Jump to content

paley

Members
  • Posts

    5
  • Joined

  • Last visited

Everything posted by paley

  1. RPMcMurphy! you are heaven sent! Thank you ever so much! I just ran MBAM and it does seem I am all clean now! Thank you for your patience and assistance... and quick response! I feel a bit rude running away now that youre done helping me... You're excellent! and I shall heed your advice... I've learned my lesson now. I don't even know how I got it.
  2. Hello! Yes ... the pop ups have gone away now! I have a question though.. do you think like my initial problem... that my webcam was really controlled or it was just to scare me? because if it was... it's terrifying. oh here is the MBAM Log Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4455 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 8/21/2010 9:11:49 AM mbam-log-2010-08-21 (09-11-49).txt Scan type: Quick scan Objects scanned: 131605 Time elapsed: 3 minute(s), 35 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Here is the Kaspersky Log -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0: scan report Saturday, August 21, 2010 Operating system: Microsoft Professional (build 7600) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Friday, August 20, 2010 21:22:39 Records in database: 4130136 -------------------------------------------------------------------------------- Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: yes Scan area - My Computer: C:\ D:\ E:\ G:\ Scan statistics: Objects scanned: 156444 Threats found: 0 Infected objects found: 0 Suspicious objects found: 0 Scan duration: 02:15:29 No threats found. Scanned area is clean. Selected area has been scanned. Yay!... am I clear now??
  3. Hello Again! Here is the Combofix log... ComboFix 10-08-19.02 - Puff 08/21/2010 8:33.1.4 - x86 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2047.993 [GMT 8:00] Running from: c:\users\Puff\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\programdata\Microsoft\Network\Downloader\qmgr0.dat c:\programdata\Microsoft\Network\Downloader\qmgr1.dat c:\users\Puff\AppData\Roaming\cglogs.dat ----- BITS: Possible infected sites ----- hxxp://globebroadbandclickfix.com.ph . ((((((((((((((((((((((((( Files Created from 2010-07-21 to 2010-08-21 ))))))))))))))))))))))))))))))) . 2010-08-21 00:38 . 2010-08-21 00:38 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-08-19 12:32 . 2010-08-19 12:32 388096 ----a-r- c:\users\Puff\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-08-19 12:32 . 2010-08-19 12:32 -------- d-----w- c:\program files\Trend Micro 2010-08-18 17:51 . 2010-08-18 17:51 -------- d-----w- c:\users\Puff\AppData\Roaming\Malwarebytes 2010-08-18 17:51 . 2010-04-29 07:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-08-18 17:51 . 2010-08-18 17:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-08-18 17:51 . 2010-08-18 17:51 -------- d-----w- c:\programdata\Malwarebytes 2010-08-18 17:51 . 2010-04-29 07:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-08-17 17:13 . 2010-08-17 17:21 -------- d-----w- c:\users\Puff\AppData\Local\Sony 2010-08-17 17:12 . 2010-08-17 17:12 -------- d-----w- c:\users\Puff\Podcasts 2010-08-17 17:10 . 2010-08-17 17:10 -------- d-----w- c:\program files\Common Files\Sony Shared 2010-08-17 17:09 . 2010-08-17 17:09 10134 ----a-r- c:\users\Puff\AppData\Roaming\Microsoft\Installer\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}\ARPPRODUCTICON.exe 2010-08-17 17:09 . 2010-08-17 17:09 -------- d-----w- c:\users\Puff\AppData\Local\Downloaded Installations 2010-08-17 17:09 . 2010-08-17 17:10 -------- d-----w- c:\program files\Sony 2010-08-17 17:09 . 2010-08-17 17:09 -------- d-----w- c:\programdata\Sony Corporation 2010-08-17 17:08 . 2010-08-17 17:12 -------- d-----w- c:\users\Puff\AppData\Roaming\Sony 2010-08-17 17:06 . 2010-08-17 17:06 -------- d-----w- c:\programdata\Sony Ericsson 2010-08-17 17:06 . 2010-08-17 17:06 -------- d-----w- c:\program files\Sony Ericsson 2010-08-16 15:24 . 2010-08-16 15:24 1196032 ----a-w- c:\windows\system32\drivers\RemoveWAT.exe 2010-08-12 21:24 . 2010-08-12 21:24 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll 2010-08-12 21:22 . 2010-08-12 21:22 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll 2010-08-12 21:21 . 2010-08-12 21:21 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll 2010-08-12 12:21 . 