exe
[2006/04/05 13:39:11 | 000,000,438 | -H-- | C] () -- C:\Documents and Settings\Administrator\Application Data\wklnhst.dat
[2006/04/05 00:14:40 | 000,077,824 | RH-- | C] () -- C:\WINDOWS\System32\sasperf.dll
[2006/02/20 13:43:15 | 000,087,540 | -H-- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2006/02/20 13:03:22 | 000,471,298 | -H-- | C] () -- C:\WINDOWS\wallpg.exe
[2006/02/20 13:02:00 | 000,518,520 | -H-- | C] () -- C:\WINDOWS\vidres.exe
[2006/02/20 12:55:24 | 000,057,344 | -H-- | C] () -- C:\WINDOWS\System32\FpHidSrv.exe
[2006/02/20 12:55:24 | 000,045,056 | -H-- | C] () -- C:\WINDOWS\System32\FpWinTab.dll
[2006/02/20 12:55:24 | 000,045,056 | -H-- | C] () -- C:\WINDOWS\System32\FpCoIns2.dll
[2006/02/20 12:55:24 | 000,045,056 | -H-- | C] () -- C:\WINDOWS\System32\FpCoIns1.dll
[2005/06/22 07:13:13 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini
[2005/06/22 06:29:11 | 000,352,256 | -H-- | C] () -- C:\WINDOWS\System32\HotlineClient.exe
[2005/06/22 05:37:03 | 000,000,136 | -H-- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2005/06/22 05:35:20 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/06/22 05:27:52 | 000,021,640 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/06/22 05:12:17 | 000,001,266 | -H-- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/06/22 05:12:17 | 000,000,489 | -H-- | C] () -- C:\WINDOWS\System32\emver.ini
[2005/06/22 05:11:30 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/06/22 05:11:28 | 000,447,872 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/06/22 05:11:28 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005/06/22 05:11:28 | 000,073,886 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/06/22 05:11:28 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005/06/22 05:11:26 | 000,005,151 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/06/22 05:11:25 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/06/22 05:11:22 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/06/22 05:11:19 | 000,162,816 | -H-- | C] () -- C:\WINDOWS\System32\drivers\netbt.sys
[2005/06/22 05:11:17 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005/06/22 05:11:16 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin
[2005/06/22 05:11:12 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005/06/22 05:11:04 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005/06/21 22:25:29 | 000,057,600 | -H-- | C] () -- C:\WINDOWS\System32\drivers\redbook.sys
[2005/06/21 22:24:00 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/06/21 22:23:17 | 000,320,864 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/06/14 18:36:38 | 000,020,480 | -H-- | C] () -- C:\WINDOWS\System32\instg32.exe
[2005/04/19 17:57:00 | 000,172,032 | -H-- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2004/08/12 11:44:10 | 000,016,384 | -H-- | C] () -- C:\WINDOWS\System32\iwca.dll
[2003/12/02 10:27:06 | 000,139,096 | -H-- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2003/03/05 22:03:18 | 000,004,978 | -H-- | C] () -- C:\WINDOWS\hpfmdl01.dat
[2003/03/05 18:28:38 | 000,000,309 | -H-- | C] () -- C:\WINDOWS\hpfins01.dat
[2003/01/07 14:05:08 | 000,002,695 | -H-- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2000/09/08 16:53:50 | 000,073,839 | -H-- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll

========== LOP Check ==========

[2006/02/20 13:09:08 | 000,000,000 | -H-D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\SampleView
[2011/04/13 00:34:29 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data\AVG
[2011/10/16 16:51:37 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data\AVG Secure Search
[2011/10/16 16:49:19 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data\AVG2012
[2011/10/25 02:13:19 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data\Babylon
[2011/10/25 02:40:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data\BabylonToolbar
[2011/05/22 05:05:45 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data\CheckPoint
[2012/02/10 15:26:09 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data\DNA
[2011/10/25 07:35:19 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data\FinalTorrent
[2009/06/26 18:48:22 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data\FLV Downloader(xmlbar)
[2009/06/26 19:47:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data\FLVPlayer4Free
[2009/01/28 23:17:38 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data\Grisoft
[2008/08/06 02:41:27 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data\Helios
[2007/01/06 22:30:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data\InterTrust
[2007/09/19 19:27:37 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data\iolo
[2011/10/24 02:11:16 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data\Media Finder
[2007/12/25 14:40:38 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data\Nokia
[2007/12/25 14:40:35 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data\PC Suite
[2011/11/03 21:03:45 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data\Research In Motion
[2006/02/20 13:09:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data\SampleView
[2006/04/05 00:31:42 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data\SAS
[2006/05/06 06:43:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data\Simple Star
[2006/04/05 13:39:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data\Template
[2009/09/30 22:46:02 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data\TextPad
[2009/01/24 09:39:43 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data\Uniblue
[2011/08/26 12:12:00 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data\W Photo Studio Viewer
[2011/04/13 02:00:44 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\AVG
[2011/12/20 08:18:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2011/10/16 16:52:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/12/27 04:56:59 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2011/10/25 02:13:20 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2011/08/02 07:37:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009/01/28 23:17:37 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2007/12/25 14:14:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2007/09/19 19:27:37 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2007/09/20 08:37:58 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2011/12/28 18:42:44 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2006/04/08 05:38:13 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Network Associates
[2007/12/25 14:40:33 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2011/11/03 20:59:34 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2010/01/29 10:29:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\SAS
[2011/12/27 06:51:54 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2011/10/03 02:32:04 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/01/31 23:51:42 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
[2012/02/08 18:21:51 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2012/02/10 15:26:07 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\Tasks\FinalTorrent Update Checker.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP

FC5A2B2
< End of report >

Broni · Feb 12, 2012

Do this on the computer you are posting from:
Copy the text in the codebox below:

Code:

:OTL
SRV - File not found [Auto] -- -- (ASKService)
DRV - File not found [File_System | Boot] -- -- (48296937)
DRV - File not found [Kernel | On_Demand] -- -- (.redbook)
DRV - File not found [Kernel | On_Demand] -- -- (.i8042prt)
DRV - File not found [Kernel | On_Demand] -- -- (.AFS2K)
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [REVHmWCGeSNc.exe] C:\Documents and Settings\All Users\Application Data\REVHmWCGeSNc.exe (Microsoft Corp)
O4 - HKU\Administrator_ON_C..\Run: [Media Finder] File not found
O4 - HKU\Administrator_ON_C..\Run: [MediaGet2] File not found
O4 - HKU\Administrator_ON_C..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroyx\TeaTimer.exe ()
O4 - HKU\LocalService_ON_C..\Run: [TabletWizard] File not found
O4 - HKU\NetworkService_ON_C..\Run: [TabletWizard] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
[2012/02/05 17:13:10 | 000,356,352 | -H-- | C] (Microsoft Corp) -- C:\Documents and Settings\All Users\Application Data\ZiUScmDdQAYPtc.exe
[2012/02/05 16:58:34 | 000,444,416 | -H-- | C] (Microsoft Corp) -- C:\Documents and Settings\All Users\Application Data\REVHmWCGeSNc.exe
[2012/02/06 17:17:30 | 000,048,016 | -HS- | M] () -- C:\WINDOWS\System32\c_53016.nl_
[2012/02/05 22:38:14 | 000,000,833 | -H-- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/02/05 22:32:35 | 000,000,304 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~ZiUScmDdQAYPtc
[2012/02/05 22:32:21 | 000,000,448 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\ZiUScmDdQAYPtc
[2012/02/05 22:32:09 | 000,000,192 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~ZiUScmDdQAYPtcr
[2012/02/05 17:13:26 | 000,000,815 | -H-- | M] () -- C:\Documents and Settings\Administrator\Desktop\System Check.lnk
[2012/02/05 17:13:10 | 000,356,352 | -H-- | M] (Microsoft Corp) -- C:\Documents and Settings\All Users\Application Data\ZiUScmDdQAYPtc.exe
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

:Services

:Reg

:Files

:Commands
[purity]

Open Notepad and paste it.
Save the document as Fix.txt on to a USB flash drive

On the infected computer the following...

Run OTLPE

Insert USB stick and find the file Fix.txt. Drag the file Fix.txt and drop it under the Custom Scans/Fixes box at the bottom.
- (The content of Fix.txt should appear in the box)
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Post the log produced (you'll need to transfer it with USB stick)
Remove the CD and shut down computer manually.
Attempt to reboot normally into Windows.

SCCHAS · Feb 13, 2012

broni reply

OK. May have scrogged it. 1st try, did not realize that CD drawer was open after running Custom Fix; started and got past the Login Menu and then Blue Ccrees for a few Hours. Think I got it right the second time Laptop starts up, but not fully functional. START Menu only has "ALL PROGRAMS" and only has two folders- Gateway Docs & System Recovery and both display "EMPTY". Do not have all the usual quick launch icons in the bottom tool tray. Tried to run BelArc Advisor (( Acess Denied).

