planoguy

Can not start Google Chrome

14 posts in this topic

ID: 1   Posted (edited)

Running Windows xp home edition, I have IE, Firefox, and Chrome. Starting yesterday, I can not log on using Chrome. (IE and Firefox are OK) After a while the msg says "application not responding". I googled for solution with no avail. Remove and re-install latest Chrome. Same problem. Runned Malwarebytes, no malware found.

Please help

Planoguy

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29

Run by Frank Liu at 8:09:54 on 2012-08-23

Microsoft Windows XP Home Edition 5.1.2600.3.950.886.1033.18.1471.716 [GMT -5:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\MozyHome\mozybackup.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Iomega\QuikProtect\QpMonitor.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\program files\real\realplayer\update\realsched.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Iomega\QuikProtect\QuikProtect.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\conime.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://my.yahoo.com/

uInternet Settings,ProxyOverride = <local>

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [QuiKProtect] c:\program files\iomega\quikprotect\StartQuikProtect.exe

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478}

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

Trusted Zone: citi.com\creditcards

Trusted Zone: itcu.org\www

Trusted Zone: microsoft.com\update

Trusted Zone: microsoft.com\windowsupdate

Trusted Zone: yahoo.com\my

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/Dcode/ActiveX/MSDcode.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.com/s/v/69.10/uploader2.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab

DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/3,0,0,5985/mcfscan.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{28982DB9-15B5-4F68-97C1-B14F8846B433} : DhcpNameServer = 192.168.1.1

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\frank liu\application data\mozilla\firefox\profiles\bqdxhci7.default\

FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/

FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll

FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll

FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll

FF - plugin: c:\documents and settings\frank liu\local settings\application data\google\update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\nprpplugin.dll

FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_257.dll

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 171064]

R1 MpKsld3b8646b;MpKsld3b8646b;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e6deb9be-73a9-426a-a1ff-78be6826b034}\MpKsld3b8646b.sys [2012-8-23 29904]

R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2010-8-19 10448]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-3-16 655944]

R2 QPCopyEngine;QPCopyEngine;c:\program files\iomega\quikprotect\QpMonitor.exe [2010-6-24 247088]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-3-16 22344]

R3 QsFsFltr;QsFsFltr;c:\windows\system32\drivers\QsFsFltr.sys [2009-11-21 19384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-3-26 136176]

S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-3 250568]

S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\magix\common\database\bin\fbserver.exe [2011-7-23 1527900]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-3-26 136176]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-27 113120]

S3 QianCaiHid;QianCai Handwriter Device;c:\windows\system32\drivers\HidKeyboard.sys [2010-12-14 6400]

S4 IHA_MessageCenter;IHA_MessageCenter;c:\program files\verizon\iha_messagecenter\bin\Verizon_IHAMessageCenter.exe [2010-10-13 98304]

.

=============== Created Last 30 ================

.

2012-08-23 13:03:42 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e6deb9be-73a9-426a-a1ff-78be6826b034}\offreg.dll

2012-08-23 12:55:32 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e6deb9be-73a9-426a-a1ff-78be6826b034}\MpKsld3b8646b.sys

2012-08-23 03:54:56 7023536 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e6deb9be-73a9-426a-a1ff-78be6826b034}\mpengine.dll

2012-08-22 02:46:26 -------- d-----r- c:\program files\Skype

2012-08-22 02:39:48 7023536 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll

2012-08-22 02:39:18 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys

2012-08-22 02:39:18 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys

2012-08-22 02:39:01 20992 ----a-w- c:\windows\system32\dshowext.ax

2012-08-22 02:36:11 465432 ----a-w- c:\windows\system32\LVUI2RC.dll

2012-08-22 02:36:11 416280 ----a-w- c:\windows\system32\lvcodec2.dll

2012-08-22 02:36:11 3599000 ----a-w- c:\windows\system32\drivers\lvuvc.sys

2012-08-22 02:36:10 490008 ----a-w- c:\windows\system32\LVUI2.dll

2012-08-22 02:36:10 19344 ----a-w- c:\windows\system32\Repository.reg

2012-08-22 02:36:10 1920920 ----a-w- c:\windows\system32\drivers\lvpopflt.sys

2012-08-22 02:36:09 41752 ----a-w- c:\windows\system32\drivers\LVUSBSta.sys

2012-08-22 02:36:09 22296 ----a-w- c:\windows\system32\drivers\lvuvcflt.sys

2012-08-22 02:36:09 195096 ----a-w- c:\windows\system32\lvci1110.dll

2012-08-01 15:50:43 -------- d-----w- c:\program files\BETV

2012-07-27 20:51:30 184248 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll

2012-07-27 20:51:30 184248 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll

.

==================== Find3M ====================

.

2012-08-22 02:30:43 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-08-22 02:30:42 73416 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-08-10 03:46:45 60 ----a-w- c:\windows\wpd99.drv

2012-07-16 16:47:48 12562920 ----a-w- c:\documents and settings\all users\Tempmozy-autoupdate-82af9a609219353256cb533e636b9416.exe

2012-07-06 13:58:51 78336 ----a-w- c:\windows\system32\browser.dll

2012-07-04 14:05:18 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-07-03 18:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-03 13:40:15 1866112 ----a-w- c:\windows\system32\win32k.sys

2012-07-02 17:49:33 916992 ----a-w- c:\windows\system32\wininet.dll

2012-07-02 17:49:32 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-07-02 17:49:32 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-07-02 12:05:43 385024 ------w- c:\windows\system32\html.iec

2012-06-17 14:33:44 12557904 ----a-w- c:\documents and settings\all users\Tempmozy-autoupdate-864934ef6e2b54a6f5dcfa6e472922e2.exe

2012-06-07 03:57:16 499712 ----a-w- c:\windows\system32\msvcp71.dll

2012-06-07 03:57:16 348160 ----a-w- c:\windows\system32\msvcr71.dll

2012-06-07 01:59:42 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX

2012-06-05 15:50:25 1372672 ------w- c:\windows\system32\msxml6.dll

2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll

2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 20:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui

2012-06-02 20:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl

2012-06-02 20:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2012-06-02 20:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui

2012-06-02 20:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui

2012-06-02 20:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll

2012-06-02 20:18:58 214256 ----a-w- c:\windows\system32\muweb.dll

2012-06-02 20:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui

2012-05-31 17:25:14 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll

2010-07-14 15:56:00 417944 ----a-w- c:\program files\common files\ZugoInstaller.exe

2010-05-09 05:14:38 5387 ----a-w- c:\program files\apply.cmd

2010-04-24 04:33:58 911800 ----a-w- c:\program files\amtlib.dll

.

============= FINISH: 8:10:31.46 ===============</local>

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume1

Install Date: 2009/11/15 1:13:34 PM

System Uptime: 2012/8/23 7:52:28 AM (1 hours ago)

.

Motherboard: MICRO-STAR INTERNATIONAL CO., LTD | | MS-7119

Processor: AMD Sempron 3000+ | Socket A | 1991/166mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 149 GiB total, 95.06 GiB free.

D: is CDROM ()

E: is FIXED (NTFS) - 186 GiB total, 62.031 GiB free.

F: is FIXED (NTFS) - 186 GiB total, 91.883 GiB free.

J: is FIXED (NTFS) - 932 GiB total, 673.123 GiB free.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP899: 2012/8/8 9:43:56 PM - System Checkpoint

RP900: 2012/7/22 7:39:26 AM - Software Distribution Service 3.0

RP901: 2012/7/22 7:39:25 AM - System Checkpoint

RP902: 2012/7/22 7:39:25 AM - Software Distribution Service 3.0

RP903: 2012/7/22 7:39:25 AM - Software Distribution Service 3.0

RP904: 2012/7/22 7:39:25 AM - Software Distribution Service 3.0

RP905: 2012/7/22 7:39:25 AM - System Checkpoint

RP906: 2012/7/22 7:39:25 AM - Software Distribution Service 3.0

RP907: 2012/7/22 7:39:25 AM - Software Distribution Service 3.0

RP908: 2012/7/22 7:39:24 AM - Software Distribution Service 3.0

RP909: 2012/7/22 7:39:24 AM - System Checkpoint

RP910: 2012/7/22 7:39:24 AM - Software Distribution Service 3.0

RP911: 2012/7/22 7:40:12 AM - Software Distribution Service 3.0

RP912: 2012/7/22 7:40:12 AM - Installed MozyHome

RP913: 2012/7/22 7:40:12 AM - Software Distribution Service 3.0

RP914: 2012/7/22 7:40:12 AM - System Checkpoint

RP915: 2012/7/22 7:40:11 AM - Software Distribution Service 3.0

RP916: 2012/7/22 7:40:11 AM - System Checkpoint

RP917: 2012/7/22 7:40:11 AM - Software Distribution Service 3.0

RP918: 2012/7/22 7:40:11 AM - Software Distribution Service 3.0

RP919: 2012/7/22 7:40:11 AM - System Checkpoint

RP920: 2012/7/22 7:40:11 AM - Software Distribution Service 3.0

RP921: 2012/7/22 7:40:10 AM - Software Distribution Service 3.0

RP922: 2012/7/22 7:40:10 AM - System Checkpoint

RP923: 2012/7/22 7:40:10 AM - Software Distribution Service 3.0

RP924: 2012/7/22 7:39:26 AM - System Checkpoint

RP925: 2012/7/22 7:40:10 AM - Software Distribution Service 3.0

RP926: 2012/7/22 7:40:10 AM - System Checkpoint

RP927: 2012/7/22 7:40:10 AM - Revo Uninstaller's restore point - Pinnacle Studio Ultimate Plugins

RP928: 2012/7/22 7:40:09 AM - Revo Uninstaller's restore point - Pinnacle Video Driver

RP929: 2012/7/22 7:40:09 AM - Removed Pinnacle Video Driver.