2010-06-30 06:25 978432 ----a-w- c:\windows\system32\wininet.dll 2010-08-12 12:15 . 2010-06-19 04:07 2326016 ----a-w- c:\windows\system32\win32k.sys 2010-08-12 12:15 . 2010-06-14 06:12 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys 2010-08-12 12:14 . 2010-07-29 06:30 197632 ----a-w- c:\windows\system32\ir32_32.dll 2010-08-12 12:14 . 2010-07-29 06:30 82944 ----a-w- c:\windows\system32\iccvid.dll 2010-08-12 12:14 . 2010-06-19 06:23 37376 ----a-w- c:\windows\system32\rtutils.dll 2010-08-12 12:14 . 2010-06-08 06:02 1233920 ----a-w- c:\windows\system32\msxml3.dll 2010-08-12 12:14 . 2010-06-22 02:47 310784 ----a-w- c:\windows\system32\drivers\srv.sys 2010-08-12 12:14 . 2010-06-22 02:47 307200 ----a-w- c:\windows\system32\drivers\srv2.sys 2010-08-12 12:14 . 2010-06-22 02:47 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys 2010-08-12 12:14 . 2010-06-19 06:33 3955080 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-08-12 12:14 . 2010-06-19 06:33 3899784 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-08-12 12:14 . 2010-06-16 05:48 224256 ----a-w- c:\windows\system32\schannel.dll 2010-08-08 20:12 . 2010-08-09 12:29 -------- d-----w- C:\Games 2010-08-08 19:58 . 2010-08-08 19:58 -------- d-----w- c:\users\Puff\AppData\Local\DOSBox 2010-08-03 16:57 . 2010-08-03 16:57 -------- d-----w- c:\program files\gAlwaysIdle 2010-08-01 18:28 . 2010-08-01 18:28 588096 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll 2010-08-01 03:20 . 2010-08-01 03:20 77184 ----a-w- c:\programdata\NOS\Adobe_Downloads\arh.exe 2010-08-01 02:56 . 2010-08-01 02:56 -------- d-----w- c:\programdata\ALM 2010-08-01 02:54 . 2010-08-01 02:54 -------- d-----w- c:\program files\Adobe Media Player 2010-08-01 02:45 . 2010-08-15 09:59 -------- d-----w- c:\programdata\NOS 2010-07-31 10:43 . 2010-08-20 14:20 -------- d-----w- c:\users\Puff\Tracing 2010-07-31 10:37 . 2010-08-02 12:34 -------- d-----w- c:\program files\Microsoft Silverlight 2010-07-31 10:37 . 2010-07-31 10:37 -------- d-----w- c:\program files\Microsoft 2010-07-31 10:37 . 2010-07-31 10:37 -------- d-----w- c:\program files\Windows Live SkyDrive 2010-07-31 10:37 . 2010-07-31 10:37 -------- d-----w- c:\program files\Windows Live 2010-07-31 10:36 . 2010-07-31 10:36 -------- d-----w- c:\windows\PCHEALTH 2010-07-31 10:07 . 2010-07-31 10:07 -------- d-----w- c:\program files\Common Files\Windows Live 2010-07-29 22:15 . 2010-07-29 22:15 -------- d-----w- c:\programdata\LightScribe 2010-07-25 15:15 . 2010-07-25 15:15 -------- d-----w- c:\program files\AtomixMP3 2010-07-25 14:50 . 2010-07-25 14:50 -------- d-----w- C:\$AVG 2010-07-25 14:37 . 2010-07-25 14:37 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll 2010-07-25 14:36 . 2010-07-25 14:36 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll 2010-07-25 14:35 . 2010-07-25 14:35 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll 2010-07-25 14:35 . 2010-07-25 15:16 -------- d-----w- c:\users\Puff\AppData\Roaming\Audacity 2010-07-25 14:34 . 2010-07-25 14:34 588096 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2010-07-25 14:34 . 2010-07-25 14:34 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode) 2010-07-24 01:35 . 2010-08-18 16:03 188152 ----a-w- c:\users\Puff\AppData\Roaming\Mozilla\Firefox\Profiles\rknfoa3g.default\FlashGot.exe 2010-07-24 01:11 . 2010-08-01 03:06 -------- d-----w- c:\programdata\regid.1986-12.com.adobe 2010-07-24 01:06 . 2010-08-01 03:32 -------- d-----w- c:\program files\Common Files\Adobe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-08-21 00:38 . 2010-07-17 02:27 -------- d-----w- c:\users\Puff\AppData\Roaming\Skype 2010-08-21 00:29 . 2010-07-17 03:21 -------- d-----w- c:\users\Puff\AppData\Roaming\BitTorrent 2010-08-21 00:28 . 2010-07-20 15:57 0 ----a-w- c:\users\Puff\AppData\Local\prvlcl.dat 2010-08-21 00:19 . 2010-07-17 02:29 -------- d-----w- c:\users\Puff\AppData\Roaming\skypePM 2010-08-20 16:04 . 2010-07-17 11:36 -------- d-----w- c:\users\Puff\AppData\Roaming\Media Player Classic 2010-08-20 14:20 . 2010-07-16 10:43 -------- d-----w- c:\programdata\NVIDIA 2010-08-17 17:06 . 2010-07-16 10:32 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-08-16 15:25 . 2009-07-13 23:40 409088 ----a-w- c:\windows\system32\systemcpl.dll 2010-08-16 15:25 . 2009-07-13 23:36 13824 ----a-w- c:\windows\system32\slwga.dll 2010-08-15 00:44 . 