Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - deighan2004

Pages: [1]
1
Tech Clinic / guestolo can u help please
« on: December 06, 2006, 09:31:18 AM »
Everything seems to be running ok, a bit slow but no freezes lately. Kapersky found a few viruses it said but i take it they're not too worrying? Ill remove avg anti-virus and turn on the zonealarm one that will probably get the comp speeded up.

Still cant log onto this website from my home computre though.

thanks for the help

2
Tech Clinic / guestolo can u help please
« on: November 30, 2006, 11:15:59 AM »
I know u probably havent had time but could you have a lok at this for me when u get a chance guestolo??

thanks very much

3
Tech Clinic / guestolo can u help please
« on: November 28, 2006, 02:27:17 PM »

4
Tech Clinic / guestolo can u help please
« on: November 27, 2006, 07:35:39 AM »
So does evreything look ok?

5
Tech Clinic / guestolo can u help please
« on: November 22, 2006, 10:19:03 AM »
heres the logs, sorry about the delay


[font=\"Courier New\"]Logfile of HijackThis v1.99.1
Scan saved at 10:48:25, on 22/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\WINDOWS\explorer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\paddy\Desktop\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [/font][font=\"Courier New\"]http://www.google.co.uk/[/font][font=\"Courier New\"]
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /QS
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: 32Red Poker - {437F7F6F-FFCC-47e1-8A4B-C992493CF6C3} - C:\Program Files\32RedMPP\MPPoker.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PacificPoker - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PROGRA~1\PACIFI~1\pacificpoker.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - [/font][font=\"Courier New\"]http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab[/font][font=\"Courier New\"]
O16 - DPF: {2A493D5F-8914-4D3E-8BF3-767F281862F4} (TraderMediaImgX Control) - [/font][font=\"Courier New\"]http://sell.autotrader.co.uk/uk-ola/common/TraderMediaX.cab[/font][font=\"Courier New\"]
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by111fd.bay111.Email Removed.msn.com/resources/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - [/font][font=\"Courier New\"]http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab[/font][font=\"Courier New\"]
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - [/font][font=\"Courier New\"]http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab[/font][font=\"Courier New\"]
O17 - HKLM\System\CCS\Services\Tcpip\..\{39114087-D037-441A-86E4-FFAB57148C1B}: NameServer = 212.139.132.41 212.139.132.42
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe





-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, November 22, 2006 10:46:54 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 22/11/2006
Kaspersky Anti-Virus database records: 243745
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan Statistics:
Total number of scanned objects: 54877
Number of viruses found: 2
Number of infected objects: 6 / 0
Number of suspicious objects: 0
Duration of the scan process: 01:00:13

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\paddy\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\paddy\Desktop\PAT UNIVERSITY\FINAL YEAR\New Folder\SmitfraudFix.zip/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\paddy\Desktop\PAT UNIVERSITY\FINAL YEAR\New Folder\SmitfraudFix.zip ZIP: infected - 1 skipped
C:\Documents and Settings\paddy\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\paddy\Desktop\SmitfraudFix.zip/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\paddy\Desktop\SmitfraudFix.zip ZIP: infected - 1 skipped
C:\Documents and Settings\paddy\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\paddy\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\paddy\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\paddy\Local Settings\History\History.IE5\MSHist012006112120061122\index.dat Object is locked skipped
C:\Documents and Settings\paddy\Local Settings\History\History.IE5\MSHist012006112220061123\index.dat Object is locked skipped
C:\Documents and Settings\paddy\Local Settings\Temp\~DF729B.tmp Object is locked skipped
C:\Documents and Settings\paddy\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\paddy\Local Settings\Temporary Internet Files\Content.IE5\KR3TTBZO\pacificpoker[1].exe Infected: not-a-virus:AdWare.Win32.Casino.r skipped
C:\Documents and Settings\paddy\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\paddy\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\MailBuddy.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\N-WLVCMW3HKQ19W.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{F028F0BD-F621-43BB-ABA5-DE03FAA52AA0}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\ZLT00930.TMP Object is locked skipped
C:\WINDOWS\Temp\ZLT0093d.TMP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed. [/font]

6
Tech Clinic / guestolo can u help please
« on: November 20, 2006, 10:45:12 AM »
I logged out on my girlfriends computer and tried to log in on the computer at home but still couldnt get in. Ill give kapersky a go and post back results later and also a hijack this log soon as i get home.

 

Thanks guestolo

7
Tech Clinic / guestolo can u help please
« on: November 19, 2006, 02:12:56 PM »
Done all that still cant get in on my computer. Im logged on this computer (my girlfriends) and have ticked 'keep me signed in' would that stop me getting on from my computer?

i was registered to this site before but i cant remember my user name, password or even what email i used!! Would that stop me getting on?

