Jump to content

atrium

Members
  • Posts

    5
  • Joined

  • Last visited

Reputation

0 Neutral
  1. another thing, something is running in the background, not sure what it is. I closed everything, opened Task Manager, CPU is spiking up and down, like a sick roller coaster, full range 0% to 100%.
  2. OTL scan after the fix and reboot: Hopefully this is help identify. THANKS OTL logfile created on: 5/24/2011 7:48:41 PM - Run 2 OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\G-HERO\My Documents\Downloads Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1023.00 Mb Total Physical Memory | 537.79 Mb Available Physical Memory | 52.57% Memory free 1.28 Gb Paging File | 0.78 Gb Available in Paging File | 60.61% Paging File free Paging file location(s): C:\pagefile.sys 384 768 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 149.04 Gb Total Space | 86.91 Gb Free Space | 58.31% Space Free | Partition Type: NTFS Computer Name: ATRIUM | User Name: G-HERO | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found PRC - C:\Documents and Settings\G-HERO\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.) PRC - C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.) PRC - C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) PRC - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.) PRC - C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.) PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) PRC - C:\Program Files\McAfee\MPF\MpfSrv.exe (McAfee, Inc.) PRC - C:\Program Files\McAfee\MSK\msksrver.exe (McAfee, Inc.) PRC - c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.) PRC - c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.) PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe () PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\WINDOWS\system32\HPZipm12.exe (HP) ========== Modules (SafeList) ========== MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation) MOD - C:\Program Files\McAfee\SiteAdvisor\sahook.dll () ========== Win32 Services (SafeList) ========== SRV - (HidServ) -- File not found SRV - (AppMgmt) -- File not found SRV - (McShield) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.) SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.) SRV - (SeaPort) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) SRV - (ANIWZCSdService) -- C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe (Alpha Networks Inc.) SRV - (mcmscsvc) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.) SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.) SRV - (McSysmon) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.) SRV - (MpfService) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.) SRV - (MSK80Service) -- C:\Program Files\McAfee\MSK\MskSrver.exe (McAfee, Inc.) SRV - (MBackMonitor) -- C:\Program Files\McAfee\MBK\MBackMonitor.exe (McAfee) SRV - (McProxy) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.) SRV - (McNASvc) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.) SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe () SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP) ========== Driver Services (SafeList) ========== DRV - (mferkdk) -- C:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.) DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.) DRV - (mfesmfk) -- C:\WINDOWS\system32\drivers\mfesmfk.sys (McAfee, Inc.) DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.) DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.) DRV - (NPF) WinPcap Packet Driver (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies, Inc.) DRV - (MPFP) -- C:\WINDOWS\system32\drivers\Mpfp.sys (McAfee, Inc.) DRV - (Serial) -- C:\WINDOWS\system32\drivers\serial.sys () DRV - (Kbdclass) -- C:\WINDOWS\system32\drivers\Kbdclass.sy@ (Microsoft Corporation) DRV - (rt2500usb) DWL-G122(rev.B) -- C:\WINDOWS\system32\drivers\rt2500usb.sys (Ralink Technology Inc.) DRV - (ANIO) -- C:\WINDOWS\system32\ANIO.sys (Alpha Networks Inc.) DRV - (Null) -- C:\WINDOWS\System32\drivers\null.sys () DRV - (OMCI) -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS (Dell Computer Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie'>http://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie'>http://www.google.com/ie IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie'>http://www.google.com/ie IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.) IE - HKCU\..\URLSearchHook: {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\prxtbTor2.