RP930: 2012/7/22 7:40:09 AM - Revo Uninstaller's restore point - Pinnacle Studio 14

RP931: 2012/7/22 7:40:09 AM - Revo Uninstaller's restore point - Pinnacle Studio 14

RP932: 2012/7/22 7:40:09 AM - Software Distribution Service 3.0

RP933: 2012/7/22 7:40:09 AM - Software Distribution Service 3.0

RP934: 2012/7/22 7:40:08 AM - System Checkpoint

RP935: 2012/7/22 7:40:08 AM - Software Distribution Service 3.0

RP936: 2012/7/22 7:40:08 AM - Software Distribution Service 3.0

RP937: 2012/7/22 7:40:08 AM - System Checkpoint

RP938: 2012/7/22 7:40:08 AM - Software Distribution Service 3.0

RP939: 2012/7/22 7:40:08 AM - Software Distribution Service 3.0

RP940: 2012/7/22 7:40:08 AM - Software Distribution Service 3.0

RP941: 2012/7/22 7:40:07 AM - Software Distribution Service 3.0

RP942: 2012/7/22 7:40:07 AM - Software Distribution Service 3.0

RP943: 2012/7/22 7:40:07 AM - System Checkpoint

RP944: 2012/7/22 7:40:07 AM - Software Distribution Service 3.0

RP945: 2012/7/22 7:40:07 AM - System Checkpoint

RP946: 2012/7/22 7:40:07 AM - Software Distribution Service 3.0

RP947: 2012/7/22 7:40:07 AM - Software Distribution Service 3.0

RP948: 2012/7/22 7:40:06 AM - System Checkpoint

RP949: 2012/7/22 7:40:06 AM - Software Distribution Service 3.0

RP950: 2012/7/22 7:40:06 AM - System Checkpoint

RP951: 2012/7/22 7:40:05 AM - Software Distribution Service 3.0

RP952: 2012/7/22 7:40:05 AM - System Checkpoint

RP953: 2012/7/22 7:40:05 AM - Software Distribution Service 3.0

RP954: 2012/7/22 7:40:04 AM - Software Distribution Service 3.0

RP955: 2012/7/22 7:40:04 AM - Software Distribution Service 3.0

RP956: 2012/7/22 7:40:04 AM - Software Distribution Service 3.0

RP957: 2012/7/22 7:40:04 AM - System Checkpoint

RP958: 2012/7/22 7:40:04 AM - Software Distribution Service 3.0

RP959: 2012/7/22 7:40:04 AM - Software Distribution Service 3.0

RP960: 2012/7/22 7:40:04 AM - Software Distribution Service 3.0

RP961: 2012/7/22 7:40:04 AM - System Checkpoint

RP962: 2012/7/22 7:40:03 AM - Software Distribution Service 3.0

RP963: 2012/7/22 7:40:03 AM - System Checkpoint

RP964: 2012/7/22 7:40:03 AM - Software Distribution Service 3.0

RP965: 2012/7/22 7:40:03 AM - System Checkpoint

RP966: 2012/7/22 7:40:03 AM - Software Distribution Service 3.0

RP967: 2012/7/22 7:39:26 AM - System Checkpoint

RP968: 2012/7/22 7:40:03 AM - Software Distribution Service 3.0

RP969: 2012/7/22 7:40:02 AM - Software Distribution Service 3.0

RP970: 2012/7/22 7:40:02 AM - System Checkpoint

RP971: 2012/7/22 7:40:02 AM - Software Distribution Service 3.0

RP972: 2012/7/22 7:40:02 AM - Software Distribution Service 3.0

RP973: 2012/7/22 7:40:02 AM - Software Distribution Service 3.0

RP974: 2012/7/22 7:40:01 AM - System Checkpoint

RP975: 2012/7/22 7:40:01 AM - Software Distribution Service 3.0

RP976: 2012/7/22 7:40:01 AM - Software Distribution Service 3.0

RP977: 2012/7/22 7:40:01 AM - Software Distribution Service 3.0

RP978: 2012/7/22 7:40:01 AM - System Checkpoint

RP979: 2012/7/22 7:40:00 AM - Software Distribution Service 3.0

RP980: 2012/7/22 7:40:06 AM - System Checkpoint

RP981: 2012/7/22 7:40:06 AM - Revo Uninstaller's restore point - Pinnacle Studio 14

RP982: 2012/7/22 7:40:06 AM - Revo Uninstaller's restore point - Amazon MP3 Downloader 1.0.5

RP983: 2012/7/22 7:40:06 AM - Revo Uninstaller's restore point - Free Audio Editor

RP984: 2012/7/22 7:40:05 AM - Revo Uninstaller's restore point - WavePad Sound Editor