How does my computer look now is it pretty clean from viruses? It is running a bit slow at the minute dont know why. I bought nero7 and couldnt get it installed the guy in shop reluctantly gave me a new disc and said it would be viruses on my computer stopping it from installing properly do u think it would be ok to ry the new disc yet?

8
Tech Clinic / guestolo can u help please
« on: November 14, 2006, 07:01:52 AM »
[font=\"Courier New\"]Typed the below into START>>RUN but said could not open
C:\PROGRA~1\PADDYP~1\UNWISE.EXE C:\PROGRA~1\PADDYP~1\INSTALL.LOG


Ran Windows Install Cleanup utility and removed
(All Users) Roxio Easy Media Creator 7.5 Trial (7.5.0.47)

Rebooted computer and removed
C:\Program Files\Roxio Easy Media Creator 7.5 ENG Trial
C:\Documents and Settings\paddy\Application Data\Roxio


This completely removed roxio but paddy power was still there so i removed paddypower using hijack this> misc tools > uninstall list and also removed it from program files so both paddypwer and roxio seem to have gone!!


The computer has speeded up a little but still cant get into thetechguide.com/forum. I have to use other peoples computers. I can get into thetechguide.com but when i click on forum it just gives me this message below:

Board Message
Sorry, an error occurred. If you are unsure on how to use a feature, or don't know why you got this error message, try looking through the help files for more information.

The error returned was:
Sorry, you are not permitted to use this board


You are not logged in, you may log in below



I try to log on but it doesnt change!! Thanks again for your help[/font]

9
Tech Clinic / guestolo can u help please
« on: November 13, 2006, 06:44:46 AM »
[font=\"Courier New\"]Windows installer just said this beside roxio,
''(All Users) Roxio Easy Media Creator 7.5 Trial (7.5.0.47)''
Should I remove this?

This is the paddy power in hijack this
C:\PROGRA~1\PADDYP~1\UNWISE.EXE C:\PROGRA~1\PADDYP~1\INSTALL.LOG

This is the roxio in hijack this
MsiExec.exe /I{BF39E1F8-2AFB-451F-BD19-AB9616B3BF74}


Wasnt sure if you wanted this again but heres the whole uninstall list, cheerz guestolo
µTorrent
32Red Poker
Ad-Aware SE Personal
Adobe Reader 7.0.5
Allok AVI MPEG Converter 2.0.2
AVG Anti-Spyware 7.5
AVG Anti-Virus 7.1
AVS Video Tools 5.3
Boilosft AVI to VCD SVCD DVD Converter 3.61
CleanUp!
Command & Conquer Tiberian Sun
ConvertXtoDVD 2.1.0
Cucusoft MPEG/MOV/RM/DivX/AVI to DVD/VCD/SVCD Creator Pro 7.07
Dell ResourceCD
DivX
DivX Player
eMule
Football Manager 2005
HijackThis 1.99.1
Intel® PRO Network Adapters and Drivers
J2SE Runtime Environment 5.0 Update 9
LiveUpdate 2.6 (Symantec Corporation)
Macromedia Flash Player 8
Macromedia Shockwave Player
Magic DVD Creator Trial Version (English) 7.9.0.3
Microsoft Office Professional Edition 2003
MP3 Player Utilities 1.51
MSXML 4.0 SP2 (KB925672)
NVIDIA Windows 2000/XP Display Drivers
Pacific Poker
Paddy Power Poker
QuickSnooker
Registry Mechanic 5.2
Roxio Easy Media Creator 7.5 Trial
SAMSUNG CDMA Modem Driver Set
SAMSUNG Mobile USB Modem ^^
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio
Samsung PC Studio 3 USB Driver Installer
Samsung Samples Installer
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925486)
Sony Ericsson PC Suite
SoundMAX
SpeedTouch USB Software
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Westwood Shared Internet Components
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Installer Clean Up
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinRAR archiver
ZoneAlarm Security Suite [/font]

10
Tech Clinic / guestolo can u help please
« on: November 12, 2006, 12:11:27 PM »
[font=\"Courier New\"]I deleted this file,
C:\WINDOWS\system32\yycdd.bak1 <file



Ive tried removing roxio from add/remove programs but it just says,
''could not open the Certificate Reading DLL''
then,
''there was a problem authenticating your version. Please make sure your system is set to the current date''

I dont think I can use roxio free version to burn dvd's so could we just remove it then please. Also when i right click my mouse to delete stuff from desktop or move to another folder roxio tries to install itself on my computer thats what i meant by it keeps trying to install itself.

i also cant remove 'Paddy Power Poker' for some reason even though it's not actually installed on my computer.