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Ask.com" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.google.com" FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.1 FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:2.8 FF - prefs.js..extensions.enabledItems: {3A788D52-2B39-4A2B-9FE5-4FA757B20919}:1.9.1 FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.9.1.14019 FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=ALSV5&o=1665&locale=en_US&apn_uid=59166D2E-B63F-4F6E-B12B-1690420E6AEA&apn_ptnrs=AU&apn_sauid=26DC9931-E623-4A79-9B75-11B569C1A9F7&apn_dtid=aus002YYUS&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\{400F0BDB-6C49-43A4-BE1F-76D7327A604D}: C:\Program Files\Common Files\fluxDVD\Download Manager\Mozilla [2008/12/20 12:59:27 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/03/17 19:52:19 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/05/24 02:28:51 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{3A788D52-2B39-4A2B-9FE5-4FA757B20919}: C:\Documents and Settings\G-HERO\Local Settings\Application Data\{3A788D52-2B39-4A2B-9FE5-4FA757B20919} [2010/08/05 02:54:22 | 000,000,000 | -H-D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/19 17:42:55 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/19 17:42:52 | 000,000,000 | ---D | M] [2011/01/07 13:38:56 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\G-HERO\Application Data\Mozilla\Extensions [2009/11/18 09:51:39 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\G-HERO\Application Data\Mozilla\Extensions\mozswing@mozswing.org [2011/05/17 03:35:17 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\G-HERO\Application Data\Mozilla\Firefox\Profiles\jk4wnaxq.default\extensions [2011/02/22 19:37:40 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\G-HERO\Application Data\Mozilla\Firefox\Profiles\jk4wnaxq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011/05/06 17:21:52 | 000,000,000 | -H-D | M] (Auslogics Toolbar) -- C:\Documents and Settings\G-HERO\Application Data\Mozilla\Firefox\Profiles\jk4wnaxq.default\extensions\toolbar@ask.com [2011/05/17 03:25:21 | 000,002,567 | -H-- | M] () -- C:\Documents and Settings\G-HERO\Application Data\Mozilla\Firefox\Profiles\jk4wnaxq.default\searchplugins\askcom.xml [2011/05/19 17:42:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions File not found (No name found) -- [2011/04/14 12:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll [2011/05/08 17:49:42 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin9.dll [2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml O1 HOSTS File: ([2011/05/24 18:52:45 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Download Manager Browser Helper Object) - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\Program Files\Common Files\fluxDVD\Download Manager\XEBDLHelper.dll (Protect Software GmbH) O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll () O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Bitlord Toolbar) - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\prxtbTor2.dll (Conduit Ltd.) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.) O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll () O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Auslogics Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll () O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.) O3 - HKLM\..\Toolbar: (Bitlord Toolbar) - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\prxtbTor2.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Auslogics Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.) O3 - HKCU\..\Toolbar\WebBrowser: (Bitlord Toolbar) - {7C5C0F58-E061-457D-9033-77307F5ED00C} - C:\Program Files\TorrentMan\prxtbTor2.dll (Conduit Ltd.) O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Alpha Networks Inc.) O4 - HKLM..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe (D-Link) O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [McENUI] C:\Program Files\McAfee\MHN\McENUI.exe (McAfee, Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKCU..\Run: [Google Update] File not found O4 - HKCU..\RunOnce: [shockwave Updater] File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0 O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.) O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKCU\..Trusted Domains: ([]msn in My Computer) O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.) O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll () O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Documents and Settings\G-HERO\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\G-HERO\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/08/23 23:08:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O35 - HKCU\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKCU\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011/05/24 16:24:39 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\G-HERO\Desktop\OTL.exe [2011/05/22 16:09:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\G-HERO\Start Menu\Programs\Google Chrome [2011/05/22 15:03:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\G-HERO\My Documents\Office Depot PC Checkup [2011/05/22 15:02:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\G-HERO\Application Data\SupportSoft [2011/05/22 15:02:44 | 000,000,000 | ---D | C] -- C:\temp [2011/05/22 15:02:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\G-HERO\Application Data\OpswatLogs [2011/05/22 15:02:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\supportsoft [2011/05/22 12:57:12 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2011/05/22 12:57:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware [2011/05/22 12:57:08 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2011/05/21 23:33:52 | 000,000,000 | ---D | C] -- C:\_OTL [2011/05/21 