2010-07-19 17:19 -------- d-----w- c:\program files\Common Files\Adobe AIR 2010-08-15 00:43 . 2010-07-19 17:19 53632 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe 2010-08-14 23:18 . 2010-07-17 11:57 -------- d-----w- c:\program files\iTunes 2010-07-26 11:36 . 2010-07-17 11:57 -------- d-----w- c:\users\Puff\AppData\Roaming\Apple Computer 2010-07-24 07:23 . 2010-07-17 02:27 -------- d-----w- c:\program files\Google 2010-07-24 01:11 . 2010-07-16 11:23 57560 ----a-w- c:\users\Puff\AppData\Local\GDIPFONTCACHEV1.DAT 2010-07-20 14:10 . 2010-07-20 14:10 -------- d-----w- c:\program files\Common Files\SupportSoft 2010-07-20 14:10 . 2010-07-20 14:10 -------- d-----w- c:\programdata\SupportSoft 2010-07-20 14:10 . 2010-07-20 14:10 -------- d-----w- c:\program files\Globe Telecom 2010-07-19 17:19 . 2010-07-19 17:19 -------- d-----w- c:\users\Puff\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1 2010-07-19 17:19 . 2010-07-19 17:19 -------- d-----w- c:\program files\TweetDeck 2010-07-19 17:14 . 2010-07-19 17:19 53632 ----a-w- c:\users\Puff\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe 2010-07-18 13:04 . 2010-07-18 13:03 -------- d-----w- c:\programdata\WinZip 2010-07-18 13:04 . 2010-07-18 13:04 -------- d-----w- c:\users\Puff\AppData\Roaming\IrfanView 2010-07-18 13:04 . 2010-07-18 13:04 -------- d-----w- c:\program files\IrfanView 2010-07-17 13:34 . 2010-07-17 13:34 -------- d-----w- c:\programdata\Soulseek 2010-07-17 13:33 . 2010-07-17 13:33 -------- d-----w- c:\program files\SoulseekNS 2010-07-17 13:21 . 2010-07-17 13:20 108 ----a-w- c:\programdata\Last.fm\Client\uninst2.bat 2010-07-17 13:20 . 2010-07-17 13:21 683801 ----a-w- c:\programdata\Last.fm\Client\UninstWMP\unins000.exe 2010-07-17 13:20 . 2010-07-17 13:20 683801 ----a-w- c:\programdata\Last.fm\Client\UninstITW\unins000.exe 2010-07-17 13:20 . 2010-07-17 13:20 -------- d-----w- c:\programdata\Last.fm 2010-07-17 13:19 . 2010-07-17 13:19 -------- d-----w- c:\program files\Last.fm 2010-07-17 11:57 . 2010-07-17 11:57 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521} 2010-07-17 11:57 . 2010-07-17 11:57 -------- d-----w- c:\program files\iPod 2010-07-17 11:57 . 2010-07-17 11:52 -------- d-----w- c:\programdata\Apple Computer 2010-07-17 11:57 . 2010-07-17 11:52 -------- d-----w- c:\program files\Common Files\Apple 2010-07-17 11:52 . 2010-07-17 11:52 -------- d-----w- c:\program files\QuickTime 2010-07-17 11:52 . 2010-07-17 11:52 -------- d-----w- c:\program files\Apple Software Update 2010-07-17 11:52 . 2010-07-17 11:52 -------- d-----w- c:\program files\Bonjour 2010-07-17 11:52 . 2010-07-17 11:52 -------- d-----w- c:\programdata\Apple 2010-07-17 06:23 . 2010-07-16 10:33 -------- d-----w- c:\programdata\Norton 2010-07-17 06:05 . 2010-07-17 06:05 -------- d-----w- c:\program files\7-Zip 2010-07-17 05:52 . 2010-07-17 05:52 -------- d-----w- c:\program files\CCleaner 2010-07-17 05:16 . 2010-07-17 05:16 -------- d-----w- c:\program files\Common Files\Java 2010-07-17 05:15 . 2010-07-17 05:15 423656 ----a-w- c:\windows\system32\deployJava1.dll 2010-07-17 05:15 . 2010-07-17 05:15 -------- d-----w- c:\program files\Java 2010-07-17 04:55 . 2010-07-17 04:55 12536 ----a-w- c:\windows\system32\avgrsstx.dll 2010-07-17 04:55 . 2010-07-17 04:55 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-07-17 04:55 . 2010-07-17 04:54 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2010-07-17 04:54 . 2010-07-17 04:54 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2010-07-17 04:53 . 2010-07-17 04:53 -------- d-----w- c:\program files\AVG 2010-07-17 04:53 . 2010-07-17 04:52 -------- d-----w- c:\programdata\avg9 2010-07-17 04:11 . 2010-07-17 04:11 -------- d-----w- c:\program files\MSXML 4.0 2010-07-17 03:48 . 2010-07-17 03:48 -------- d-----w- c:\program files\K-Lite Codec Pack 2010-07-17 03:19 . 2010-07-17 03:19 -------- d-----w- c:\program files\BitTorrent 2010-07-17 02:50 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail 2010-07-17 02:29 . 2010-07-17 02:29 56 ---ha-w- c:\programdata\ezsidmv.dat 2010-07-17 02:26 . 2010-07-17 02:26 -------- d-----r- c:\program files\Skype 2010-07-17 02:26 . 2010-07-17 02:26 -------- d-----w- c:\program files\Common Files\Skype 2010-07-17 02:26 . 2010-07-17 02:26 -------- d-----w- c:\programdata\Skype 2010-07-17 02:02 . 2010-07-17 02:02 79367 ----a-w- c:\users\Puff\AppData\Roaming\Google\Google Talk\uninstall.exe 2010-07-17 01:48 . 