RP985: 2012/7/22 7:40:00 AM - Software Distribution Service 3.0

RP986: 2012/7/22 7:39:26 AM - System Checkpoint

RP987: 2012/7/22 7:39:26 AM - Software Distribution Service 3.0

RP988: 2012/7/22 7:40:00 AM - System Checkpoint

RP989: 2012/7/22 7:40:00 AM - Software Distribution Service 3.0

RP990: 2012/7/22 7:40:00 AM - Software Distribution Service 3.0

RP991: 2012/7/22 7:40:00 AM - System Checkpoint

RP992: 2012/7/22 7:39:59 AM - Software Distribution Service 3.0

RP993: 2012/7/22 7:39:59 AM - System Checkpoint

RP994: 2012/7/22 7:39:59 AM - Software Distribution Service 3.0

RP995: 2012/7/22 7:39:59 AM - System Checkpoint

RP996: 2012/7/22 7:39:59 AM - Software Distribution Service 3.0

RP997: 2012/7/22 7:39:59 AM - System Checkpoint

RP998: 2012/7/22 7:39:58 AM - Software Distribution Service 3.0

RP999: 2012/7/22 7:39:58 AM - Software Distribution Service 3.0

RP1000: 2012/7/22 7:39:58 AM - Software Distribution Service 3.0

RP1001: 2012/6/1 12:07:16 PM - System Checkpoint

RP1002: 2012/6/1 3:01:18 PM - Software Distribution Service 3.0

RP1003: 2012/6/2 3:30:33 PM - System Checkpoint

RP1004: 2012/6/3 10:05:45 AM - Software Distribution Service 3.0

RP1005: 2012/6/4 10:34:06 AM - Software Distribution Service 3.0

RP1006: 2012/6/4 10:38:10 AM - Software Distribution Service 3.0

RP1007: 2012/6/5 5:53:08 PM - Software Distribution Service 3.0

RP1008: 2012/6/6 11:01:37 PM - Software Distribution Service 3.0

RP1009: 2012/6/7 11:35:53 PM - Software Distribution Service 3.0

RP1010: 2012/6/9 11:05:35 AM - Software Distribution Service 3.0

RP1011: 2012/6/10 11:42:59 AM - System Checkpoint

RP1012: 2012/6/11 8:56:06 AM - Software Distribution Service 3.0

RP1013: 2012/6/12 2:30:47 PM - Software Distribution Service 3.0

RP1014: 2012/6/12 10:00:26 PM - Software Distribution Service 3.0

RP1015: 2012/6/13 8:41:32 PM - Software Distribution Service 3.0

RP1016: 2012/6/15 10:22:21 PM - Software Distribution Service 3.0

RP1017: 2012/6/16 10:29:29 PM - Software Distribution Service 3.0

RP1018: 2012/6/17 9:48:04 AM - Software Distribution Service 3.0

RP1019: 2012/6/18 7:56:45 PM - Software Distribution Service 3.0

RP1020: 2012/6/19 11:43:26 PM - Software Distribution Service 3.0

RP1021: 2012/6/21 11:29:28 PM - Software Distribution Service 3.0

RP1022: 2012/6/23 8:44:29 AM - Software Distribution Service 3.0

RP1023: 2012/6/24 9:18:13 AM - Software Distribution Service 3.0

RP1024: 2012/6/25 10:10:19 AM - Software Distribution Service 3.0

RP1025: 2012/6/26 10:31:18 AM - System Checkpoint

RP1026: 2012/6/26 10:16:26 PM - Software Distribution Service 3.0

RP1027: 2012/6/27 10:39:56 PM - Software Distribution Service 3.0

RP1028: 2012/6/28 11:56:16 PM - Software Distribution Service 3.0

RP1029: 2012/6/30 10:31:29 AM - Software Distribution Service 3.0

RP1030: 2012/7/1 10:16:02 PM - Software Distribution Service 3.0

RP1031: 2012/7/2 10:21:32 PM - System Checkpoint

RP1032: 2012/7/3 10:11:48 PM - Software Distribution Service 3.0

RP1033: 2012/7/6 10:04:41 AM - Software Distribution Service 3.0

RP1034: 2012/7/7 11:05:57 AM - System Checkpoint

RP1035: 2012/7/7 11:20:56 PM - Software Distribution Service 3.0

RP1036: 2012/7/8 11:27:09 PM - Software Distribution Service 3.0

RP1037: 2012/7/10 8:45:37 AM - Software Distribution Service 3.0

RP1038: 2012/7/10 10:00:33 PM - Software Distribution Service 3.0

RP1039: 2012/7/12 8:19:35 AM - Software Distribution Service 3.0

RP1040: 2012/7/13 9:48:47 PM - Software Distribution Service 3.0

RP1041: 2012/7/13 9:58:57 AM - System Checkpoint

RP1042: 2012/7/15 10:10:22 PM - Software Distribution Service 3.0

RP1043: 2012/7/17 8:45:05 AM - Software Distribution Service 3.0

RP1044: 2012/7/18 10:29:56 AM - Software Distribution Service 3.0

RP1045: 2012/7/19 10:15:57 PM - Software Distribution Service 3.0

RP1046: 2012/7/20 10:54:17 PM - Software Distribution Service 3.0

RP1047: 2012/7/21 11:11:18 PM - System Checkpoint

RP1048: 2012/7/22 7:32:51 AM - Software Distribution Service 3.0

RP1049: 2012/7/24 8:17:47 AM - Software Distribution Service 3.0

RP1050: 2012/7/26 8:25:46 AM - Software Distribution Service 3.0

RP1051: 2012/7/27 11:23:59 PM - Software Distribution Service 3.0

RP1052: 2012/7/31 7:02:36 AM - Software Distribution Service 3.0

RP1053: 2012/8/1 10:27:09 AM - Software Distribution Service 3.0

RP1054: 2012/8/2 12:52:08 PM - Software Distribution Service 3.0

RP1055: 2012/8/3 2:14:01 PM - System Checkpoint

RP1056: 2012/8/4 8:52:33 AM - Software Distribution Service 3.0

RP1057: 2000/8/4 11:42:05 AM - System Checkpoint

RP1058: 2012/8/5 9:38:39 AM - System Checkpoint

RP1059: 2012/8/5 9:48:24 AM - Software Distribution Service 3.0

RP1060: 2012/8/6 11:36:10 AM - Software Distribution Service 3.0

RP1061: 2012/8/7 11:55:40 AM - System Checkpoint

RP1062: 2012/8/8 8:33:31 AM - Software Distribution Service 3.0

RP1063: 2012/8/9 9:19:46 AM - Software Distribution Service 3.0

RP1064: 2012/8/10 11:10:37 AM - System Checkpoint

RP1065: 2012/8/11 9:44:02 AM - Software Distribution Service 3.0

RP1066: 2012/8/12 3:13:17 PM - Software Distribution Service 3.0

RP1067: 2012/8/13 4:51:43 PM - System Checkpoint

RP1068: 2012/8/14 9:12:22 AM - Software Distribution Service 3.0

RP1069: 2012/8/15 9:21:49 AM - Software Distribution Service 3.0

RP1070: 2012/8/15 9:43:22 AM - Software Distribution Service 3.0

RP1071: 2012/8/17 10:01:06 AM - Software Distribution Service 3.0

RP1072: 2012/8/18 10:06:02 AM - System Checkpoint

RP1073: 2012/8/19 7:05:51 PM - Software Distribution Service 3.0

RP1074: 2012/8/21 9:37:07 PM - Logitech Camera Driver Install

RP1075: 2012/8/22 10:54:39 PM - Software Distribution Service 3.0

.

==== Installed Programs ======================

.

.

"Nero SoundTrax Help

1Click DVD Copy 5.0.2.9

7-Zip 4.65

ACDSee 8

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.4)

Advertising Center

Any Video Converter 3.3.4

Audacity 1.2.6

Auslogics Duplicate File Finder

BETV 1.6.0.7

Canon Easy-PhotoPrint EX

Canon IJ Network Tool

Canon MP Navigator EX 4.0

Canon MP495 series MP Drivers

Canon MP495 series User Registration

Canon My Printer

Canon Solution Menu EX

CCleaner

Chinese (Traditional) Language Support

Compatibility Pack for the 2007 Office system

Cookienator

CopyToDVD

DolbyFiles

DVD43 v4.6.0

eReg

ffdshow

Firebird SQL Server - MAGIX Edition (US)

Google Chrome

Google Earth Plug-in

Google Update Helper

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB942288-v3)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

ImagXpress

InCD Help

Intel® PRO Network Adapters and Drivers

Iomega QuikProtect

Java Auto Updater

Java 6 Update 29

Knoll Light Factory EZ Studio

Logitech QuickCam

Logitech SetPoint 6.15

Logitech® Camera ÅX°Êµ{¦¡

Malwarebytes Anti-Malware version 1.62.0.1300

Menu Templates - Starter Kit

Meritline EZ Label Xpress 3.5 Lite

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2656353)

Microsoft .NET Framework 1.1 Security Update (KB2656370)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Application Error Reporting

Microsoft Chinese Date & Time

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Kernel-Mode Driver Framework Feature Pack 1.9

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Professional Plus 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft Software Update for Web Folders (English) 12

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Windows Journal Viewer

Microsoft Windows XP Video Decoder Checkup Utility

Microsoft XML Parser

Microsoft_VC80_ATL_x86

Microsoft_VC80_CRT_x86

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFCLOC_x86

Microsoft_VC90_ATL_x86

Microsoft_VC90_CRT_x86

Microsoft_VC90_MFC_x86

Movie Templates - Starter Kit

Mozilla Firefox 14.0.1 (x86 en-US)

Mozilla Maintenance Service

MozyHome

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MVision

NCH Toolbox

Nero 9

Nero Burning ROM Help

Nero BurnRights

Nero BurnRights Help

Nero ControlCenter

Nero CoverDesigner

Nero CoverDesigner Help

Nero DiscSpeed

Nero DiscSpeed Help

Nero DriveSpeed

Nero DriveSpeed Help

Nero Express Help

Nero InfoTool

Nero InfoTool Help

Nero Installer

Nero Live

Nero Live Help

Nero PhotoSnap

Nero PhotoSnap Help

Nero Recode

Nero Recode Help

Nero Rescue Agent

Nero RescueAgent Help

Nero ShowTime

Nero StartSmart

Nero StartSmart Help

Nero Vision

Nero Vision Help

Nero WaveEditor

Nero WaveEditor Help

NeroBurningROM

NeroExpress

NeroLiveGadget

NeroLiveGadget Help

neroxml

NVIDIA Drivers

Office Tab Free Edition 8.00

Pdf995

Penpower Jr.

Picasa 3

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

RealUpgrade 1.1

Revo Uninstaller 1.92

SanDiskSecureAccess_Manager.exe

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition

Security Update for Microsoft Windows (KB2564958)

Security Update for Step By Step Interactive Training (KB923723)

Security Update for Windows Internet Explorer 8 (KB2183461)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB2416400)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2530548)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2559049)

Security Update for Windows Internet Explorer 8 (KB2586448)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB2647516)

Security Update for Windows Internet Explorer 8 (KB2675157)

Security Update for Windows Internet Explorer 8 (KB2699988)

Security Update for Windows Internet Explorer 8 (KB2722913)

Security Update for Windows Internet Explorer 8 (KB976325)

Security Update for Windows Internet Explorer 8 (KB978207)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 10 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2621440)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB2641653)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2647518)

Security Update for Windows XP (KB2653956)

Security Update for Windows XP (KB2655992)

Security Update for Windows XP (KB2659262)

Security Update for Windows XP (KB2660465)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB2676562)

Security Update for Windows XP (KB2685939)

Security Update for Windows XP (KB2686509)

Security Update for Windows XP (KB2691442)

Security Update for Windows XP (KB2695962)

Security Update for Windows XP (KB2698365)

Security Update for Windows XP (KB2705219)

Security Update for Windows XP (KB2707511)

Security Update for Windows XP (KB2709162)

Security Update for Windows XP (KB2712808)

Security Update for Windows XP (KB2718523)

Security Update for Windows XP (KB2719985)

Security Update for Windows XP (KB2723135)

Security Update for Windows XP (KB2731847)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371-v2)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974455)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

Skype? 5.10

Sony DVD Architect Studio 4.5

SoundTrax

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687400) 32-Bit Edition

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB978506)

Update for Windows Internet Explorer 8 (KB980182)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2492386)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2607712)

Update for Windows XP (KB2616676)

Update for Windows XP (KB2641690)

Update for Windows XP (KB2718704)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

Vegas Movie Studio 9.0

VLC media player 1.1.11

WebFldrs XP

Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 8

Windows Media Format 11 runtime

Windows Media Player 11

Windows PowerShell 1.0

Windows XP Service Pack 3

XP Codec Pack

Yahoo! Software Update

Yahoo! Toolbar

.

==== Event Viewer Messages From Past Week ========

.

2012/8/22 5:52:07 PM, error: BROWSER [8019] - The browser was unable to promote itself to master browser. The browser will continue to attempt to promote itself to the master browser, but will no longer log any events in the event log in Event Viewer.

2012/8/19 9:01:04 PM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer DELLFROMYC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{28982DB9-15B5-4F6. The master browser is stopping or an election is being forced.

2012/8/19 7:14:24 PM, error: BROWSER [8009] - The browser was unable to promote itself to master browser. The computer that currently believes it is the master browser is DELLFROMYC.

2012/8/19 6:53:44 PM, error: NetBT [4321] - The name "CHAPTER 8 :1d" could not be registered on the Interface with IP address 192.168.1.2. The machine with the IP address 192.168.1.4 did not allow the name to be claimed by this machine.

2012/8/18 11:15:23 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service Nero BackItUp Scheduler 4.0 with arguments "-Service" in order to run the server: {35212119-C615-4CD0-8DA5-7D7F19FBA1B8}

.

==== End Of File ===========================

Edited by Maurice Naggar

Share this post


Link to post
Share on other sites

Hello planoguy,

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

Set Windows to show all files and all folders.

On your Desktop, double click My Computer, from the menu options, select tools, then Folder Options, and then select VIEW Tab and look at all of settings listed.

"CHECK" (turn on) Display the contents of system folders.

Under column, Hidden files and folders----choose ( *select* ) Show hidden files and folders.

Next, un-check Hide extensions for known file types.

Next un-check Hide protected operating system files.

Step 3

Download Random's System Information Tool (RSIT) by random/random from here and save it to your desktop.

  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Step 4

Download Security Check by screen317 and save it to your Desktop: here or here

  • Run Security Check
  • Follow the onscreen instructions inside of the command window.
  • A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!

