Jump to content

XP Security 2011


Recommended Posts

Recently seemed to have gotten some type of Malware that does not allow me to open any .exe files and doesn't allow firefox to work. The virus makes a second shield icon like the Windows XP Security one, but this one does it's own virus scan and lists a bunch of viruses and continually opens. Including opening on start-up.

After the Malware launches the computer obviously slows to a grind and I cannot re-enable the firewall.

I ran Malware Bytes and have multiple logs, as it seems to continue coming back upon start-up.

Note: I have been able to use my computer twice since getting it, when Malware bytes cleaned it up, it changed the registries so that .exe files could no longer open. (Any of them). When I rebooted my computer and worked in normal mode, no .exe files would work until I changed the registry back to normal under exefiles. However, the virus did not load itself during this time and I was able to game all day afterwards.

Hope this helps.

Screen shots:

http://i.imgur.com/hisLJ.jpg

http://i.imgur.com/MKVAi.jpg

First log:

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6231

Windows 5.1.2600 Service Pack 3 (Safe Mode)

Internet Explorer 6.0.2900.5512

4/1/2011 12:39:19 AM

mbam-log-2011-04-01 (00-39-19).txt

Scan type: Full scan (C:\|D:\|)

Objects scanned: 613672

Time elapsed: 1 hour(s), 19 minute(s), 20 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 6

Folders Infected: 0

Files Infected: 9

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Dota\Local Settings\Application Data\cdw.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Dota\Local Settings\Application Data\cdw.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Dota\Local Settings\Application Data\cdw.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

c:\documents and settings\Dota\application data\Sun\Java\deployment\cache\6.0\10\5f959d8a-3f86cf73 (Trojan.Agent) -> Quarantined and deleted successfully.

c:\documents and settings\Dota\local settings\application data\cdw.exe (Trojan.Agent) -> Quarantined and deleted successfully.

c:\documents and settings\Dota\local settings\application data\pxg.exe (Trojan.Agent) -> Quarantined and deleted successfully.

d:\!NICK\documents and settings\Nick2\Desktop\desktop junk organizer!\CORE10k.EXE (Dont.Steal.Our.Software) -> Quarantined and deleted successfully.

d:\!NICK\other drive\PROGRA\MyWay\myBar\2.bin\MY2NS.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

d:\!NICK\other drive\PROGRA\MyWay\myBar\2.bin\MYBAR.DLL (Adware.MywaySearch) -> Quarantined and deleted successfully.

d:\!NICK\other drive\WINNT\$ntservicepackuninstall$\iasrad.dll (Spyware.PWS) -> Quarantined and deleted successfully.

d:\!NICK\other drive\WIN_NT\UnstSA2.exe (Adware.BlazeFind) -> Quarantined and deleted successfully.

d:\!NICK\other drive\WIN_NT\$ntservicepackuninstall$\iasrad.dll (Spyware.PWS) -> Quarantined and deleted successfully.

Second Log etc

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6231

Windows 5.1.2600 Service Pack 3 (Safe Mode)

Internet Explorer 6.0.2900.5512

4/2/2011 1:58:52 AM

mbam-log-2011-04-02 (01-58-52).txt

Scan type: Full scan (C:\|D:\|)

Objects scanned: 612799

Time elapsed: 1 hour(s), 19 minute(s), 56 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 6

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Dota\Local Settings\Application Data\hvr.exe" -a "firefox.exe) Good: (firefox.exe) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Dota\Local Settings\Application Data\hvr.exe" -a "firefox.exe -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Dota\Local Settings\Application Data\hvr.exe" -a "iexplore.exe) Good: (iexplore.exe) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Welcome to the forum.

For the .exe file problem, just download and double click on this file and allow it to merge into the registry.

http://download.bleepingcomputer.com/reg/FixExe.reg

------------------------

Please do this:

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

Save it to your desktop.

Double click on the icon on your desktop.

Click the Scan All Users checkbox.

Push the Quick Scan button.

Two reports will open, copy and paste them in a reply here: (or attach them as .txt files)

OTListIt.txt <-- Will be opened

Extra.txt <-- Will be minimized

MrC

Link to post
Share on other sites

Here you are

OTL.Txt

OTL logfile created on: 4/3/2011 3:59:59 PM - Run 1

OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Dota\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 57.00% Memory free

4.00 Gb Paging File | 3.00 Gb Available in Paging File | 73.00% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 298.08 Gb Total Space | 3.78 Gb Free Space | 1.27% Space Free | Partition Type: NTFS

Drive D: | 1397.26 Gb Total Space | 665.21 Gb Free Space | 47.61% Space Free | Partition Type: NTFS

Drive E: | 512.96 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: NICK-ADD496396C | User Name: Dota | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/03 15:58:43 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dota\Desktop\OTL.exe

PRC - [2011/04/01 14:03:18 | 000,106,496 | ---- | M] (S2 Games) -- C:\Program Files\Heroes of Newerth\hon.exe

PRC - [2011/03/18 13:53:06 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2011/03/04 15:37:00 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe

PRC - [2011/03/04 15:36:52 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe

PRC - [2011/03/04 15:36:51 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

PRC - [2011/02/24 00:53:54 | 000,415,072 | ---- | M] () -- C:\Program Files\Dyyno\Dyyno Broadcaster\launcherd.exe

PRC - [2010/11/05 09:27:18 | 007,168,768 | ---- | M] (TeamSpeak Systems GmbH) -- C:\Program Files\TeamSpeak 3 Client\ts3client_win32.exe