2010-07-17 01:48 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf 2010-07-17 01:47 . 2010-07-17 01:47 -------- d-----w- c:\program files\Smart Bro 2010-07-16 11:11 . 2010-07-16 11:11 -------- d-----w- c:\program files\Vimicro 2010-07-16 11:07 . 2010-07-16 11:07 -------- d-----w- c:\users\Puff\AppData\Roaming\Nero 2010-07-16 11:00 . 2010-07-16 11:00 -------- d-----w- c:\program files\Common Files\LightScribe 2010-07-16 10:57 . 2010-07-16 10:55 -------- d-----w- c:\program files\Common Files\Nero 2010-07-16 10:55 . 2010-07-16 10:55 -------- d-----w- c:\programdata\Nero 2010-07-16 10:55 . 2010-07-16 10:55 -------- d-----w- c:\program files\Nero 2010-07-16 10:43 . 2010-07-16 10:42 -------- d-----w- c:\program files\NVIDIA Corporation 2010-07-16 10:40 . 2010-07-16 10:40 -------- d-----w- c:\program files\Vtune 2010-07-16 10:33 . 2010-07-16 10:33 -------- d-----w- c:\programdata\NortonInstaller 2010-07-16 10:32 . 2010-07-16 10:32 -------- d--h--w- c:\program files\Temp 2010-07-16 10:32 . 2010-07-16 10:32 -------- d-----w- c:\program files\Realtek 2010-07-16 10:32 . 2010-07-16 10:32 -------- d-----w- c:\program files\Common Files\InstallShield 2010-07-16 10:31 . 2010-07-16 10:31 -------- d-----w- c:\program files\Intel 2010-07-14 08:00 . 2010-07-17 03:48 108032 ----a-w- c:\windows\system32\ff_vfw.dll 2010-06-11 08:51 . 2010-06-11 08:51 3055600 ----a-w- c:\users\Puff\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll 2010-06-11 08:36 . 2010-06-11 08:36 275952 ----a-w- c:\users\Puff\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll 2010-06-08 16:10 . 2010-07-17 03:48 790528 ----a-w- c:\windows\system32\xvidcore.dll 2010-06-08 16:10 . 2010-07-17 03:48 134144 ----a-w- c:\windows\system32\xvidvfw.dll 2010-05-27 07:24 . 2010-07-17 02:13 34304 ----a-w- c:\windows\system32\atmlib.dll 2010-05-27 03:49 . 2010-07-17 02:13 293888 ----a-w- c:\windows\system32\atmfd.dll 2010-05-23 09:50 . 2010-07-17 04:28 73216 ----a-w- c:\users\Puff\AppData\Roaming\Mozilla\Firefox\Profiles\rknfoa3g.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll 2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat 2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TBPanel"="c:\program files\Vtune\TBPanel.exe" [2010-03-17 2158592] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424] "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-08-20 2363392] "googletalk"="c:\users\Puff\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648] "Google Update"="c:\users\Puff\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-07-17 136176] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504] "BitTorrent"="c:\program files\BitTorrent\bittorrent.exe" [2010-02-09 654648] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080] "Sony Ericsson PC Companion"="c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" [2010-04-19 405712] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-18 7711264] "BigDogPath"="c:\windows\VM_STI.EXE" [2004-02-24 49152] "AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-17 2065760] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120] "globe"="c:\program files\Globe Telecom\Click Fix\bin\sprtcmd.exe" [2009-07-06 204672] "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-05 500208] "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-21 406992] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832] "gidle"="c:\program files\gAlwaysIdle\gidle.exe" [2008-01-07 49152] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\System32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-18 136176] R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-17 1343400] S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-07-17 216400] S1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2010-07-17 243024] S2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-07-20 921952] S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-07-17 308136] S2 sprtsvc_globe;SupportSoft Sprocket Service (globe);c:\program files\Globe Telecom\Click Fix\bin\sprtsvc.exe [2009-07-06 204672] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-03-15 240232] S2 tgsrvc_globe;SupportSoft Repair Service (globe);c:\program files\Globe Telecom\Click Fix\bin\tgsrvc.exe [2009-07-06 151424] S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2010-03-11 