Cheerz guestolo [/font]

11
Tech Clinic / guestolo can u help please
« on: November 10, 2006, 03:39:21 PM »
Here

Heres the 2logs, cheerz guestolo


[font=\"Courier New\"]µTorrent
32Red Poker
Ad-Aware SE Personal
Adobe Reader 7.0.5
Allok AVI MPEG Converter 2.0.2
AVG Anti-Spyware 7.5
AVG Anti-Virus 7.1
AVS Video Tools 5.3
Boilosft AVI to VCD SVCD DVD Converter 3.61
CleanUp!
Command & Conquer Tiberian Sun
ConvertXtoDVD 2.1.0
Cucusoft MPEG/MOV/RM/DivX/AVI to DVD/VCD/SVCD Creator Pro 7.07
Dell ResourceCD
DivX
DivX Player
eMule
Football Manager 2005
HijackThis 1.99.1
Intel® PRO Network Adapters and Drivers
J2SE Runtime Environment 5.0 Update 9
LiveUpdate 2.6 (Symantec Corporation)
Macromedia Flash Player 8
Macromedia Shockwave Player
Magic DVD Creator Trial Version (English) 7.9.0.3
Microsoft Office Professional Edition 2003
MP3 Player Utilities 1.51
MSXML 4.0 SP2 (KB925672)
NVIDIA Windows 2000/XP Display Drivers
Pacific Poker
Paddy Power Poker
QuickSnooker
Registry Mechanic 5.2
Roxio Easy Media Creator 7.5 Trial
SAMSUNG CDMA Modem Driver Set
SAMSUNG Mobile USB Modem ^^
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio
Samsung PC Studio 3 USB Driver Installer
Samsung Samples Installer
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925486)
Sony Ericsson PC Suite
SoundMAX
SpeedTouch USB Software
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Westwood Shared Internet Components
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinRAR archiver
ZoneAlarm Security Suite








paddy - 06-11-10 18:43:20.40    Service Pack 2
ComboFix 06.10.19 - Running from: "C:\Documents and Settings\paddy\Desktop"

(((((((((((((((((((((((((((((((   Files Created from 2006-10-10 to 2006-11-10  ))))))))))))))))))))))))))))))))))


2006-11-09 01:46 719,872 --a------ C:\WINDOWS\system32\devil.dll
2006-11-09 01:46 308,224 --a------ C:\WINDOWS\system32\avisynth.dll
2006-11-03 12:58 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-11-01 12:36 53,248 --a------ C:\WINDOWS\system32\Process.exe
2006-11-01 12:36 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2006-11-01 12:36 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2006-11-01 12:36 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2006-10-24 09:50 77,824 --a------ C:\WINDOWS\system32\driverif.dll
2006-10-24 09:50 75,776 --a------ C:\WINDOWS\zllsputility.exe
2006-10-24 09:50 733,236 --a------ C:\WINDOWS\system32\vete.dll
2006-10-24 09:50 541,733 --a------ C:\WINDOWS\system32\drivers\vetmonnt.sys
2006-10-24 09:50 21,605 --a------ C:\WINDOWS\system32\drivers\vet-filt.sys
2006-10-24 09:50 15,668 --a------ C:\WINDOWS\system32\drivers\vet-rec.sys
2006-10-24 09:50 12,288 --a------ C:\WINDOWS\system32\vetntmsg.dll
2006-10-24 09:50 108,453 --a------ C:\WINDOWS\system32\drivers\vetfddnt.sys
2006-10-24 09:42 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2006-10-13 10:01 3,968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys


((((((((((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-11-10 18:45 -------- d-------- C:\Documents and Settings\paddy\Application Data\uTorrent
2006-11-10 18:30 -------- d-------- C:\Program Files\32RedMPP
2006-11-10 18:27 -------- d-------- C:\Documents and Settings\paddy\Application Data\Microgaming
2006-11-10 18:08 -------- d-------- C:\Program Files\Magic DVD Creator
2006-11-10 12:05 -------- d-------- C:\Program Files\Common Files\Ahead
2006-11-10 11:34 -------- d-------- C:\Documents and Settings\paddy\Application Data\AVG7
2006-11-09 19:43 -------- d-------- C:\Program Files\PacificPoker
2006-11-09 16:06 -------- d-------- C:\Program Files\Registry Mechanic
2006-11-09 13:38 -------- d-------- C:\Program Files\eMule
2006-11-09 01:46 47360 --a------ C:\WINDOWS\system32\drivers\Pcouffin.sys
2006-11-09 01:34 -------- d-------- C:\Program Files\Common Files\MagicDVDRipper
2006-11-09 01:34 -------- d-------- C:\Program Files\Common Files
2006-11-09 00:08 -------- d-------- C:\Program Files\MSN Messenger
2006-11-08 16:04 -------- d-------- C:\Program Files\Ahead
2006-11-05 15:03 -------- d-------- C:\Program Files\uTorrent
2006-11-03 17:34 -------- d-------- C:\Program Files\Java
2006-11-03 17:33 -------- d-------- C:\Program Files\Common Files\Java
2006-11-03 12:58 -------- d-------- C:\Program Files\Grisoft
2006-11-03 12:51 816672 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-10-29 23:11 -------- d-------- C:\Program Files\Roxio Easy Media Creator 7.5 ENG Trial
2006-10-29 14:31 -------- d-------- C:\Program Files\QuickTime
2006-10-24 09:58 -------- d-------- C:\Documents and Settings\paddy\Application Data\MailFrontier
2006-10-24 09:50 -------- d-------- C:\Program Files\Zone Labs
2006-10-24 09:42 -------- d-------- C:\Program Files\Internet Explorer
2006-10-22 14:45 -------- d-------- C:\Program Files\Common Files\Download Manager
2006-10-18 17:35 -------- d-------- C:\Program Files\Boilsoft AVI Converter
2006-10-18 17:15 -------- d-------- C:\Program Files\Common Files\AVSMedia
2006-10-18 17:14 -------- d-------- C:\Program Files\AVSMedia
2006-10-18 17:14 -------- d-------- C:\Program Files\Allok AVI MPEG Converter
2006-10-18 13:16 -------- d-------- C:\Program Files\Nero
2006-10-15 15:18 -------- d-------- C:\Documents and Settings\paddy\Application Data\Free Download Manager
2006-10-14 19:58 -------- d-------- C:\Program Files\MSXML 4.0
2006-10-13 17:31 8464 --a------ C:\WINDOWS\system32\sporder.dll
2006-10-09 00:11 -------- d-------- C:\Documents and Settings\paddy\Application Data\Sun
2006-10-02 21:12 -------- d-------- C:\Program Files\Paddy Power Poker
2006-09-25 15:01 -------- d-------- C:\Documents and Settings\paddy\Application Data\deighan1
2006-09-23 10:39 -------- d-------- C:\Documents and Settings\paddy\Application Data\Rocky2t6
2006-09-20 00:12 2368 --a------ C:\WINDOWS\system32\SVKP.sys
2006-09-19 23:37 -------- d-------- C:\Documents and Settings\paddy\Application Data\Vso
2006-09-19 01:11 -------- d-------- C:\Documents and Settings\paddy\Application Data\Nero
2006-09-18 10:32 34 --a------ C:\Documents and Settings\paddy\Application Data\pcouffin.log
2006-09-18 10:31 81920 --a------ C:\Documents and Settings\paddy\Application Data\ezpinst.exe
2006-09-18 10:31 7176 --a------ C:\Documents and Settings\paddy\Application Data\pcouffin.cat
2006-09-18 10:31 47360 --a------ C:\Documents and Settings\paddy\Application Data\pcouffin.sys
2006-09-18 10:31 1144 --a------ C:\Documents and Settings\paddy\Application Data\pcouffin.inf
2006-09-18 10:31 -------- d-------- C:\Program Files\vso
2006-09-16 19:45 -------- d-------- C:\Program Files\Cucusoft
2006-09-16 17:43 -------- d-------- C:\Documents and Settings\paddy\Application Data\deighan
2006-09-15 11:01 -------- d-------- C:\Documents and Settings\paddy\Application Data\Roxio
2006-09-13 05:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-09-12 19:04 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-09-12 19:02 -------- d-------- C:\Documents and Settings\paddy\Application Data\Samsung
2006-09-12 17:58 -------- d-------- C:\Program Files\Samsung
2006-09-12 17:58 -------- d-------- C:\Program Files\Common Files\InstallShield
2006-09-12 16:51 1245184 --a------ C:\WINDOWS\system32\msxml4.dll
2006-09-11 23:27 -------- d-------- C:\Program Files\WinRAR
2006-09-11 22:22 -------- d-------- C:\Documents and Settings\paddy\Application Data\.ABC
2006-09-08 17:26 4222516 --a------ C:\ABC-win32-v3.1.exe
2006-09-05 20:31 448593 --ahs---- C:\WINDOWS\system32\yycdd.bak1
2006-08-25 15:45 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-21 12:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 09:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-16 11:58 100352 --a------ C:\WINDOWS\system32\6to4svc.dll


((((((((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"SpeedTouch USB Diagnostics"="\"C:\\Program Files\\Thomson\\SpeedTouch USB\\Dragdiag.exe\" /icon"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"RegistryMechanic"="C:\\Program Files\\Registry Mechanic\\RegMech.exe /QS"
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"NWEReboot"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the \'Scheduled Tasks\' folder
C:\WINDOWS\tasks\Symantec NetDetect.job

Completion time: 06-11-10 18:46:19.00
C:\ComboFix.txt ... 06-11-10 18:46
C:\ComboFix2.txt ... 06-11-01 12:23[/font]

12
Tech Clinic / guestolo can u help please
« on: November 09, 2006, 01:50:33 PM »
[font=\"Courier New\"]
[font=\"Courier New\"][/font]This is the most recent report i done. The previous report was saved BEFORE i deleted the viruses forgot to save it after i 'applied all actions' sorry about that.