17:06:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\G-HERO\Local Settings\Application Data\AVG Security Toolbar [2011/05/20 15:26:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\G-HERO\Application Data\AVG10 [2011/05/19 17:27:13 | 012,521,992 | ---- | C] (Mozilla) -- C:\Documents and Settings\G-HERO\My Documents\Firefox Setup 4.0.1.exe [2011/05/19 14:27:52 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files [2011/05/19 12:16:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10 [2011/05/19 12:16:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG [2011/05/19 12:07:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData [2011/05/19 11:21:54 | 000,216,008 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys [2011/05/19 10:19:29 | 000,035,368 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys [2011/05/18 22:38:18 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\G-HERO\Recent [2011/05/17 19:49:29 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\G-HERO\Start Menu\Programs\Windows XP Recovery [2011/05/10 03:55:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer [2011/05/08 19:50:37 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes [2011/05/08 19:48:41 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2011/05/08 19:48:35 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2011/05/08 19:48:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2011/05/08 19:45:30 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update [2011/05/08 19:40:56 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2011/05/08 17:49:22 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime [2011/05/08 17:48:24 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2011/05/06 11:54:32 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\G-HERO\Local Settings\Application Data\AskToolbar [2011/05/06 11:39:52 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com [2011/05/06 11:39:31 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Auslogics [2011/05/06 11:39:29 | 000,000,000 | ---D | C] -- C:\Program Files\Auslogics ========== Files - Modified Within 30 Days ========== [2011/05/24 19:13:00 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-796845957-1965331169-682003330-1004UA.job [2011/05/24 19:01:00 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job [2011/05/24 18:57:01 | 000,019,873 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF [2011/05/24 18:56:30 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-796845957-1965331169-682003330-1004.job [2011/05/24 18:56:24 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-796845957-1965331169-682003330-1004.job [2011/05/24 18:56:11 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2011/05/24 18:55:25 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2011/05/24 18:55:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011/05/24 18:55:15 | 1072,766,976 | -HS- | M] () -- C:\hiberfil.sys [2011/05/24 18:52:45 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts [2011/05/24 16:24:43 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\G-HERO\Desktop\OTL.exe [2011/05/22 16:13:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-796845957-1965331169-682003330-1004Core.job [2011/05/22 16:12:39 | 000,000,598 | ---- | M] () -- C:\Documents and Settings\G-HERO\Desktop\Shortcut to iTunes.lnk [2011/05/22 16:09:44 | 000,002,293 | ---- | M] () -- C:\Documents and Settings\G-HERO\Desktop\Google Chrome.lnk [2011/05/22 16:09:44 | 000,002,271 | ---- | M] () -- C:\Documents and Settings\G-HERO\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2011/05/22 15:26:07 | 000,002,594 | ---- | M] () -- C:\Documents and Settings\G-HERO\Desktop\foldersettings.reg [2011/05/22 14:00:57 | 000,000,220 | RHS- | M] () -- C:\boot.ini [2011/05/22 12:57:12 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2011/05/21 19:17:51 | 100,129,653 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm.prepare [2011/05/21 16:26:21 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat [2011/05/19 17:43:01 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk [2011/05/19 17:27:13 | 012,521,992 | ---- | M] (Mozilla) -- C:\Documents and Settings\G-HERO\My Documents\Firefox Setup 4.0.1.exe [2011/05/18 22:31:54 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011/05/13 22:16:50 | 000,000,803 | ---- | M] () -- C:\Documents and Settings\G-HERO\Desktop\Internet Explorer.lnk [2011/05/13 13:40:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2011/05/06 11:39:31 | 000,000,934 | ---- | M] () -- C:\Documents and Settings\G-HERO\Desktop\Auslogics Registry Cleaner.lnk ========== Files Created - No Company Name ========== [2011/05/22 16:12:39 | 000,000,598 | ---- | C] () -- C:\Documents and Settings\G-HERO\Desktop\Shortcut to iTunes.lnk [2011/05/22 16:09:44 | 000,002,293 | ---- | C] () -- C:\Documents and Settings\G-HERO\Desktop\Google Chrome.lnk [2011/05/22 16:09:44 | 000,002,271 | ---- | C] () -- C:\Documents and Settings\G-HERO\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2011/05/22 16:08:03 | 000,000,982 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-796845957-1965331169-682003330-1004UA.job [2011/05/22 