153736] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2009-08-20 05:24 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Contents of the 'Scheduled Tasks' folder 2010-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-07-18 22:03] 2010-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-07-18 22:03] 2010-08-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2088781879-4145325823-710361088-1000Core.job - c:\users\Puff\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-17 02:04] 2010-08-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2088781879-4145325823-710361088-1000UA.job - c:\users\Puff\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-17 02:04] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.igoogle.com/ uInternet Settings,ProxyOverride = *.local FF - ProfilePath - c:\users\Puff\AppData\Roaming\Mozilla\Firefox\Profiles\rknfoa3g.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q= FF - prefs.js: browser.search.selectedEngine - Flickr Tags FF - prefs.js: browser.startup.homepage - hxxp://igoogle.com FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&q= FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff36\gears.dll FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll FF - component: c:\users\Puff\AppData\Roaming\Mozilla\Firefox\Profiles\rknfoa3g.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll FF - component: c:\users\Puff\AppData\Roaming\Mozilla\Firefox\Profiles\rknfoa3g.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll FF - component: c:\users\Puff\AppData\Roaming\Mozilla\Firefox\Profiles\rknfoa3g.default\extensions\twitternotifier@naan.net\platform\WINNT\components\nsTwitterFoxSign.dll FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\NVIDIA Corporation\3D Vision\npnv3dv.dll FF - plugin: c:\program files\Sony\Media Go\npmediago.dll FF - plugin: c:\users\Puff\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\users\Puff\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll FF - plugin: c:\users\Puff\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . - - - - ORPHANS REMOVED - - - - WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) ActiveSetup-{BLBTN2CL-CFQH-TRYE-NAUG-RZXYLCUMZ5YA} - c:\users\Puff\AppData\Local\Temp\LLyte.exe . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2010-08-21 08:39:41 ComboFix-quarantined-files.txt 2010-08-21 00:39 Pre-Run: 226,535,587,840 bytes free Post-Run: 226,445,881,344 bytes free - - End Of File - - DB41067F521D75F6C6B3523C77703FEF
  4. Thank you so much for your help...RPMcMurphy now here are the information that you wanted...I Hope i did it correctly... DDS Log DDS (Ver_10-03-17.01) - NTFSx86 Run by Puff at 20:04:28.43 on Fri 08/20/2010 Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2047.979 [GMT 8:00] ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Program Files\AVG\AVG9\avgchsvx.exe C:\Program Files\AVG\AVG9\avgrsx.exe C:\Windows\system32\lsm.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\AVG\AVG9\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Google\Update\1.2.183.29\GoogleCrashHandler.exe C:\Program Files\Globe Telecom\Click Fix\bin\sprtsvc.exe C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Globe Telecom\Click Fix\bin\tgsrvc.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\AVG\AVG9\avgemc.exe C:\Program Files\AVG\AVG9\avgnsx.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Windows\Vm_sti.exe C:\Program Files\AVG\AVG9\avgtray.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\gAlwaysIdle\gidle.exe C:\Program Files\Vtune\TBPANEL.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\Users\Puff\AppData\Roaming\Google\Google Talk\googletalk.exe C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\BitTorrent\bittorrent.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Windows\system32\WUDFHost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe C:\Windows\system32\sppsvc.