Step 5
Close all open browsers at this point.
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
Do NOT turn off the firewall
Start Internet Explorer
Using Internet Explorer browser only, go to BitDefender Quickscan website:
http://quickscan.bitdefender.com
and click "Start Scan".
Observe your browser in case it shows a notice/message bar to allow download and installation of a tool.
Allow the download and install of qsax.cab from BitDefender. Right-click the IE info bar and select Install to install the BitDefender quick scan module.
If prompted, reply yes to allow it to run.
Press the Allow button and follow prompts.
Press the "Start Scan" once more.
You'll see the EULA in a pop-up window. Click the I accept & then the OK button
Note: The FAQ is here --> http://quickscan.bitdefender.com/faq/
and that QuickScan has no removal capability.
The site boasts a 60-second scan. Do have patience as it likely will take longer.
It may seem to stall at moments, but have patience; it will move on.
You'll see a progress bar at top right of window.
Hopefully you will see a No infections found in the bar-winddow. Press the View Log button.
The log report will show in your text editor. Save the log.
Do a Select ALL, Copy. Then paste contents into your next reply.
Step 6
  • Download & SAVE to your Desktop >> Tigzy's RogueKillerfrom here << or
    >> from here <<
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
    For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Click on Scan.
  • Click on Report and copy/paste the content of the notepad into your next reply.

Step 7

RE-Enable your antivirus program.

Copy & Paste contents of Log.txt & Info.txt & Checkup.txt & log from Bitdefender & RogueKiller log.

Use separate replies as needed if logs do not fit into one reply box.

Share this post


Link to post
Share on other sites

ID: 3   Posted (edited)

Hi Maurice

Thanks for your help. Run thru 7 steps and here are the reports

Logfile of random's system information tool 1.09 (written by random/random)

Run by Frank Liu at 2012-08-23 10:01:17

Microsoft Windows XP Home Edition Service Pack 3

System drive C: has 97 GB (64%) free of 153 GB

Total RAM: 1471 MB (37% free)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 10:01:23 AM, on 2012/8/23

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\MozyHome\mozybackup.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Iomega\QuikProtect\QpMonitor.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\program files\real\realplayer\update\realsched.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Iomega\QuikProtect\QuikProtect.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\WINDOWS\system32\conime.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\Frank Liu\Desktop\RSIT.exe

C:\Program Files\trend micro\Frank Liu.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [QuiKProtect] C:\Program Files\Iomega\QuikProtect\StartQuikProtect.exe

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: http://update.microsoft.com

O15 - Trusted Zone: http://windowsupdate.microsoft.com

O15 - Trusted Zone: http://my.yahoo.com

O15 - ESC Trusted Zone: http://*.update.microsoft.com

O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/Dcode/ActiveX/MSDcode.cab

O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} (UploadListView Class) - http://picasaweb.google.com/s/v/69.10/uploader2.cab

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} (Photo Upload Plugin Class) - http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab

O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} (Photo Upload Plugin Class) - http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/3,0,0,5985/mcfscan.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIXR - C:\MAGIX\Common\Database\bin\fbserver.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: MozyHome Backup Service (mozybackup) - Mozy, Inc. - C:\Program Files\MozyHome\mozybackup.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: QPCopyEngine - Unknown owner - C:\Program Files\Iomega\QuikProtect\QpMonitor.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--

End of file - 7626 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cd54de10e0c010.job

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-917075022-3912106595-2679439203-1006Core.job

C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job

C:\WINDOWS\tasks\MpIdleTask.job

C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-917075022-3912106595-2679439203-1006.job

C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-917075022-3912106595-2679439203-1006.job

C:\WINDOWS\tasks\User_Feed_Synchronization-{12E6D780-BBA6-4A53-9EDB-E778FFB2ECF0}.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Frank Liu\Application Data\Mozilla\Firefox\Profiles\bqdxhci7.default

prefs.js - "browser.startup.homepage" - "http://my.yahoo.com/"

Edited by Maurice Naggar

Share this post


Link to post
Share on other sites

@Planoguy

The RSIT log looks short.

I cannot tell if you ran the other steps that I outlined. Tell me which you completed.

and

I doubt you had the time yet to complete the BitDefender scan.

BE AWARE:

Use only NOTEPAD to Copy ALL Lines of report(s) and then to Paste all into each reply.

In NOTEPAD make sure you have turned off Word wrap.

Share this post


Link to post
Share on other sites

Thanks for your quick reponse.

I run first 4 steps with three reports log.txt, info.txt and checkup.txt as follows. Will now run step 5 and attach additional reports in next reply.

Logfile of random's system information tool 1.09 (written by random/random)

Run by Frank Liu at 2012-08-23 14:21:03

Microsoft Windows XP Home Edition Service Pack 3

System drive C: has 97 GB (64%) free of 153 GB

Total RAM: 1471 MB (45% free)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 2:21:09 PM, on 2012/8/23

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\MozyHome\mozybackup.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Iomega\QuikProtect\QpMonitor.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\program files\real\realplayer\update\realsched.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\WINDOWS\system32\conime.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Iomega\QuikProtect\QuikProtect.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Frank Liu\Desktop\chrome\RSIT.exe

C:\Program Files\trend micro\Frank Liu.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [QuiKProtect] C:\Program Files\Iomega\QuikProtect\StartQuikProtect.exe

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: http://update.microsoft.com

O15 - Trusted Zone: http://windowsupdate.microsoft.com

O15 - Trusted Zone: http://my.yahoo.com

O15 - ESC Trusted Zone: http://*.update.microsoft.com

O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/Dcode/ActiveX/MSDcode.cab

O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} (UploadListView Class) - http://picasaweb.google.com/s/v/69.10/uploader2.cab

O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} (Bitdefender QuickScan Control) - http://quickscan.bitdefender.com/qsax/qsax.cab

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} (Photo Upload Plugin Class) - http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab

O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} (Photo Upload Plugin Class) - http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/3,0,0,5985/mcfscan.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIXR - C:\MAGIX\Common\Database\bin\fbserver.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: MozyHome Backup Service (mozybackup) - Mozy, Inc. - C:\Program Files\MozyHome\mozybackup.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: QPCopyEngine - Unknown owner - C:\Program Files\Iomega\QuikProtect\QpMonitor.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--

End of file - 7731 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cd54de10e0c010.job

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-917075022-3912106595-2679439203-1006Core.job

C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job

C:\WINDOWS\tasks\MpIdleTask.job

C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-917075022-3912106595-2679439203-1006.job

C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-917075022-3912106595-2679439203-1006.job

C:\WINDOWS\tasks\User_Feed_Synchronization-{12E6D780-BBA6-4A53-9EDB-E778FFB2ECF0}.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Frank Liu\Application Data\Mozilla\Firefox\Profiles\bqdxhci7.default

prefs.js - "browser.startup.homepage" - "http://my.yahoo.com/"<p>"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

"

Share this post


Link to post
Share on other sites

Here is the start of step 5 thru 7

QuickScan 32-bit v0.9.9.118

---------------------------

Scan date: Thu Aug 23 14:44:58 2012

Machine ID: 5C71CD09

No infection found.

-------------------

Processes

---------

Microsoft® Windows® Operating System 9640 C:\WINDOWS\system32\notepad.exe

(verified) Google Update 568 C:\Program Files\Google\Update\GoogleUpdate.exe

(verified) Java Platform SE 6 U29 560 C:\Program Files\Java\jre6\bin\jqs.exe

(verified) Logitech QuickCam 616 C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

(verified) Logitech QuickCam 2908 C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

(verified) Logitech QuickCam 1616 C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

(verified) Malwarebytes Anti-Malware 348 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

(verified) Microsoft Malware Protection 1100 C:\Program Files\Microsoft Security Client\MsMpEng.exe

(verified) Microsoft Security Client 148 C:\Program Files\Microsoft Security Client\msseces.exe

(verified) Microsoft® Windows® Operating System 1684 C:\WINDOWS\explorer.exe

(verified) Microsoft® Windows® Operating System 1764 C:\WINDOWS\system32\alg.exe

(verified) Microsoft® Windows® Operating System 3488 C:\WINDOWS\system32\conime.exe

(verified) Microsoft® Windows® Operating System 684 C:\WINDOWS\system32\csrss.exe

(verified) Microsoft® Windows® Operating System 1712 C:\WINDOWS\system32\ctfmon.exe

(verified) Microsoft® Windows® Operating System 768 C:\WINDOWS\system32\lsass.exe

(verified) Microsoft® Windows® Operating System 756 C:\WINDOWS\system32\services.exe

(verified) Microsoft® Windows® Operating System 400 C:\WINDOWS\system32\smss.exe

(verified) Microsoft® Windows® Operating System 1584 C:\WINDOWS\system32\spoolsv.exe

(verified) Microsoft® Windows® Operating System 232 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 464 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 1140 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 1232 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 1396 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 1000 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 936 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 712 C:\WINDOWS\system32\winlogon.exe

(verified) Microsoft® Windows® Operating System 9712 C:\WINDOWS\system32\wscntfy.exe

(verified) MozyHome 672 C:\Program Files\MozyHome\mozybackup.exe

(verified) NVIDIA Driver Helper Service, Version 7 688 C:\WINDOWS\system32\nvsvc32.exe

(verified) Quik Protect (x32) 1804 C:\Program Files\Iomega\QuikProtect\QpMonitor.exe

(verified) QuikProtect 7364 C:\Program Files\Iomega\QuikProtect\QuikProtect.exe

(verified) RealPlayer (32-bit) 160 C:\Program Files\real\realplayer\Update\realsched.exe

(verified) Skype 636 C:\Program Files\Skype\Phone\Skype.exe

(verified) Windows® Internet Explorer 3520 C:\Program Files\Internet Explorer\iexplore.exe

(verified) Windows® Internet Explorer 6252 C:\Program Files\Internet Explorer\iexplore.exe