16:08:02 | 000,000,930 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-796845957-1965331169-682003330-1004Core.job [2011/05/22 15:26:13 | 000,002,594 | ---- | C] () -- C:\Documents and Settings\G-HERO\Desktop\foldersettings.reg [2011/05/22 14:02:03 | 1072,766,976 | -HS- | C] () -- C:\hiberfil.sys [2011/05/22 12:57:12 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2011/05/21 17:16:08 | 100,129,653 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm.prepare [2011/05/21 16:26:21 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat [2011/05/19 17:43:00 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk [2011/05/19 17:43:00 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk [2011/05/19 00:03:05 | 000,000,280 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-796845957-1965331169-682003330-1004.job [2011/05/13 22:16:50 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\G-HERO\Desktop\Internet Explorer.lnk [2011/05/08 19:45:37 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2011/05/06 11:40:29 | 000,000,236 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job [2011/05/06 11:39:31 | 000,000,934 | ---- | C] () -- C:\Documents and Settings\G-HERO\Desktop\Auslogics Registry Cleaner.lnk [2011/04/16 04:29:01 | 000,006,804 | -HS- | C] () -- C:\Documents and Settings\G-HERO\Local Settings\Application Data\b513h2vulke4 [2011/04/16 04:29:01 | 000,006,804 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\b513h2vulke4 [2011/01/07 13:36:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2010/09/02 19:14:15 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2010/08/05 02:54:23 | 000,001,098 | ---- | C] () -- C:\WINDOWS\Sracaxeyuvas.dat [2010/08/05 02:54:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Opotireb.bin [2010/07/15 15:10:20 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI [2010/07/03 01:40:47 | 000,000,997 | --S- | C] () -- C:\WINDOWS\System32\2415008438.dat [2009/12/14 10:46:50 | 000,028,144 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2008/09/26 17:42:37 | 000,000,377 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2008/09/16 22:22:50 | 000,000,129 | -H-- | C] () -- C:\Documents and Settings\G-HERO\Local Settings\Application Data\fusioncache.dat [2008/09/16 21:20:22 | 000,109,168 | ---- | C] () -- C:\WINDOWS\hpoins08.dat [2008/09/16 21:20:21 | 000,007,577 | ---- | C] () -- C:\WINDOWS\hpomdl08.dat [2008/09/16 13:57:50 | 000,103,139 | ---- | C] () -- C:\WINDOWS\hpoins08.dat.temp [2008/09/16 13:57:50 | 000,004,445 | ---- | C] () -- C:\WINDOWS\hpomdl08.dat.temp [2008/09/16 13:42:39 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll [2008/08/30 14:27:43 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat [2008/08/24 22:42:29 | 000,024,576 | -H-- | C] () -- C:\Documents and Settings\G-HERO\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008/08/24 21:36:30 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2008/08/23 23:11:07 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2008/08/23 23:04:22 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2008/08/23 18:59:07 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2008/08/23 18:58:10 | 000,148,400 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2003/10/06 14:16:00 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\nvcod.dll [2002/09/03 13:17:03 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2002/09/03 13:16:59 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2002/09/03 12:59:04 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\serial.sys [2002/09/03 12:52:01 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2002/09/03 12:52:00 | 000,441,124 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2002/09/03 12:51:58 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2002/09/03 12:51:54 | 000,071,060 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2002/09/03 12:50:24 | 000,002,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\null.sys [2002/09/03 12:49:33 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2002/09/03 12:41:59 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2002/09/03 12:41:43 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2002/09/03 12:32:10 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2002/09/03 12:30:33 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2001/07/06 16:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini ========== LOP Check ========== [2009/12/05 23:28:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM [2009/12/05 23:29:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM Toolbar [2011/05/21 23:40:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10 [2010/05/30 20:36:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9 [2011/05/19 14:27:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files [2008/12/20 12:58:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fluxDVD [2011/05/21 23:16:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData [2008/12/20 12:59:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\mpDRM [2011/05/20 23:18:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2009/03/18 