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Users\Puff\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Users\Puff\Desktop\dds.scr C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uStart Page = hxxp://www.igoogle.com/ uInternet Settings,ProxyOverride = *.local BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File uRun: [TBPanel] c:\program files\vtune\TBPanel.exe /A uRun: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden uRun: [googletalk] c:\users\Puff\appdata\roaming\google\google talk\googletalk.exe /autostart uRun: [Google Update] "c:\users\Puff\appdata\local\google\update\GoogleUpdate.exe" /c uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [bitTorrent] "c:\program files\bittorrent\bittorrent.exe" uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background uRun: [t0J4hMCth3] c:\users\Puff\appdata\local\temp\LLyte.exe uRun: [sony Ericsson PC Companion] "c:\program files\sony ericsson\sony ericsson pc companion\PCCompanion.exe" /Background mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s mRun: [bigDogPath] c:\windows\VM_STI.EXE A4 Tech USB PC Camera mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [globe] c:\program files\globe telecom\click fix\bin\sprtcmd.exe /P globe mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe" mRun: [switchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [gidle] "c:\program files\galwaysidle\gidle.exe" mRun: [VAcg9sVUjpiNeY] c:\users\Puff\appdata\local\temp\LLyte.exe mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL AppInit_DLLs: avgrsstx.dll mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe" uASetup: {BLBTN2CL-CFQH-TRYE-NAUG-RZXYLCUMZ5YA} - c:\users\Puff\appdata\local\temp\LLyte.exe ================= FIREFOX =================== FF - ProfilePath - c:\users\Puff\appdata\roaming\mozilla\firefox\profiles\rknfoa3g.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q= FF - prefs.js: browser.startup.homepage - hxxp://igoogle.com FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&q= FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll FF - component: c:\program files\google\google gears\firefox\lib\ff36\gears.dll FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll FF - component: c:\users\Puff\appdata\roaming\mozilla\firefox\profiles\rknfoa3g.default\extensions\{463f6ca5-ee3c-4be1-b7e6-7fee11953374}\platform\winnt\components\FoxyTunes.dll FF - component: c:\users\Puff\appdata\roaming\mozilla\firefox\profiles\rknfoa3g.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc_fireftp.dll FF - component: c:\users\Puff\appdata\roaming\mozilla\firefox\profiles\rknfoa3g.default\extensions\twitternotifier@naan.net\platform\winnt\components\nsTwitterFoxSign.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll FF - plugin: c:\program files\sony\media go\npmediago.dll FF - plugin: c:\users\Puff\appdata\local\google\update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\users\Puff\appdata\roaming\mozilla\plugins\npgoogletalk.dll FF - plugin: c:\users\Puff\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24); c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096); c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); ============= SERVICES / DRIVERS =============== R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-7-17 216400] R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-7-17 29584] R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-7-17 243024] R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-7-21 921952] R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-17 308136] R2 sprtsvc_globe;SupportSoft Sprocket Service (globe);c:\program files\globe telecom\click fix\bin\sprtsvc.exe [2010-7-20 204672] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-3-16 240232] R2 tgsrvc_globe;SupportSoft Repair Service (globe);c:\program files\globe telecom\click fix\bin\tgsrvc.exe [2010-7-20 151424] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-19 136176] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888] S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\sony ericsson\sony ericsson pc companion\PCCService.exe [2010-8-18 153736] S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-7-17 1343400] =============== Created Last 30 ================ 2010-08-19 12:32:23 0 d-----w- c:\program files\Trend Micro 2010-08-18 17:51:32 0 d-----w- c:\users\Puff\appdata\roaming\Malwarebytes 2010-08-18 17:51:26 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-08-18 17:51:25 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-08-18 17:51:25 0 d-----w- c:\programdata\Malwarebytes 2010-08-18 17:51:25 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-08-17 17:12:30 0 d-----w- c:\users\Puff\Podcasts 2010-08-17 17:10:07 0 d-----w- c:\program files\common files\Sony Shared 2010-08-17 17:09:48 0 d-----w- c:\programdata\Sony