(verified) Windows® Internet Explorer 8360 C:\Program Files\Internet Explorer\iexplore.exe

Network activity

----------------

Process Skype.exe (636) connected on port 40008 --> 157.55.130.162

Process Skype.exe (636) connected on port 443 (HTTP over SSL) --> 64.4.44.29

Process Skype.exe (636) connected on port 12350 --> 78.141.179.15

Process iexplore.exe (8360) connected on port 80 (HTTP) --> 74.125.227.41

Process iexplore.exe (8360) connected on port 80 (HTTP) --> 74.125.227.45

Process iexplore.exe (8360) connected on port 80 (HTTP) --> 74.125.227.49

Process iexplore.exe (8360) connected on port 80 (HTTP) --> 74.125.227.57

Process Skype.exe (636) listens on ports: 80 (HTTP), 62825

Process svchost.exe (1000) listens on ports: 135 (RPC)

Autoruns and critical files

---------------------------

(verified) Adobe Reader and Acrobat Manager C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

(verified) Adobe® Flash® Player Update Service C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

(verified) Google Update C:\Documents and Settings\Frank Liu\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

(verified) Google Update C:\Program Files\Google\Update\GoogleUpdate.exe

(verified) Logitech SetPoint c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

(verified) Malwarebytes Anti-Malware C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

(verified) Microsoft Malware Protection C:\Program Files\Microsoft Security Client\MpCmdRun.exe

(verified) Microsoft Security Client C:\Program Files\Microsoft Security Client\msseces.exe

(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\BROWSEUI.dll

(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\CRYPT32.dll

(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll

(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\cscdll.dll

(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\ctfmon.exe

(verified) Microsoft® Windows® Operating System C:\WINDOWS\System32\dimsntfy.dll

(verified) Microsoft® Windows® Operating System C:\WINDOWS\System32\logon.scr

(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\logonui.exe

(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\sclgntfy.dll

(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\SHELL32.dll

(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\stobject.dll

(verified) Microsoft® Windows® Operating System c:\windows\system32\userinit.exe

(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\WlNotify.dll

(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\WPDShServiceObj.dll

(verified) NVIDIA Compatible Windows 2000 Display C:\WINDOWS\system32\nvcpl.dll

(verified) RealPlayer (32-bit) C:\Program Files\real\realplayer\Update\realsched.exe

(verified) RealUpgrade C:\Program Files\Real\RealUpgrade\realupgrade.exe

(verified) Skype C:\Program Files\Skype\Phone\Skype.exe

(verified) startQuikProtect C:\Program Files\Iomega\QuikProtect\StartQuikProtect.exe

(verified) Windows® Internet Explorer C:\WINDOWS\system32\msfeedssync.exe

(verified) Windows® Internet Explorer C:\WINDOWS\system32\webcheck.dll

Browser plugins

---------------

(unsigned) Google Earth Plugin C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

(unsigned) Java Platform SE 6 U29 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

(unsigned) RealJukebox NS Plugin C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll

(unsigned) RealJukebox NS Plugin c:\program files\real\realplayer\Netscape6\nprjplug.dll

(unsigned) RealNetworks Chrome Background Exte C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

(unsigned) RealPlayer HTML5VideoShim Plug-In ( C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

(verified) 2007 Microsoft Office system C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL

(verified) AcroIEHelperShim Library c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll

(verified) Adobe Acrobat C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

(verified) Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll

(verified) Adobe Acrobat C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll

(verified) Bitdefender QuickScan C:\WINDOWS\Downloaded Program Files\qsax.dll

(verified) CANON iMAGE GATEWAY Album Plugin Utilit C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL

(verified) Flash® Player Installer/Uninstaller C:\WINDOWS\Downloaded Program Files\CONFLICT.1\FP_AX_CAB_INSTALLER.exe

(verified) Flash® Player Installer/Uninstaller C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe

(verified) Google Update C:\Documents and Settings\Frank Liu\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll

(verified) Google Update C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll

(verified) Java Deployment Toolkit 6.0.290.11 C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

(verified) Java Platform SE 6 U29 C:\Program Files\Java\jre6\bin\jp2ssv.dll

(verified) Java Platform SE 6 U29 C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

(verified) Messenger C:\Program Files\Messenger\msmsgs.exe

(verified) Microsoft® Windows® Operating System C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

(verified) Microsoft® Windows® Operating System C:\WINDOWS\System32\mswsock.dll

(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll

(verified) Microsoft® Windows® Operating System C:\WINDOWS\System32\winrnr.dll

(verified) NPSWF32_11_3_300_257.dll C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll

(verified) Photo Uploader C:\WINDOWS\Downloaded Program Files\UploaderX.dll

(verified) PhotoCenter Active X control C:\WINDOWS\Downloaded Program Files\Photochannel.dll

(verified) Picasa C:\Program Files\Google\Picasa3\npPicasa3.dll

(verified) RealPlayer Download and Record Plugin C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

(verified) RealPlayer Download Plugin C:\Program Files\Mozilla Firefox\plugins\nprpplugin.dll

(verified) RealPlayer Download Plugin c:\program files\real\realplayer\Netscape6\nprpplugin.dll

(verified) RealPlayer G2 LiveConnect-Enabled P C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll

(verified) RealPlayer G2 LiveConnect-Enabled P c:\program files\real\realplayer\Netscape6\nppl3260.dll

(verified) Silverlight Plug-In C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll

(verified) Windows Presentation Foundation C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

(verified) Windows® Internet Explorer C:\WINDOWS\system32\ieframe.dll

(verified) Yahoo! Toolbar c:\program files\yahoo!\companion\installs\cpn0\yt.dll

Scan

----

MD5: e670ce1a52782d364156056ed28d2161 C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchrome150browserrecordhelper.dll

MD5: 10737b44923217bc0e67d26a9fc1f0aa C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

MD5: 2645990c521342dcd08963d2df6cd0d2 C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

MD5: 167d24a045499ebef438f231976158df C:\MAGIX\Common\Database\bin\fbserver.exe

MD5: 2437be68d5a37a75fad51c5f0e9a03ed C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

MD5: 1e96525ae85d402f9f8047f8caef5f06 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

MD5: 90492e00ee4c916123bec5d267894e8c C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll

MD5: ca6f7021f560fc9ee7b7471795aa628f C:\Program Files\MozyHome\LIBEAY32.dll

MD5: a14a07c8e27e4e4c13f251d76b65e98e C:\Program Files\MozyHome\SSLEAY32.dll

MD5: 90492e00ee4c916123bec5d267894e8c c:\program files\real\realplayer\Netscape6\nprjplug.dll

MD5: f835d707a2756f3ac756331dc2e5fde2 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\016444dfc5f7e3d11c776f2fbc7a4594\Accessibility.ni.dll

MD5: 2f0539bff032d35ba47c341a988be1ff C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\359fd69eb60e9844ffd497e92345178c\Microsoft.VisualBasic.ni.dll

MD5: dec7885b2ef0966ea285c9a40e7afba4 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll

MD5: 1d52bcaf65ec439c735ed109431d1c09 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll

MD5: c05a4d494c3096782f80cfdf7f4aefa8 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll

MD5: 397d3ef4842d6454fa68218438165a5d C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\9080c8e8e7b6dfb502c1328673d636f8\System.Management.ni.dll

MD5: b7a48556eb302cd02a725d2d425f2d0c C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll

MD5: a7e9d45b18a13dc18e3c0311d1cf620f C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll

MD5: 8563f5a4f6342ba64e7c398f7efcc350 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll

MD5: 72cadf7ee0722dae4a6b98eefeac06bc C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll

MD5: 0607cbc6fa20114cb491efe4b2f9efad C:\WINDOWS\system32\d3d9.dll

MD5: bb8dc530b88f47dd2a37915480aa6cd2 C:\WINDOWS\system32\dshowext.ax

MD5: f1941197a42f9f373cc70042fc82c950 C:\WINDOWS\system32\ksproxy.ax

MD5: c9ef69b25dfa1c0e7932cb02fb8a7e91 C:\WINDOWS\system32\kswdmcap.ax

MD5: 76848cb1aa5818db47d5f5986e0a7485 C:\WINDOWS\system32\MFC42.DLL

MD5: 5e28284f9b5f9097640d58a73d38ad4c C:\WINDOWS\system32\notepad.exe

MD5: d0049860b63dd87a73a5d165c829c65f C:\WINDOWS\system32\T2EMBED.DLL

MD5: 94ba90c6af5c50ff5f7a6392514c4642 C:\WINDOWS\system32\vidcap.ax

MD5: 9eefe69139fdbb4a3c327630f8eb993a C:\WINDOWS\system32\wlanapi.dll

MD5: 18473f44d6de85c8cb4e70f503c5ea64 C:\WINDOWS\System32\xactsrv.dll

MD5: 1f5afd468eb5e09e9ed75a087529eab5 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\MFC80.DLL

MD5: 28a09777d2d952122567a8a82f1a2c7b C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\MFC80ENU.DLL

No file uploaded.

Scan finished - communication took 1 sec

Total traffic - 0.00 MB sent, 0.14 KB recvd

Scanned 628 files and modules - 127 seconds

==============================================================================

Step 6

RogueKiller V7.6.6 [08/10/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User: Frank Liu [Admin rights]

Mode: Scan -- Date: 08/23/2012 14:51:12

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 1 ¤¤¤

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG SP1604N +++++

--- User ---

[MBR] 62f07d074c1ea5a4720fffc1fdfa7219

[bSP] 709a9d4529d10caafc13093f815046ab : Standard MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152617 Mo

Error reading LL1 MBR!

Error reading LL2 MBR!