LOG Follows

========== OTL ==========
Service\Driver key ASKService not found.
Service\Driver key 48296937 not found.
Service\Driver key .redbook not found.
Service\Driver key .i8042prt not found.
Service\Driver key .AFS2K not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\REVHmWCGeSNc.exe not found.
File C:\Documents and Settings\All Users\Application Data\REVHmWCGeSNc.exe not found.
Registry value HKEY_USERS\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\Media Finder deleted successfully.
Registry value HKEY_USERS\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\MediaGet2 deleted successfully.
Registry value HKEY_USERS\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotSD TeaTimer deleted successfully.
File C:\Program Files\Spybot - Search & Destroyx\TeaTimer.exe not found.
Registry value HKEY_USERS\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\TabletWizard deleted successfully.
Registry value HKEY_USERS\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\TabletWizard deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr not found.
Registry value HKEY_USERS\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDesktop deleted successfully.
Registry value HKEY_USERS\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr deleted successfully.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_USERS\Administrator_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_USERS\LocalService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_USERS\NetworkService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_USERS\systemprofile_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
File C:\Documents and Settings\All Users\Application Data\ZiUScmDdQAYPtc.exe not found.
File C:\Documents and Settings\All Users\Application Data\REVHmWCGeSNc.exe not found.
File C:\WINDOWS\System32\c_53016.nl_ not found.
File C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk not found.
File C:\Documents and Settings\All Users\Application Data\~ZiUScmDdQAYPtc not found.
File C:\Documents and Settings\All Users\Application Data\ZiUScmDdQAYPtc not found.
File C:\Documents and Settings\All Users\Application Data\~ZiUScmDdQAYPtcr not found.
File C:\Documents and Settings\Administrator\Desktop\System Check.lnk not found.
File C:\Documents and Settings\All Users\Application Data\ZiUScmDdQAYPtc.exe not found.
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP

FC5A2B2 .
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

OTLPE by OldTimer - Version 3.1.48.0 log created on 02132012_031532

***end**

Thanks

SCCHAS · Feb 13, 2012

Reply broni

Reran as directed with new fix.txt. Same results with respect to the start menu, same twofolders, both empty. The log follows::

========== OTL ==========
Service\Driver key ASKService not found.
Service\Driver key 48296937 not found.
Service\Driver key .redbook not found.
Service\Driver key .i8042prt not found.
Service\Driver key .AFS2K not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\REVHmWCGeSNc.exe not found.
File C:\Documents and Settings\All Users\Application Data\REVHmWCGeSNc.exe not found.
Registry value HKEY_USERS\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\Media Finder deleted successfully.
Registry value HKEY_USERS\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\MediaGet2 deleted successfully.
Registry value HKEY_USERS\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotSD TeaTimer deleted successfully.
File C:\Program Files\Spybot - Search & Destroyx\TeaTimer.exe not found.
Registry value HKEY_USERS\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\TabletWizard deleted successfully.
Registry value HKEY_USERS\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\TabletWizard deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr not found.
Registry value HKEY_USERS\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDesktop deleted successfully.
Registry value HKEY_USERS\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr deleted successfully.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_USERS\Administrator_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_USERS\LocalService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_USERS\NetworkService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_USERS\systemprofile_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
File C:\Documents and Settings\All Users\Application Data\ZiUScmDdQAYPtc.exe not found.
File C:\Documents and Settings\All Users\Application Data\REVHmWCGeSNc.exe not found.
File C:\WINDOWS\System32\c_53016.nl_ not found.
File C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk not found.
File C:\Documents and Settings\All Users\Application Data\~ZiUScmDdQAYPtc not found.
File C:\Documents and Settings\All Users\Application Data\ZiUScmDdQAYPtc not found.
File C:\Documents and Settings\All Users\Application Data\~ZiUScmDdQAYPtcr not found.
File C:\Documents and Settings\Administrator\Desktop\System Check.lnk not found.
File C:\Documents and Settings\All Users\Application Data\ZiUScmDdQAYPtc.exe not found.
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP

FC5A2B2 .
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

OTLPE by OldTimer - Version 3.1.48.0 log created on 02132012_031532

Broni · Feb 13, 2012

Well, good news.
Your computer is at least operational.

Let's see, if we can recover your missing features.
Download and run UnHide
Let me know, if it worked.