Also roxio easy media creator keeps trying to install on my computer. anyway heres the report
[font=\"Courier New\"][/font]
[font=\"Courier New\"][/font]

AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 15:43:21 09/11/2006

+ Scan result:



C:\Documents and Settings\paddy\Cookies\paddy@com[1].txt -> TrackingCookie.Com : Cleaned.


::Report end[/font]

13
Tech Clinic / guestolo can u help please
« on: November 09, 2006, 08:02:49 AM »
p.s. when i try to download updates avg just says hat no updates are available ill go t my computer at home and give it another go and post back fresh avg log

14
Tech Clinic / guestolo can u help please
« on: November 09, 2006, 08:00:41 AM »
I DEFINATELY changed the reccommended settings to quarantine. im also about 99% sure that i clicked apply all actions!!!

Ill try it again and post log back

cheers

15
Tech Clinic / guestolo can u help please
« on: November 08, 2006, 06:00:19 PM »
[font=\"Courier New\"]
[font=\"Courier New\"][/font]Guestolo this is the avg log i cant get onto this website from my computer in the house somethings blocking me from getting on it, the website just says error
Code: [Select]
Quote


AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 15:55:58 08/11/2006

+ Scan result:



HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A43385F0-7113-496D-96D7-B9B550E3FCCA} -> Adware.Isearch : No action taken.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A43385F0-7113-496D-96D7-B9B550E3FCCA} -> Adware.Isearch : No action taken.
HKU\.DEFAULT\Software\New.net -> Adware.NewDotNet : No action taken.
HKU\S-1-5-18\Software\New.net -> Adware.NewDotNet : No action taken.
C:\WINDOWS\system32\rk.bin -> Adware.RK : No action taken.
C:\Program Files\Common Files\mrok\mrokd\vocabulary -> Downloader.TSUpdate.j : No action taken.
C:\Documents and Settings\paddy\Local Settings\Temporary Internet Files\Content.IE5\HRRLFTJW\popup[1].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\paddy\Local Settings\Temporary Internet Files\Content.IE5\O92VW5U7\popup[1].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\paddy\Cookies\paddy@adbrite[2].txt -> TrackingCookie.Adbrite : No action taken.
C:\Documents and Settings\paddy\Cookies\paddy@burstnet[2].txt -> TrackingCookie.Burstnet : No action taken.
C:\Documents and Settings\paddy\Cookies\paddy@statcounter[1].txt -> TrackingCookie.Statcounter : No action taken.
C:\Documents and Settings\paddy\Cookies\paddy@yadro[1].txt -> TrackingCookie.Yadro : No action taken.
C:\Documents and Settings\paddy\Cookies\[/font][font=\"Courier New\"][email protected][/font][font=\"Courier New\"][2].txt -> TrackingCookie.Yieldmanager : No action taken.


::Report end [/font]

16
Tech Clinic / guestolo can u help please
« on: November 08, 2006, 07:12:54 AM »
i will post back asap

17
Tech Clinic / guestolo can u help please
« on: November 03, 2006, 12:48:09 PM »
Thanks very much for getting back to me http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />

vundofix didnt find anything but everything else seems to have went well, havent had a pop up since i can out of safe mode!!!

cheerz mate


Logfile of HijackThis v1.99.1
Scan saved at 17:42:58, on 03/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\32RedMPP\MPPoker.exe
C:\Documents and Settings\paddy\Desktop\hijackthis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /QS
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: 32Red Poker - {437F7F6F-FFCC-47e1-8A4B-C992493CF6C3} - C:\Program Files\32RedMPP\MPPoker.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by111fd.bay111.Email Removed.msn.com/resources/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{39114087-D037-441A-86E4-FFAB57148C1B}: NameServer = 212.139.132.6 212.139.132.7
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


 




---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

 + Created at: 17:24:38 03/11/2006

 + Scan result:

 

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A43385F0-7113-496D-96D7-B9B550E3FCCA} -> Adware.Isearch : No action taken.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A43385F0-7113-496D-96D7-B9B550E3FCCA} -> Adware.Isearch : No action taken.
HKU\.DEFAULT\Software\New.net -> Adware.NewDotNet : No action taken.
HKU\S-1-5-18\Software\New.net -> Adware.NewDotNet : No action taken.
C:\WINDOWS\system32\rk.bin -> Adware.RK : No action taken.
C:\Program Files\Common Files\mrok\mrokd\vocabulary -> Downloader.TSUpdate.j : No action taken.
C:\Documents and Settings\paddy\Cookies\paddy@burstnet[2].txt -> TrackingCookie.Burstnet : No action taken.