+++++ PhysicalDrive1: ST3400620A +++++

--- User ---

[MBR] da750aa383971399d9e72eebdb803397

[bSP] ab891c45853e9ceb9a74972a00a05374 : Windows XP MBR Code

Partition table:

0 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 1008 | Size: 190720 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 390595968 | Size: 190831 Mo

Error reading LL1 MBR!

Error reading LL2 MBR!

+++++ PhysicalDrive2: SAMSUNG HD103SI USB Device +++++

--- User ---

[MBR] 7435b395373533bcd39085cd12602a0e

[bSP] 3a263ec662f61a27d74cd7a536bc3337 : TestDisk MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 953867 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

Finished : << RKreport[1].txt >>

RKreport[1].txt

Should have all txt files as you mentioned. Please kindly let me know if anything needed. Thank you again for your help.

Planoguy

Share this post


Link to post
Share on other sites

These steps are for planoguy only. If you are a casual viewer, do NOT try this on your system!

If you are not planoguy and have a similar problem, do NOT post here; start your own topic

The fixes in this Topic are for this system only! Do not apply the fix-instructions from this topic to any other system!

You will want to print out or copy these instructions to Notepad for Safe offline reference!

Let's have you do the following:

Step 1

Disable CD-ROM Emulation Software:

Please download the following tool DeFogger to your desktop.

◦Double click DeFogger to run the tool.

◦The application window will appear

◦Click the Disable button to disable your CD Emulation drivers.

◦Click Yes to continue

◦A 'Finished!' message will appear

◦Click OK

◦DeFogger will now ask to reboot the machine - click OK

◦IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

◦Do not re-enable these drivers until otherwise instructed.

Step 2

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Please download Rkill by Grinler and save it to your desktop.


Link 2
Link 3
Link 4
Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7, right-click on it and Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
If the tool does not run from any of the links provided, please let me know.
If your antivirus program gives a prompt message, respond positive to allow RKILL to run.
If a malware-rogue gives a message regarding RKILL, proceed forward to running RKILL

IF you still have a problem running RKILL, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.

Step 3

Logoff and Restart the system fresh.

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

If you have a prior copy of Combofix, delete it now !

Have infinite patience during the run & scan by Combofix. It has many phases: some 50+ stages

It will display it's "stage" within the Command prompt window. Do NOT panic if it seems slow to change ! It has lots of work.

You may notice the desktop icons disappear. Do NOT panic, as that is expected behavior.

Combofix my take as little as 10 minutes and perhaps as much as 30-40 minutes. Time taken will depend on speed of your system and how much there is to scan & how much it needs to clean.

If this is on a notebook system, make sure first the notebook is connected to wall-power (AC power)

Download Combofix from any of the links below. You must rename it before saving it. Save it to your Desktop.

Link 1

Link 2

CF_download_FF.gif

CF_download_rename.gif

* IMPORTANT !!! SAVE AS Combo-Fix.exe to your Desktop

If your I.E. browser shows a warning message at the top, do a Right-Click on the bar and select Download, saving it to the Desktop.

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on Combo-Fix.exe cf-icon.jpg accept the EULA & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

Please watch Combofix as it runs, as you may see messages which require your response, or the pressing of OK button.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

-------------------------------------------------------

A caution - Do not run Combofix more than once.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.

Notes:

[1] IF after Combofix reboot you get the message

Illegal operation attempted on registry key that has been marked for deletion

....please reboot the computer, this should resolve the problem. You may have reboot the pc a second time if needed.

[2] Do not mouseclick combofix's window nor run any program while Combofix is running.

That may cause it to stall.

[3]When all done, IF Combofix did not do a Restart...then ... I need for you to Restart the system fresh !

Reply & attach the C:\Combofix.txt log and tell me, How is the system now :excl:

RE-Enable your AntiVirus and AntiSpyware applications.

Share this post


Link to post
Share on other sites

Hi Maurice

I run through all the steps but the problem is still there. Google Chrome can not be started. I tried to attach Combofix log but got an error msg saying that the file is too long. I will send you the log file in four separate posts.

First one

ComboFix 12-08-24.01 - Frank Liu /08/24 Fri 9:34.5.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.950.886.1033.18.1471.917 [GMT -5:00]

執行位置: c:\documents and settings\Frank Liu\Desktop\Combo-Fix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

.

((((((((((((((((((((((((((((((((((((((( Deleted Files )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\TEMP

c:\documents and settings\All Users\Tempmozy-autoupdate-82af9a609219353256cb533e636b9416.exe

c:\documents and settings\Frank Liu\GoToAssistDownloadHelper.exe

c:\documents and settings\Frank Liu\My Documents\~WRL0003.tmp

c:\documents and settings\Frank Liu\WINDOWS

c:\windows\system32\OLD3E1.tmp

c:\windows\system32\OLD3E4.tmp

c:\windows\system32\OLD411.tmp

c:\windows\system32\OLD41C.tmp

c:\windows\system32\OLD5A3.tmp

c:\windows\system32\OLD63F.tmp

c:\windows\system32\OLD642.tmp

c:\windows\system32\OLD7A4.tmp

c:\windows\system32\OLD7A7.tmp

c:\windows\system32\OLD7AA.tmp

c:\windows\system32\OLD7AD.tmp

c:\windows\system32\OLD7B0.tmp

c:\windows\system32\OLD7B3.tmp

c:\windows\system32\OLD7BA.tmp

c:\windows\system32\OLD83B.tmp

c:\windows\system32\OLD88D.tmp

c:\windows\system32\OLD890.tmp

c:\windows\system32\OLD893.tmp

c:\windows\system32\OLD896.tmp

c:\windows\system32\OLD89C.tmp

c:\windows\system32\OLD8A1.tmp

c:\windows\system32\OLD8AA.tmp

c:\windows\system32\OLD942.tmp

c:\windows\system32\OLDAA4.tmp

c:\windows\system32\OLDB38.tmp

c:\windows\system32\SET144.tmp

c:\windows\system32\SET145.tmp

c:\windows\system32\SET146.tmp

c:\windows\system32\SET182.tmp

c:\windows\system32\SET183.tmp

c:\windows\system32\SET184.tmp

c:\windows\system32\SET185.tmp

c:\windows\system32\SET186.tmp

c:\windows\system32\SET187.tmp

c:\windows\system32\SET188.tmp

c:\windows\system32\SET189.tmp

c:\windows\system32\SET18A.tmp

c:\windows\system32\SET18B.tmp

c:\windows\system32\SET18C.tmp

c:\windows\system32\SET18D.tmp

c:\windows\system32\SET18E.tmp

c:\windows\system32\SET18F.tmp

c:\windows\system32\SET191.tmp

c:\windows\system32\SET192.tmp

c:\windows\system32\SET193.tmp

c:\windows\system32\SET194.tmp

c:\windows\system32\SET195.tmp

c:\windows\system32\SET196.tmp

c:\windows\system32\SET197.tmp

c:\windows\system32\SET198.tmp

c:\windows\system32\SET199.tmp

c:\windows\system32\SET19A.tmp

c:\windows\system32\SET19B.tmp

c:\windows\system32\SET19C.tmp

c:\windows\system32\SET19D.tmp

c:\windows\system32\SET19E.tmp

c:\windows\system32\SET19F.tmp

c:\windows\system32\SET1A0.tmp

c:\windows\system32\SET1A1.tmp

c:\windows\system32\SET1A2.tmp

c:\windows\system32\SET1A3.tmp

c:\windows\system32\SET1A4.tmp

c:\windows\system32\SET1A5.tmp

c:\windows\system32\SET1A6.tmp

c:\windows\system32\SET75.tmp

c:\windows\system32\SET78.tmp

c:\windows\system32\SET84.tmp

c:\windows\system32\SET86.tmp

c:\windows\system32\SETD6.tmp

c:\windows\system32\SETD7.tmp

c:\windows\system32\SETD9.tmp

c:\windows\system32\SETDA.tmp

c:\windows\system32\SETDB.tmp

c:\windows\system32\SETDF.tmp

c:\windows\system32\SETE0.tmp

c:\windows\system32\SETE1.tmp

c:\windows\system32\SETE6.tmp

c:\windows\system32\SETE7.tmp

c:\windows\system32\SETEA.tmp

c:\windows\system32\SETEB.tmp

c:\windows\system32\SETEC.tmp

c:\windows\system32\SETF0.tmp

c:\windows\system32\SETF3.tmp

c:\windows\system32\SETF4.tmp

c:\windows\system32\SETF5.tmp

c:\windows\system32\SETF6.tmp

c:\windows\system32\SETF7.tmp

c:\windows\system32\SETF9.tmp

c:\windows\system32\SETFA.tmp

c:\windows\system32\SETFB.tmp

c:\windows\system32\SETFD.tmp

c:\windows\system32\SETFE.tmp

c:\windows\system32\SETFF.tmp

c:\windows\system32\URTTemp

c:\windows\system32\URTTemp\fusion.dll

c:\windows\system32\URTTemp\mscoree.dll

c:\windows\system32\URTTemp\mscoree.dll.local

c:\windows\system32\URTTemp\mscorsn.dll

c:\windows\system32\URTTemp\mscorwks.dll

c:\windows\system32\URTTemp\msvcr71.dll

c:\windows\system32\URTTemp\regtlib.exe

.

.

((((((((((((((((((((((((( 2012-07-24 to 2012-08-24 New Files )))))))))))))))))))))))))))))))

.

.