=============================================================

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

SCCHAS · Feb 17, 2012

Reply to broni

Having an issue with GMER. When I click on the file, it starts running and then i get the BSOD with the "DRIVER/ _ IRQL Not less than or Equal " and "iaStor.sys " noted at the bottom. BTW Malwarebytes ran and found nothing, What do I do next?

Thanks

Broni · Feb 17, 2012

Try to run GMER in safe mode.
If still same problem proceed with DDS.

SCCHAS · Feb 20, 2012

Malware results

Tried to run the SCR but it would get an estimated 3/4 of the way through and the the BSOD would appear with the same message as with GMER. And after that I lost connection the net; even brought the laptop in to the office and plugged it directly into the system here, it was a nogo. Bout ready to give up on this lap top. But I do have the MB log.

************
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.16.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: MTC1 [administrator]

2/16/2012 6:56:11 AM
mbam-log-2012-02-16 (06-56-11).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 201835
Time elapsed: 15 minute(s), 19 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 6
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowControlPanel (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyDocs (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowRun (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
C:\Documents and Settings\Administrator\Local Settings\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb (Rootkit.Zeroaccess) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb (Rootkit.Zeroaccess) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb (Rootkit.Zeroaccess) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb (Rootkit.Zeroaccess) -> Quarantined and deleted successfully.

(end)

Broni · Feb 20, 2012

Do you still have issue with internet connection?

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Never rename Combofix unless instructed.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
Double click on combofix.exe & follow the prompts.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe

Double-click on the Rkill icon to run the tool.
If using Vista or Windows 7 right-click on it and choose Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
Do not reboot until instructed.
If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

SCCHAS · Feb 24, 2012

Going for bad to worst

Cannot connect to internet from PC- tried wireless and LAN ; on LAN get msg" Network did not assign network address to computer" . Basically the same with wireless. Tried "Repair" function - nada. Was going to try to reload my router software, but now PC cannot find the CD/DVD drive (Device Manager sez "cannot load Drivers"). This is getting so bad, it is almost funny. Can I download the software in your last reply and move to PC via USB Drive? Sorry everything is going South on this. Thanks for you patience.

Broni · Feb 24, 2012

Download Combofix on a computer you're posting from and move it to bad computer using USB flash drive.

SCCHAS · Feb 28, 2012

Combofix

Copied Combofix to suck PC/ Ran it. It want access to the internet-but that was a no go. No log . but two msgs. " MS Win Recovery installer is missing" Have Rootkit.zero Access and iy has inf\e tcp/ip stack. Told me to reboot when it finished and if I did not have internet access to run it again. I did and the results are the same.
This laptop is too wierd. I thought I would give the CD drive one more try last night to laod my backuo router disk. But I grabbed the Reatogo disk by accident. Put it in the drive ( machine was alread on) disk spins up immediately, Reatogo screen comes up, and my wireless connection works.

What next.?

Broni · Feb 28, 2012

Re-run Combofix from safe mode and be patient.

SCCHAS · Mar 1, 2012

still no go with combo

I ran COMBO again in safe mode, it opened up the little window and did scrolling thing; then it stated that it could not find the windows recovery console and wanted to go to the net to get and install it-but that was a nogo. Restated that I was infected withRootkit.zero access, infected the tcp/ip stack. Ran a little bit longer and then the pc shutdown and restarted. Still no access to the internet>. I am still puzzled that the CD drive will work with the EALLTOGO CD in it, but not with another CD, and that other things work that have not worked in quite a while ( i.e., the mouse pad on the laptop). And wile I was searching for any output from COMBO, I ran across several folders named SYSTEMCHECK- in Docs & set/Administrator/local;../Quick Launch; ..start menu/programs.

Anyway, what's my next step. Thanks, for the epatience.

Broni · Mar 1, 2012

Download TDSSKiller and save it to your desktop.

Extract (unzip) its contents to your desktop.
Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

Inactive [A] System Check's got ahold of me & won't let go

Posts: 13 +0

Posts: 56,041 +516

Posts: 13 +0

Posts: 56,041 +516

Posts: 13 +0

Posts: 56,041 +516

Posts: 13 +0

Attachments

Posts: 56,041 +516

Posts: 13 +0

Posts: 13 +0

Posts: 56,041 +516

Posts: 13 +0

Posts: 13 +0

Posts: 56,041 +516

Posts: 13 +0

Posts: 56,041 +516

Posts: 13 +0

Posts: 56,041 +516

Posts: 13 +0

Posts: 56,041 +516

Posts: 13 +0

Posts: 56,041 +516

Posts: 13 +0

Posts: 56,041 +516

Similar threads