::Report end







SmitFraudFix v2.117

Scan done at 13:40:48.60, 03/11/2006
Run from C:\Documents and Settings\paddy\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{dfa61db1-388e-4c87-8d56-540fa229bcb4}"="contrabandists"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\system32\a.exe Deleted
C:\WINDOWS\system32\ot.ico Deleted
C:\WINDOWS\system32\ts.ico Deleted
C:\DOCUME~1\ALLUSE~1\Desktop\Online Security Guide.url Deleted
C:\DOCUME~1\ALLUSE~1\Desktop\Security Troubleshooting.url Deleted
C:\DOCUME~1\paddy\FAVORI~1\Antivirus Test Online.url Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url Deleted
C:\Program Files\VideoCompressionCodec\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
 
Registry Cleaning done.
 
»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End


 


VundoFix V6.2.6

Checking Java version...

Sun Java not detected
Scan started at 13:20:44 03/11/2006

Listing files found while scanning....

No infected files were found.








ONCE AGAIN U HAVE SAVED THE DAY IT SEEMS!!!!!!!!!!!!!!!!!!!!!!!!

HAPPY DAYZ!!!!!!!!!!!!!!!1

18
Tech Clinic / guestolo can u help please
« on: November 01, 2006, 07:49:32 AM »
[color=\"#ff0000\"] http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/rolleyes.gif\' class=\'bbc_emoticon\' alt=\':rolleyes:\' />
Thanks very much for getting back to me. I removed the spyware terminator

heres the logs you asked for



1:[/color]
Logfile of HijackThis v1.99.1
Scan saved at 12:31:19, on 01/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\Program Files\VideoCompressionCodec\pmsngr.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\VideoCompressionCodec\pmmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\paddy\Desktop\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7b4d79df-9ef0-429d-a0e9-d9b138c6a53b} - blank (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /QS
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: 32Red Poker - {437F7F6F-FFCC-47e1-8A4B-C992493CF6C3} - C:\Program Files\32RedMPP\MPPoker.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by111fd.bay111.Email Removed.msn.com/resources/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe




[color=\"#ff00ff\"][color=\"#ff0000\"]2:[/color]
[/color]SmitFraudFix v2.117

Scan done at 12:36:53.57, 01/11/2006
Run from C:\Documents and Settings\paddy\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\a.exe FOUND !
C:\WINDOWS\system32\ot.ico FOUND !
C:\WINDOWS\system32\ts.ico FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\paddy


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\paddy\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url FOUND !
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\paddy\FAVORI~1

C:\DOCUME~1\paddy\FAVORI~1\Antivirus Test Online.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

C:\DOCUME~1\ALLUSE~1\Desktop\Online Security Guide.url FOUND !
C:\DOCUME~1\ALLUSE~1\Desktop\Security Troubleshooting.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\VideoCompressionCodec\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components]
"Source"="http://newsimg.bbc.co.uk/media/images/4103...le-getty416.jpg"
"SubscribedURL"="http://newsimg.bbc.co.uk/media/images/4103...le-getty416.jpg"
"FriendlyName"=""
 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{dfa61db1-388e-4c87-8d56-540fa229bcb4}"="contrabandists"

 

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End





[color=\"#ff0000\"]3:[/color]
paddy - 06-11-01 12:22:24.46    Service Pack 2
ComboFix 06.10.19 - Running from: "C:\Documents and Settings\paddy\Desktop"

((((((((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
 

C:\WINDOWS\uninstall_nmon.vbs
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Program Files\Inetget2
C:\Program Files\msmovies
C:\Program Files\network monitor
C:\Program Files\Common Files\{E86EFAA3-0AE9-1033-0721-03062403002c}

 
(((((((((((((((((((((((((((((((   Files Created from 2006-10-01 to 2006-11-01  ))))))))))))))))))))))))))))))))))
 
 
2006-10-24 09:50 77,824 --a------ C:\WINDOWS\system32\driverif.dll
2006-10-24 09:50 75,776 --a------ C:\WINDOWS\zllsputility.exe
2006-10-24 09:50 733,236 --a------ C:\WINDOWS\system32\vete.dll
2006-10-24 09:50 541,733 --a------ C:\WINDOWS\system32\drivers\vetmonnt.sys
2006-10-24 09:50 21,605 --a------ C:\WINDOWS\system32\drivers\vet-filt.sys
2006-10-24 09:50 15,668 --a------ C:\WINDOWS\system32\drivers\vet-rec.sys
2006-10-24 09:50 12,288 --a------ C:\WINDOWS\system32\vetntmsg.dll
2006-10-24 09:50 108,453 --a------ C:\WINDOWS\system32\drivers\vetfddnt.sys
2006-10-24 09:42 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2006-10-13 10:01 3,968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys
2006-10-01 22:23 706,048 --a------ C:\WINDOWS\system32\libmcl-3.1.1.dll
2006-10-01 22:23 3,423,744 --a------ C:\WINDOWS\system32\libfilefmt-1.1.0.dll
2006-10-01 22:23 20,480 --a------ C:\WINDOWS\system32\libavi-dd-1.2.0.dll