2012-08-24 13:55 . 2012-08-01 22:51 7023536 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BEC52919-918D-4E35-847D-C3EDE77D7E1B}\mpengine.dll

2012-08-23 19:54 . 2012-08-01 22:51 7023536 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-08-23 19:21 . 2012-08-23 19:21 -------- d-----w- C:\rsit

2012-08-23 15:16 . 2012-08-23 19:44 -------- d-----w- c:\documents and settings\Frank Liu\Application Data\QuickScan

2012-08-23 14:59 . 2012-08-23 19:21 -------- d-----w- c:\program files\trend micro

2012-08-23 14:55 . 2012-08-23 14:55 -------- d-----w- c:\program files\ERUNT

2012-08-22 02:46 . 2012-08-24 14:27 -------- d-----w- c:\documents and settings\Frank Liu\Application Data\Skype

2012-08-22 02:46 . 2012-08-22 02:46 -------- d-----w- c:\program files\Common Files\Skype

2012-08-22 02:46 . 2012-08-22 02:46 -------- d-----r- c:\program files\Skype

2012-08-22 02:46 . 2012-08-22 02:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype

2012-08-22 02:39 . 2008-04-13 17:45 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys

2012-08-22 02:39 . 2008-04-13 17:45 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys

2012-08-22 02:39 . 2008-04-13 23:12 20992 ----a-w- c:\windows\system32\dshowext.ax

2012-08-22 02:36 . 2007-07-19 00:44 3599000 ----a-w- c:\windows\system32\drivers\lvuvc.sys

2012-08-22 02:36 . 2007-07-19 00:44 465432 ----a-w- c:\windows\system32\LVUI2RC.dll

2012-08-22 02:36 . 2007-07-19 00:40 416280 ----a-w- c:\windows\system32\lvcodec2.dll

2012-08-22 02:36 . 2007-07-19 00:43 490008 ----a-w- c:\windows\system32\LVUI2.dll

2012-08-22 02:36 . 2007-07-19 00:42 1920920 ----a-w- c:\windows\system32\drivers\lvpopflt.sys

2012-08-22 02:36 . 2007-07-18 23:55 19344 ----a-w- c:\windows\system32\Repository.reg

2012-08-22 02:36 . 2007-07-19 00:44 22296 ----a-w- c:\windows\system32\drivers\lvuvcflt.sys

2012-08-22 02:36 . 2007-07-19 00:44 41752 ----a-w- c:\windows\system32\drivers\LVUSBSta.sys

2012-08-22 02:36 . 2007-07-19 00:40 195096 ----a-w- c:\windows\system32\lvci1110.dll

2012-08-22 02:35 . 2012-08-22 02:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Logitech

2012-08-01 15:50 . 2012-08-12 20:59 -------- d-----w- c:\program files\BETV

2012-07-27 20:51 . 2012-07-27 20:51 184248 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll

2012-07-27 20:51 . 2012-07-27 20:51 184248 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Modified Files in Three Months ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-22 02:30 . 2012-04-03 16:10 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-08-22 02:30 . 2011-05-20 12:23 73416 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-07-06 13:58 . 2009-11-15 18:50 78336 ----a-w- c:\windows\system32\browser.dll

2012-07-04 14:05 . 2009-11-15 18:53 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-07-03 18:46 . 2010-03-16 22:07 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-03 13:40 . 2005-05-20 00:14 1866112 ----a-w- c:\windows\system32\win32k.sys

2012-07-02 17:49 . 2005-05-20 00:14 916992 ----a-w- c:\windows\system32\wininet.dll

2012-07-02 17:49 . 2009-11-15 18:52 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-07-02 17:49 . 2009-11-15 18:51 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-07-02 12:05 . 2009-11-15 18:51 385024 ------w- c:\windows\system32\html.iec

2012-06-17 14:33 . 2012-06-17 14:33 12557904 ----a-w- c:\documents and settings\All Users\Tempmozy-autoupdate-864934ef6e2b54a6f5dcfa6e472922e2.exe

2012-06-07 03:57 . 2003-03-19 03:14 499712 ----a-w- c:\windows\system32\msvcp71.dll

2012-06-07 03:57 . 2003-02-21 11:42 348160 ----a-w- c:\windows\system32\msvcr71.dll

2012-06-07 01:59 . 2012-06-07 01:59 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX

2012-06-05 15:50 . 2009-11-15 18:52 1172480 ----a-w- c:\windows\system32\msxml3.dll

2012-06-05 15:50 . 2008-04-14 00:12 1372672 ------w- c:\windows\system32\msxml6.dll

2012-06-04 04:32 . 2009-11-15 18:53 152576 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 20:19 . 2009-08-07 01:24 22040 ----a-w- c:\windows\system32\wucltui.dll.mui

2012-06-02 20:19 . 2009-11-15 18:54 210968 ----a-w- c:\windows\system32\wuweb.dll

2012-06-02 20:19 . 2009-11-15 18:54 329240 ----a-w- c:\windows\system32\wucltui.dll

2012-06-02 20:19 . 2009-11-15 18:54 219160 ----a-w- c:\windows\system32\wuaucpl.cpl

2012-06-02 20:19 . 2009-08-07 01:24 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2012-06-02 20:19 . 2009-11-15 18:54 35864 ----a-w- c:\windows\system32\wups.dll

2012-06-02 20:19 . 2009-11-15 18:54 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 20:19 . 2009-11-15 18:50 97304 ----a-w- c:\windows\system32\cdm.dll

2012-06-02 20:19 . 2009-08-07 01:24 45080 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 20:19 . 2009-08-07 01:24 15384 ----a-w- c:\windows\system32\wuapi.dll.mui

2012-06-02 20:19 . 2009-08-07 01:24 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui

2012-06-02 20:19 . 2009-11-15 18:54 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 20:19 . 2009-11-15 18:54 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 20:18 . 2010-02-15 09:10 214256 ----a-w- c:\windows\system32\muweb.dll

2012-06-02 20:18 . 2010-02-15 09:10 275696 ----a-w- c:\windows\system32\mucltui.dll

2012-06-02 20:18 . 2010-02-15 09:10 17136 ----a-w- c:\windows\system32\mucltui.dll.mui

2012-05-31 17:25 . 2009-12-14 16:59 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-05-31 13:22 . 2009-11-15 18:50 599040 ----a-w- c:\windows\system32\crypt32.dll

2010-07-14 15:56 . 2010-09-18 11:53 417944 ----a-w- c:\program files\Common Files\ZugoInstaller.exe

2010-05-09 05:14 . 2010-12-14 14:28 5387 ----a-w- c:\program files\apply.cmd

2010-04-24 04:33 . 2010-12-14 14:28 911800 ----a-w- c:\program files\amtlib.dll

2000-08-04 23:59 . 2012-06-16 03:30 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2010-06-03 19:36 . 2010-08-18 03:23 13696 -c--a-w- c:\program files\mozilla firefox\components\CntvSpeedup.dll

.

.

Share this post


Link to post
Share on other sites

Part 3 (last one)

.

-- 快照技術重新設置 --

.

((((((((((((((((((((((((((((((((((((( 重要登入點 ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*注意* 空白與合法缺省登錄將不會被顯示

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]

@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"

[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]

2012-02-07 16:41 4253544 ----a-w- c:\program files\MozyHome\mozyshell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]

@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"

[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]

2012-02-07 16:41 4253544 ----a-w- c:\program files\MozyHome\mozyshell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-02-24 5537792]

"QuiKProtect"="c:\program files\Iomega\QuikProtect\StartQuikProtect.exe" [2010-06-24 58672]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]

"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-06-07 296056]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2010-05-06 09:29 64592 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MozyHome Status.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\MozyHome Status.lnk

backup=c:\windows\pss\MozyHome Status.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^清?紫光全能王手???系?.lnk]

backup=c:\windows\pss\清?紫光全能王手???系?.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Frank Liu^Start Menu^Programs^Startup^startQuikProtect.exe.lnk]

backup=c:\windows\pss\startQuikProtect.exe.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2012-07-27 20:51 35768 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]

2010-03-25 01:50 2516296 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenuEx]

2010-04-02 15:18 1185112 ----a-w- c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cookienator]

2009-10-19 06:29 1333472 -c--a-w- c:\program files\Cookienator\cookienator.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EvtMgr6]

2010-06-26 00:15 1311312 -c--a-w- c:\program files\Logitech\SetPointP\SetPoint.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2012-06-28 03:28 116648 ----atw- c:\documents and settings\Frank Liu\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]

2007-07-25 21:02 563984 ----a-w- c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]

2007-07-25 21:06 2027792 ----a-w- c:\program files\Logitech\QuickCam\Quickcam.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SanDiskSecureAccess_Manager.exe]

2011-11-26 00:11 27306624 ----a-w- c:\documents and settings\Frank Liu\Application Data\SanDisk\SanDiskSecureAccess_Manager.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2011-06-09 18:06 254696 -c--a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]

c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe [bU]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2012-06-07 03:57 296056 ----a-w- c:\program files\real\realplayer\Update\realsched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"NitroReaderDriverReadSpool"=2 (0x2)

"avg9wd"=2 (0x2)

"PCToolsSSDMonitorSvc"=2 (0x2)

"ioloSystemService"=2 (0x2)

"ioloFileInfoList"=2 (0x2)

"MsMpSvc"=2 (0x2)

"YahooAUService"=2 (0x2)

"WMPNetworkSvc"=3 (0x3)

"QSCopyEngine"=2 (0x2)

"PLFlash DeviceIoControl Service"=2 (0x2)

"ose"=3 (0x3)

"NMIndexingService"=3 (0x3)

"Nero BackItUp Scheduler 4.0"=2 (0x2)

"McciCMService"=2 (0x2)

"LBTServ"=3 (0x3)

"IHA_MessageCenter"=2 (0x2)

"idsvc"=3 (0x3)

"IDriverT"=3 (0x3)

"gusvc"=3 (0x3)

"Brother XP spl Service"=2 (0x2)

"brmfrmps"=2 (0x2)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\system32\\mmc.exe"=

"c:\\Program Files\\Iomega\\QuikProtect\\QuikProtect.exe"=

"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=

"c:\\Program Files\\WINPENJR\\win32\\PPupdwz.exe"=

"c:\\Program Files\\BETV\\BETV.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"50000:UDP"= 50000:UDP:IHA_MessageCenter

.