Corporation 2010-08-17 17:09:48 0 d-----w- c:\program files\Sony 2010-08-17 17:06:57 0 d-----w- c:\programdata\Sony Ericsson 2010-08-17 17:06:57 0 d-----w- c:\program files\Sony Ericsson 2010-08-16 15:24:49 1196032 ----a-w- c:\windows\system32\drivers\RemoveWAT.exe 2010-08-12 12:21:18 978432 ----a-w- c:\windows\system32\wininet.dll 2010-08-12 12:21:18 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2010-08-12 12:15:26 2326016 ----a-w- c:\windows\system32\win32k.sys 2010-08-12 12:15:23 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys 2010-08-12 12:14:43 82944 ----a-w- c:\windows\system32\iccvid.dll 2010-08-12 12:14:43 197632 ----a-w- c:\windows\system32\ir32_32.dll 2010-08-12 12:14:41 37376 ----a-w- c:\windows\system32\rtutils.dll 2010-08-12 12:14:39 1233920 ----a-w- c:\windows\system32\msxml3.dll 2010-08-12 12:14:37 310784 ----a-w- c:\windows\system32\drivers\srv.sys 2010-08-12 12:14:37 307200 ----a-w- c:\windows\system32\drivers\srv2.sys 2010-08-12 12:14:37 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys 2010-08-12 12:14:35 3955080 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-08-12 12:14:35 3899784 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-08-12 12:14:09 224256 ----a-w- c:\windows\system32\schannel.dll 2010-08-09 12:29:01 0 d-----w- c:\windows\system32\appmgmt 2010-08-08 20:12:48 0 d-----w- C:\Games 2010-08-03 16:57:46 0 d-----w- c:\program files\gAlwaysIdle 2010-08-01 02:56:10 0 d-----w- c:\programdata\ALM 2010-08-01 02:45:15 0 d-----w- c:\programdata\NOS 2010-07-31 13:39:15 921624 ----a-w- c:\windows\00000000.STI 2010-07-31 10:43:25 0 d-----w- c:\users\Puff\Tracing 2010-07-31 10:37:35 0 d-----w- c:\program files\Microsoft 2010-07-31 10:37:21 0 d-----w- c:\program files\Windows Live SkyDrive 2010-07-31 10:36:47 0 d-----w- c:\windows\PCHEALTH 2010-07-31 10:07:28 0 d-----w- c:\program files\common files\Windows Live 2010-07-29 22:15:31 0 d-----w- c:\programdata\LightScribe 2010-07-25 15:15:47 0 d-----w- c:\program files\AtomixMP3 2010-07-25 14:50:11 0 d--h--w- C:\$AVG 2010-07-25 14:34:55 0 d-----w- c:\program files\Audacity 1.3 Beta (Unicode) 2010-07-24 01:11:50 0 d-----w- c:\programdata\regid.1986-12.com.adobe ==================== Find3M ==================== 2010-08-20 12:04:02 5475 ---ha-w- c:\users\Puff\appdata\roaming\cglogs.dat 2010-08-16 15:25:30 409088 ----a-w- c:\windows\system32\systemcpl.dll 2010-08-16 15:25:30 13824 ----a-w- c:\windows\system32\slwga.dll 2010-07-17 05:15:11 423656 ----a-w- c:\windows\system32\deployJava1.dll 2010-07-17 04:55:06 12536 ----a-w- c:\windows\system32\avgrsstx.dll 2010-07-17 04:55:05 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-07-17 04:55:00 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2010-07-17 02:29:35 56 ---ha-w- c:\programdata\ezsidmv.dat 2010-07-17 01:48:35 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf 2010-07-14 08:00:00 108032 ----a-w- c:\windows\system32\ff_vfw.dll 2010-06-08 16:10:50 790528 ----a-w- c:\windows\system32\xvidcore.dll 2010-06-08 16:10:50 134144 ----a-w- c:\windows\system32\xvidvfw.dll 2010-05-27 07:24:13 34304 ----a-w- c:\windows\system32\atmlib.dll 2010-05-27 03:49:37 293888 ----a-w- c:\windows\system32\atmfd.dll 2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat 2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat 2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat 2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat 2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini 2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat 2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat 2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat 2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat 2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat 2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe ============= FINISH: 20:04:53.54 =============== GMER Log GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-08-20 20:18:39 Windows 6.1.7600 Running: mifgedwf.exe; Driver: C:\Users\Puff\AppData\Local\Temp\kwrcruow.sys ---- System - GMER 1.0.15 ---- INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83048AF8 INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83048104 INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830483F4 INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830312D8 INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83030898 INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830481DC INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83048958 INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830486F8 INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83048F2C INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830491A8 ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82C61599 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C85F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text peauth.sys 9926AC9D 28 Bytes [1E, BA, 55, B4, 28, 52, 4A, ...] .text peauth.sys 9926ACC1 28 Bytes [1E, BA, 55, B4, 28, 52, 4A, ...] PAGE spsys.sys!?SPRevision@@3PADA + 4F90 B1451000 290 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...] PAGE spsys.sys!?SPRevision@@3PADA + 50B3 B1451123 32 Bytes [C5, 44, B1, FE, 05, 34, C5, ...] PAGE spsys.sys!?SPRevision@@3PADA + 50D4 B1451144 596 Bytes [44, B1, A0, 34, C5, 44, B1, ...] PAGE spsys.sys!?SPRevision@@3PADA + 5329 B1451399 101 Bytes [6A, 28, 59, A5, 5E, C6, 03, ...] PAGE spsys.sys!?SPRevision@@3PADA + 538F B14513FF 148 Bytes [18, 5D, C2, 14, 00, 8B, FF, ...] PAGE ... ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3208] USER32.dll!TrackPopupMenu 77294B3B 5 Bytes JMP 6D27721D C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Users\Puff\AppData\Roaming\Google\Google Talk\googletalk.exe[3712] USER32.dll!GetLastInputInfo + 13 77276D67 4 Bytes [78, 0A, 60, 02] .text C:\Program Files\Mozilla Firefox\firefox.exe[4212] ntdll.dll!LdrLoadDll 77B8F625 5 Bytes JMP 008113F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation) .text C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe[4704] USER32.dll!CharToOemA + 3A 7726B1DE 7 Bytes JMP 0039FB50 C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\NewUI.dll (New UI/Avanquest Software) .text C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe[4704] USER32.dll!PostMessageW + 2CE 772764F3 7 Bytes JMP 0039FA00 C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\NewUI.dll (New UI/Avanquest Software) .text C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe[4704] USER32.dll!SetDlgItemTextA + 25 77288FF6 7 Bytes JMP 0039FB30 C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\NewUI.dll (New UI/Avanquest Software) .text C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe[4704] USER32.dll!MessageBoxIndirectA + F5 772BE9BE 7 Bytes JMP 0039FBA0 C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\NewUI.dll (New UI/Avanquest Software) .text C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe[4704] USER32.dll!MessageBoxIndirectW + 61 772BEA24 7 Bytes JMP 0039FC70 C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\NewUI.dll (New UI/Avanquest Software) .text C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe[4704] USER32.dll!MessageBoxExA + 1F 772BEA48 7 Bytes JMP 0039FC20 C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\NewUI.dll (New UI/Avanquest Software) ---- Devices - GMER 1.0.15 ---- Device \Driver\ACPI_HAL \Device\00000043 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) ---- EOF - GMER 1.0.15 ---- Attach.zip
  5. Please help me.. I can't seem to find a solution to this virus. I looked at another thread who has a similar problem but I dont know how to solve mine I only experienced this last night.. i was watching a program on my pc when a window suddenly popped saying something like "VLC will now format your computer" there was option to click yes or cancel.. something like that.. i clicked cancel... then it popped again now starting to format...i panicked but soon realised. it's a virus.i don't even have vlc on my pc.. pornhub.com suddenly opened on my firefox...., then i closed it.. and it opened again... then it was zootube365.com .then windows kept popping like 25%, then 35% then 88%... i panicked once more and turned off the pc.. when i turned it on.. firefox immediately opened to pornhub.com again.. then a pop up saying something really lewd.. then another.. then it said something that implied it can see me on my webcam... i panicked more and turned the webcam away.. i'm so afraid.. i ran avg and kaspersky but they found none... i ran malwarebytes and it found cglogs.dat, XxX.xXx, UuU.uUu... please help me... what shld i do.. it keeps reappearing
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.