((((((((((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-11-01 12:23 -------- d-------- C:\Program Files\Common Files
2006-11-01 11:19 -------- d-------- C:\Documents and Settings\paddy\Application Data\AVG7
2006-10-30 14:29 -------- d-------- C:\Program Files\32RedMPP
2006-10-30 14:08 -------- d-------- C:\Documents and Settings\paddy\Application Data\Microgaming
2006-10-29 23:11 -------- d-------- C:\Program Files\Roxio Easy Media Creator 7.5 ENG Trial
2006-10-29 21:11 -------- d-------- C:\Program Files\Spyware Terminator
2006-10-29 16:17 -------- d-------- C:\Program Files\eMule
2006-10-29 14:31 -------- d-------- C:\Program Files\QuickTime
2006-10-25 10:17 -------- d-------- C:\Program Files\VideoCompressionCodec
2006-10-24 09:58 -------- d-------- C:\Documents and Settings\paddy\Application Data\MailFrontier
2006-10-24 09:50 -------- d-------- C:\Program Files\Zone Labs
2006-10-24 09:42 -------- d-------- C:\Program Files\Internet Explorer
2006-10-22 14:48 -------- d-------- C:\Program Files\Registry Mechanic
2006-10-22 14:45 -------- d-------- C:\Program Files\Common Files\Download Manager
2006-10-18 17:35 -------- d-------- C:\Program Files\Boilsoft AVI Converter
2006-10-18 17:15 -------- d-------- C:\Program Files\Common Files\AVSMedia
2006-10-18 17:14 -------- d-------- C:\Program Files\AVSMedia
2006-10-18 17:14 -------- d-------- C:\Program Files\Allok AVI MPEG Converter
2006-10-18 13:16 -------- d-------- C:\Program Files\Nero
2006-10-18 13:16 -------- d-------- C:\Program Files\Common Files\Ahead
2006-10-18 08:26 -------- d-------- C:\Program Files\Ahead
2006-10-15 15:18 -------- d-------- C:\Documents and Settings\paddy\Application Data\Free Download Manager
2006-10-14 19:58 -------- d-------- C:\Program Files\MSXML 4.0
2006-10-13 17:31 8464 --a------ C:\WINDOWS\system32\sporder.dll
2006-10-13 10:00 816288 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-10-09 12:52 -------- d-------- C:\Documents and Settings\paddy\Application Data\uTorrent
2006-10-09 00:11 -------- d-------- C:\Documents and Settings\paddy\Application Data\Sun
2006-10-06 23:37 -------- d-------- C:\Program Files\Java
2006-10-02 21:12 -------- d-------- C:\Program Files\Paddy Power Poker
2006-09-25 15:01 -------- d-------- C:\Documents and Settings\paddy\Application Data\deighan1
2006-09-25 13:00 -------- d-------- C:\Program Files\MSN Messenger
2006-09-23 10:39 -------- d-------- C:\Documents and Settings\paddy\Application Data\Rocky2t6
2006-09-20 00:12 2368 --a------ C:\WINDOWS\system32\SVKP.sys
2006-09-19 23:37 -------- d-------- C:\Documents and Settings\paddy\Application Data\Vso
2006-09-19 01:11 -------- d-------- C:\Documents and Settings\paddy\Application Data\Nero
2006-09-18 10:32 34 --a------ C:\Documents and Settings\paddy\Application Data\pcouffin.log
2006-09-18 10:31 81920 --a------ C:\Documents and Settings\paddy\Application Data\ezpinst.exe
2006-09-18 10:31 7176 --a------ C:\Documents and Settings\paddy\Application Data\pcouffin.cat
2006-09-18 10:31 47360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2006-09-18 10:31 47360 --a------ C:\Documents and Settings\paddy\Application Data\pcouffin.sys
2006-09-18 10:31 1144 --a------ C:\Documents and Settings\paddy\Application Data\pcouffin.inf
2006-09-18 10:31 -------- d-------- C:\Program Files\vso
2006-09-16 19:45 -------- d-------- C:\Program Files\Cucusoft
2006-09-16 17:43 -------- d-------- C:\Documents and Settings\paddy\Application Data\deighan
2006-09-15 11:01 -------- d-------- C:\Documents and Settings\paddy\Application Data\Roxio
2006-09-13 05:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-09-12 19:04 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-09-12 19:02 -------- d-------- C:\Documents and Settings\paddy\Application Data\Samsung
2006-09-12 17:58 -------- d-------- C:\Program Files\Samsung
2006-09-12 17:58 -------- d-------- C:\Program Files\Common Files\InstallShield
2006-09-12 16:51 1245184 --a------ C:\WINDOWS\system32\msxml4.dll
2006-09-11 23:27 -------- d-------- C:\Program Files\WinRAR
2006-09-11 22:22 -------- d-------- C:\Documents and Settings\paddy\Application Data\.ABC
2006-09-08 17:26 4222516 --a------ C:\ABC-win32-v3.1.exe
2006-09-08 15:47 -------- d-------- C:\Program Files\MP3 Rocket
2006-09-08 15:47 -------- d-------- C:\Program Files\Common Files\Scanner
2006-09-06 11:15 28416 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-09-06 01:25 -------- d-------- C:\Program Files\MP3 Player Utilities 1.51
2006-09-06 00:43 4960 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys
2006-09-06 00:42 4224 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-09-05 23:06 -------- d-------- C:\Program Files\CleanUp!
2006-09-05 20:31 448593 --ahs---- C:\WINDOWS\system32\yycdd.bak1
2006-09-04 21:00 -------- d-------- C:\Documents and Settings\paddy\Application Data\Seven Zip
2006-09-01 15:41 -------- d-------- C:\Documents and Settings\paddy\Application Data\Ahead
2006-08-25 15:45 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-21 12:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 09:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-16 11:58 100352 --a------ C:\WINDOWS\system32\6to4svc.dll
 