R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2010/8/19 2:27 PM 10448]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010/3/16 5:07 PM 655944]

R2 QPCopyEngine;QPCopyEngine;c:\program files\Iomega\QuikProtect\QpMonitor.exe [2010/6/24 5:04 PM 247088]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010/3/16 5:07 PM 22344]

R3 Pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [2009/11/26 8:38 AM 47360]

R3 QsFsFltr;QsFsFltr;c:\windows\system32\drivers\QsFsFltr.sys [2009/11/21 5:04 PM 19384]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011/3/26 10:22 AM 136176]

S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012/7/13 1:28 PM 160944]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012/4/3 11:10 AM 250568]

S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\magix\Common\Database\bin\fbserver.exe [2011/7/23 10:31 PM 1527900]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011/3/26 10:22 AM 136176]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012/4/27 2:13 PM 113120]

S3 QianCaiHid;QianCai Handwriter Device;c:\windows\system32\drivers\HidKeyboard.sys [2010/12/14 3:28 PM 6400]

S4 IHA_MessageCenter;IHA_MessageCenter;c:\program files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2010/10/13 6:06 PM 98304]

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]

2009-03-08 09:32 128512 ----a-w- c:\windows\system32\advpack.dll

.

‘計劃任務’ 文件夾 裡的內容

.

2012-08-24 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 02:30]

.

2012-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cd54de10e0c010.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-26 02:12]

.

2012-08-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-917075022-3912106595-2679439203-1006Core.job

- c:\documents and settings\Frank Liu\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-08-23 03:28]

.

2012-08-24 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job

- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 22:03]

.

2012-08-24 c:\windows\Tasks\MpIdleTask.job

- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 22:03]

.

2012-08-24 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-917075022-3912106595-2679439203-1006.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-04-30 23:21]

.

2012-08-15 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-917075022-3912106595-2679439203-1006.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-04-30 23:21]

.

2012-08-24 c:\windows\Tasks\User_Feed_Synchronization-{12E6D780-BBA6-4A53-9EDB-E778FFB2ECF0}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]

.

.

------- Extra Scan -------

.

uStart Page = hxxp://my.yahoo.com/

uInternet Settings,ProxyOverride = <local>

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

Trusted Zone: citi.com\creditcards

Trusted Zone: itcu.org\www

Trusted Zone: microsoft.com\update

Trusted Zone: microsoft.com\windowsupdate

Trusted Zone: yahoo.com\my

TCP: DhcpNameServer = 192.168.1.1

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

FF - ProfilePath - c:\documents and settings\Frank Liu\Application Data\Mozilla\Firefox\Profiles\bqdxhci7.default\

FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

MSConfigStartUp-PPHIDPAD - c:\winpenjr\Win32\pphidpad.exe

MSConfigStartUp-USBToolTip - c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-08-24 09:46

Windows 5.1.2600 Service Pack 3 NTFS

.

掃描被隱藏的進程 ...

.

掃描被隱藏的啟動組 ...

.

掃描被隱藏的文件 ...

.

掃描完成

被隱藏的檔案: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-917075022-3912106595-2679439203-1006\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- 運行進程下的動態鏈接庫 ---------------------

.

- - - - - - - > 'winlogon.exe'(724)

c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

.

Time Completed: 2012-08-24 09:50:19

ComboFix-quarantined-files.txt 2012-08-24 14:50

.

Pre-Run: 101,936,541,696 bytes free

Post-Run: 102,175,883,264 bytes free

.

- - End Of File - - D7C6690DB89699A4F57ABEAA909997E0

Share this post


Link to post
Share on other sites
Trojan warning:TDL3

This system has some serious backdoor trojans. TDL3

This is a point where you need to decide about whether to make a clean start.

According to the information provided in logs, one or more of the identified infections is a backdoor trojan. This allows hackers to remotely control your computer, steal critical system information, and download and execute files.

You are strongly advised to do the following immediately.

1. Contact your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and ask them to put a watch on your accounts or change all your account numbers.

2. From a clean computer, change ALL your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups.

3. Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.These trojans leave a backdoor open on the system that can allow a hacker total and complete access to your computer. (Remote access trojan) Hackers can operate your computer just as if they were sitting in front of it. Hackers can watch everything you are doing on the computer, play tricks, do screenshots, log passwords, start and stop programs.

* Take any other steps you think appropriate for an attempted identity theft.

You should also understand that once a system has been compromised by a Trojan backdoor, it can never really be trusted again unless you completely reformat the hard drives and reinstall Windows fresh.

While we usually can successfully remove malware like this, we cannot guarantee that it is totally gone, and that your system is completely safe to use for future financial information and/or transactions.

Here is some additional information: What Is A Backdoor Trojan? http://www.geekstogo...backdoor-trojan

Danger: Remote Access Trojans http://www.microsoft...o/virusrat.mspx

Consumers – Identity Theft http://www.ftc.gov/b...mers/index.html

When should I re-format? How should I reinstall? http://www.dslreports.com/faq/10063

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud? http://www.dslreports.com/faq/10451

Let me know what you decide.

IF you decide to attempt cleaning, then start with the following.

Run RKILL one more time.

Step 2

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

  1. Close any/all open internet browsers. Save any open documents you have open & close programs you started.
  2. Click on START>All Programs>Malwarebytes' Anti-Malware>Tools>Malwarebytes Anti-Malware Chameleon
    On Windows 7, press Windows-key, then start typing in text box
Malwarebytes[code] then select/click [b]Malwarebytes Anti-Malware Chameleon[/b]
Once the Help file opens, click on a [b]Chameleon[/b] button (starting with #1)
If running on Vista, Windows 7, press the Yes button when prompted at the UAC prompt to allow to run.
You should see a black Command-prompt-window that remains open and says [b]MBAM-chameleon ver. 1.6[/b] at the top
Press any key to continue as it says in the window {space-bar will do}
If the Chameleon button you tried does not work, try the next Chameleon button shown. (There are 12 in all).
Have infinite patience during this process
Malwarebytes Chameleon will proceed to update Malwarebytes Anti-Malware, so ensure that you are connected to the internet if possible
Once the update completes and it says your database is updated, click on [b]OK[/b] button so that process can continue :excl:
Malwarebytes Chameleon will then terminate any threats running in memory, which may take a while, so please be patient.
After that, Malwarebytes Anti-Malware will open automatically and perform a Quick scan
A quick scan will take a few minutes, possibly 5 or so minutes. Have infinite patience.
Once the scan is complete, click on [b]Show Results[/b] and remove any threats that are found by clicking [b]Remove Selected[/b]
If prompted to restart your computer to complete the removal process, click [b]Yes[/b] :excl:
If no threats are found, press OK button & press EXIT to end MBAM. Press the space-bar (or another key) to exit the command-prompt-window.
After your computer restarts, open [b]Malwarebytes Anti-Malware[/b] and perform one last [b][color=blue]FULL [/color][/b]scan to verify that there are no remaining threats

Reply with copy of the MBAM scan log for review.

Share this post


Link to post
Share on other sites

Hi Maurice:

Too bad to learn that my system is hacked by a trojan. (I am using another system to communicate with you right now.)

I think I like to clean the system completely. Can you give me the steps to completely reformat the dard drives and reinstall Windows fresh? What about the external drive? Is that external drive safe to use after reinstall the Windows?

Too bad to have this problem. On the other hand, thank you for finding out the problem for me and hope the damage is minimized as soon as possible.

Planoguy

Share this post


Link to post
Share on other sites

If you have the Windows XP CD, you would use that to boot from and in the initial steps you would delete the Windows partition as the first step, then load Windows fresh. You'd have to set the pc to boot from the CD as the first boot device.

IF your pc did not come with a Windows CD, your pc manufacturer likely has a factory restore partition on the HDD. You need to check with your pc manufacturer on the procedures and sequence.

I will not be guiding you on the factory restore process.

The following is a very general outline:

Before you do that, make sure you have at hand the Windows XP CD and also, a fresh new copy of your antivirus that is downloaded from a clean pc and saved on transportable-media (CD-DVD or clean thumb drive).

When you are at point of re-installing o.s., I'd recommend you have the pc disconnected from internet until after the o.s. is installed, plus the antivirus is fully setup and running.

See Windows XP Clean Installation - Partitioning and Formatting using Windows XP CD by Ramesh Srinivasan, MS-MVP & AumHa VSOP

Also Clean Install Windows by Michael Stevens, MS-MVP

I would urge you to follow the directions very carefully.

You will loose your documents so if you have some to save, offload them to a separate offline media. And later on insure you do a full scan of them by running your antivirus.

NOTE: If XP CD is from a pc manufacturer, and they bundled an AV like McAfee or Norton/Symantec trial versions, immediately de-install those, sice they will be outdated & of no use. Install your antvirus immediately after.

Other security references at Microsoft

4 steps to protect your computer

How to boost your malware defense and protect your PC

Good wishes to you.

Share this post


Link to post
Share on other sites

Thank you, Maurice. I do have windows xp CD. I will start from there.

Couple of more questions. In addition to the C Drive, I have another internal drive designated as E and F (two logical partitions), and an external drive. All of them are data files. Do I un-plug them before starting re-install XP? How do I make sure they are not infected? Can virus, trojans, etc. be in a data file? If they can, how to remove them?

Planoguy

Share this post


Link to post
Share on other sites

If you have external drives, you will want to unplug them before re-installing Windows.

IF you have logical partitions on your HDD, leave them be. I am assuming your Windows is on C:

You can scan your files with your antivirus & MBAM & with some of the following online scanners (listed below).

Safer practices & malware prevention

We are finished here. Best regards. cool.gif

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.