22:05:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3} [2011/05/08 19:50:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2009/12/11 00:23:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2009/05/09 00:17:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} [2010/08/07 21:37:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E} [2009/12/05 23:31:18 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\G-HERO\Application Data\acccore [2010/09/28 17:35:33 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\G-HERO\Application Data\Auslogics [2011/05/20 15:26:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G-HERO\Application Data\AVG10 [2010/04/26 06:54:39 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\G-HERO\Application Data\AVG9 [2009/01/11 22:31:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\G-HERO\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2010/09/03 22:30:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\G-HERO\Application Data\Dyuc [2008/09/15 21:22:18 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\G-HERO\Application Data\Image Zone Express [2010/04/01 00:25:06 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\G-HERO\Application Data\LimeWire [2011/05/22 15:05:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G-HERO\Application Data\OpswatLogs [2010/06/13 17:47:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\G-HERO\Application Data\Sammsoft [2011/05/22 15:02:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\G-HERO\Application Data\SupportSoft [2010/10/08 14:37:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\G-HERO\Application Data\Tycad [2010/08/07 21:15:25 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\G-HERO\Application Data\Uborme [2010/09/03 23:10:32 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\G-HERO\Application Data\Ulocnu [2010/08/19 22:55:39 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\G-HERO\Application Data\Umab [2010/08/04 00:24:51 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\G-HERO\Application Data\Ykun [2010/05/30 20:18:36 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job [2010/05/30 20:18:35 | 000,000,320 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job [2011/05/24 19:01:00 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 < End of report >
  3. Thanks. OTL.txt as follows: OTL Extras logfile created on: 5/24/2011 4:26:10 PM - Run 1 OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\G-HERO\My Documents\Downloads Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1023.00 Mb Total Physical Memory | 591.98 Mb Available Physical Memory | 57.87% Memory free 1.28 Gb Paging File | 0.83 Gb Available in Paging File | 64.72% Paging File free Paging file location(s): C:\pagefile.sys 384 768 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 149.04 Gb Total Space | 86.92 Gb Free Space | 58.32% Space Free | Partition Type: NTFS Computer Name: ATRIUM | User Name: G-HERO | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiVirusOverride" = 0 "FirewallOverride" = 0 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.) "C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC) "C:\Program Files\BitLord2\BitLord.exe" = C:\Program Files\BitLord2\BitLord.exe:*:Enabled:Bitlord2 -- () "C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- (AOL Inc.) "C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.) "C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Disabled:Windows Explorer -- (Microsoft Corporation) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR "{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant "{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0 "{0DFB3DE8-65B9-44FF-AA0A-3BECC5A2BFD1}" = Adobe Flash Player 10 Plugin "{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{2B7E4354-0492-460A-BDB1-1F59EE141025}" = AirPlus G "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel "{4462265B-3DC7-44AD-B56D-D09BA67BA422}" = 6300 "{4BE53DB2-C1F2-44D1-A9AB-1630BA7F2AF1}" = SolutionCenter "{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI "{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari "{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com "{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar "{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}" = ANIO Service "{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8D8024F1-2945-49A5-9B78-5AB7B11D7942}_is1" = Auslogics Registry Cleaner "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12 "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2 "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9 "{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}" = Microsoft Default Manager "{BB7DEA41-298E-450B-9C3A-E7B48D9D021B}" = 6300_Help "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update "{C6812939-B117-48E6-A3BA-1709C14A3C8C}" = Scan "{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA "{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD "{DEBB2986-15B0-4D28-95FA-5C966A396589}" = HPProductAssistant "{E5A8DDAB-AE80-48C6-A75B-D0FAB83B299D}" = HP PSC & OfficeJet 6.1.A "{EC2715CE-C182-483C-84CC-81D7D914CF14}" = WebReg "{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}" = HP Software Update "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX "{F2AB49F2-D632-446C-9A6E-5B4A98DFF13B}" = 6300Trb "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0 "{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes "{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA "{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Shockwave Player" = Adobe Shockwave Player "AIM Toolbar" = AIM Toolbar "AIM_7" = AIM 7 "BitLord_is1" = BitLord v2.0 "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com "conduitEngine" = Conduit Engine "Google Desktop" = Google Desktop "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "HP Solution Center & Imaging Support Tools" = HP Solution Center and Imaging Support Tools 6.1 "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ie8" = Windows Internet Explorer 8 "InstallShield_{2B7E4354-0492-460A-BDB1-1F59EE141025}" = AirPlus G "LimeWire" = LimeWire 5.3.6 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US) "MSC" = McAfee SecurityCenter "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "NVIDIA Display Driver" = NVIDIA Display Driver "PROSet" = Intel® PRO Ethernet Adapter and Software "RealPlayer 12.0" = RealPlayer "SoftwareUpdUtility" = Download Updater (AOL LLC) "TorrentMan Toolbar" = TorrentMan Toolbar "Windows XP Service Pack" = Windows XP Service Pack 3 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome "Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 5/18/2011 10:47:38 PM | Computer Name = ATRIUM | Source = crypt32 | ID = 131083 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Error - 5/18/2011 10:47:38 PM | Computer Name = ATRIUM | Source = crypt32 | ID = 131080 Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved Error - 5/18/2011 10:47:38 PM | Computer Name = ATRIUM | Source = crypt32 | ID = 131083 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Error - 5/18/2011 10:47:38 PM | Computer Name = ATRIUM | Source = crypt32 | ID = 131080 Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist. Error - 5/18/2011 10:47:38 PM | Computer Name = ATRIUM | Source = crypt32 | ID = 131083 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Error - 5/18/2011 10:47:38 PM | Computer Name = ATRIUM | Source = crypt32 | ID = 131080 Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist. Error - 5/18/2011 10:47:38 PM | Computer Name = ATRIUM | Source = crypt32 | ID = 131083 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Error - 5/18/2011 10:47:38 PM | Computer Name = ATRIUM | Source = crypt32 | ID = 131080 Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist. Error - 5/18/2011 10:55:28 PM | Computer Name = ATRIUM | Source = crypt32 | ID = 131083 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Error - 5/18/2011 10:55:28 PM | Computer Name = ATRIUM | Source = crypt32 | ID = 131083 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. [ System Events ] Error - 5/22/2011 12:49:50 PM | Computer Name = ATRIUM | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: Fips intelppm Lbd mfehidk Null OMCI Error - 5/22/2011 12:50:30 PM | Computer Name = ATRIUM | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service McNASvc with arguments "" in order to run the server: {24F616A1-B755-4053-8018-C3425DC8B68A} Error - 5/22/2011 12:50:33 PM | Computer Name = ATRIUM | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service McNASvc with arguments "" in order to run the server: {24F616A1-B755-4053-8018-C3425DC8B68A} Error - 5/22/2011 12:54:58 PM | Computer Name = ATRIUM | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 5/22/2011 2:01:08 PM | Computer Name = ATRIUM | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 5/22/2011 2:03:00 PM | Computer Name = ATRIUM | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: Lbd Null PCIIde Error - 5/23/2011 8:19:42 PM | Computer Name = ATRIUM | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: Lbd Null PCIIde Error - 5/23/2011 8:40:03 PM | Computer Name = ATRIUM | Source = PlugPlayManager | ID = 11 Description = The device Root\LEGACY_SMR200\0000 disappeared from the system without first being prepared for removal. Error - 5/24/2011 2:29:32 AM | Computer Name = ATRIUM | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: Lbd Null Error - 5/24/2011 4:19:06 PM | Computer Name = ATRIUM | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: Lbd Null < End of report >
  4. Thanks. I downloaded and ran Unhide.exe. Then I went into various folders (My Documents, etc.) and turned off Hidden attribute. Access to files and folders have been restored. However, Programs are still hidden, that is Start/All Programs only shows Malwarebytes and other programs I added after running Unhide.exe. Any thoughts on how to restore access to Programs, other than My Computer/Local Disk ©/Program Files/Excel or Winword, etc.. THANKS
  5. I ran MBAM, found and deleted fakealert trojan and PUM.hidden.desktop, PUM.hijack.displayproperties and PUM.hijack.taskmanager. However, after reboot, desktop is still hidden. Reran MBAM, no infections found. What do I do next?
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.