 
((((((((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))
 
*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"SpeedTouch USB Diagnostics"="\"C:\\Program Files\\Thomson\\SpeedTouch USB\\Dragdiag.exe\" /icon"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"SpywareTerminator"="\"C:\\Program Files\\Spyware Terminator\\SpywareTerminatorShield.exe\""
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"NeroFilterCheck"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
"RegistryMechanic"="C:\\Program Files\\Registry Mechanic\\RegMech.exe /QS"
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"Source"="http://newsimg.bbc.co.uk/media/images/4103...le-getty416.jpg"
"SubscribedURL"="http://newsimg.bbc.co.uk/media/images/4103...le-getty416.jpg"
"FriendlyName"=""
"Flags"=dword:00001001
"Position"=hex:2c,00,00,00,a2,01,00,00,23,00,00,00,a4,00,00,00,9a,00,00,00,e8,\
  03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,00
"OriginalStateInfo"=hex:18,00,00,00,d2,03,00,00,6d,01,00,00,a0,01,00,00,2c,01,\
  00,00,01,00,00,40
"RestoredStateInfo"=hex:14,6d,ae,06,41,c0,b4,74,a8,6f,7a,01,68,de,ae,06,20,6d,\
  ae,06,08,09,00,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,de,03,00,00,00,\
  00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
  ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
  00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{dfa61db1-388e-4c87-8d56-540fa229bcb4}"="contrabandists"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"pmsngr.exe"="C:\\Program Files\\VideoCompressionCodec\\pmsngr.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

 
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Symantec NetDetect.job

Completion time: 06-11-01 12:23:50.64
C:\ComboFix.txt ... 06-11-01 12:23






Thats all the logs hope you can help
Thanks guestolo

19
Tech Clinic / guestolo can u help please
« on: October 30, 2006, 08:12:13 PM »
Guestolo i was wondering if you can help me? Ive tried AVG Pro, Ad-Aware, Regisrty Mechanic and Spyware Remover both in safe mode and normal mode but cant get rid of some little yellow thing in bottom right of my computer which is always bringing up pop-ups for anti-viruses, porn sites etc. etc.
Also everytime i right click to paste something or every now and again roxio easy media creator tries to install????

Anyway would really really appreciate sum help, Thanks very much mate
Regards
Paddy



Logfile of HijackThis v1.99.1
Scan saved at 00:58:41, on 31/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\Program Files\VideoCompressionCodec\pmsngr.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\VideoCompressionCodec\pmmon.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\paddy\Desktop\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7b4d79df-9ef0-429d-a0e9-d9b138c6a53b} - blank (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /QS
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: 32Red Poker - {437F7F6F-FFCC-47e1-8A4B-C992493CF6C3} - C:\Program Files\32RedMPP\MPPoker.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by111fd.bay111.Email Removed.msn.com/resources/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{39114087-D037-441A-86E4-FFAB57148C1B}: NameServer = 212.139.132.6 212.139.132.7
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Pages: [1]