PRC - [2010/07/06 18:14:56 | 000,716,024 | ---- | M] (Tunngle.net GmbH) -- C:\Program Files\Tunngle\TnglCtrl.exe

PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

PRC - [2009/01/29 18:20:49 | 000,057,344 | ---- | M] (SlySoft, Inc.) -- C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe

PRC - [2008/04/13 23:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2011/04/03 15:58:43 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dota\Desktop\OTL.exe

MOD - [2008/04/13 23:42:52 | 001,054,208 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/03/04 15:37:00 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2011/03/04 15:36:52 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2011/02/24 00:53:54 | 000,415,072 | ---- | M] () [Auto | Running] -- C:\Program Files\Dyyno\Dyyno Broadcaster\launcherd.exe -- (Dyyno Launcher)

SRV - [2010/07/06 18:14:56 | 000,716,024 | ---- | M] (Tunngle.net GmbH) [Auto | Running] -- C:\Program Files\Tunngle\TnglCtrl.exe -- (TunngleService)

========== Driver Services (SafeList) ==========

DRV - [2011/03/04 17:11:12 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)

DRV - [2011/03/04 15:37:13 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2010/10/15 03:08:35 | 000,025,616 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\Dota\Local Settings\Temp\GUQF6.tmp -- (GarenaPEngine)

DRV - [2010/06/17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2010/06/17 15:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)

DRV - [2010/01/22 22:50:41 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)

DRV - [2009/09/16 08:02:40 | 000,027,136 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tap0901t.sys -- (tap0901t) TAP-Win32 Adapter V9 (Tunngle)

DRV - [2007/02/15 20:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL)

DRV - [2006/06/28 17:25:06 | 000,081,920 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)

DRV - [2006/03/17 19:18:58 | 000,392,960 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)

IE - HKU\S-1-5-21-1844237615-507921405-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage

IE - HKU\S-1-5-21-1844237615-507921405-1801674531-1003\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)

IE - HKU\S-1-5-21-1844237615-507921405-1801674531-1003\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBit1.dll (Conduit Ltd.)

IE - HKU\S-1-5-21-1844237615-507921405-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"

FF - prefs.js..browser.search.defaultenginename: "Winamp Search"

FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query="

FF - prefs.js..browser.search.order.1: "Ask.com"

FF - prefs.js..browser.search.selectedEngine: "Winamp Search"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://www.teamliquid.net"

FF - prefs.js..extensions.enabledItems: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.12

FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4

FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2

FF - prefs.js..extensions.enabledItems: {88c7f2aa-f93f-432c-8f0e-b7d85967a527}:3.2.5.2

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/02 12:23:15 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/02 12:23:14 | 000,000,000 | ---D | M]

[2009/11/20 22:00:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dota\Application Data\Mozilla\Extensions

[2011/04/03 14:25:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dota\Application Data\Mozilla\Firefox\Profiles\s7m1i04m.default\extensions

[2011/03/05 20:08:15 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Documents and Settings\Dota\Application Data\Mozilla\Firefox\Profiles\s7m1i04m.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}

[2011/04/03 14:25:43 | 000,000,000 | ---D | M] (XfireXO Community Toolbar) -- C:\Documents and Settings\Dota\Application Data\Mozilla\Firefox\Profiles\s7m1i04m.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}

[2010/12/20 09:43:40 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Documents and Settings\Dota\Application Data\Mozilla\Firefox\Profiles\s7m1i04m.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}

[2011/04/02 12:35:15 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Dota\Application Data\Mozilla\Firefox\Profiles\s7m1i04m.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2011/03/03 16:12:59 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Documents and Settings\Dota\Application Data\Mozilla\Firefox\Profiles\s7m1i04m.default\extensions\DTToolbar@toolbarnet.com

[2011/03/03 16:12:58 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Dota\Application Data\Mozilla\Firefox\Profiles\s7m1i04m.default\extensions\engine@conduit.com

[2011/04/03 14:25:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dota\Application Data\Mozilla\Firefox\Profiles\s7m1i04m.default\extensions\staged

[2010/12/05 07:07:43 | 000,002,557 | ---- | M] () -- C:\Documents and Settings\Dota\Application Data\Mozilla\Firefox\Profiles\s7m1i04m.default\searchplugins\askcom.xml

[2010/01/22 22:51:20 | 000,002,055 | ---- | M] () -- C:\Documents and Settings\Dota\Application Data\Mozilla\Firefox\Profiles\s7m1i04m.default\searchplugins\daemon-search.xml

[2011/03/05 20:36:39 | 000,001,196 | ---- | M] () -- C:\Documents and Settings\Dota\Application Data\Mozilla\Firefox\Profiles\s7m1i04m.default\searchplugins\winamp-search.xml

[2011/04/02 12:23:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2011/03/27 02:22:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

File not found (No name found) --

() (No name found) -- C:\DOCUMENTS AND SETTINGS\DOTA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\S7M1I04M.DEFAULT\EXTENSIONS\{097D3191-E6FA-4728-9826-B533D755359D}.XPI

[2011/03/27 02:21:54 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

[2011/03/18 13:53:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll

[2011/03/27 02:21:54 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

[2010/12/09 06:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll

[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2001/08/23 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)

O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll (Conduit Ltd.)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBit1.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()

O3 - HKLM\..\Toolbar: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBit1.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)

O3 - HKU\S-1-5-21-1844237615-507921405-1801674531-1003\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()

O3 - HKU\S-1-5-21-1844237615-507921405-1801674531-1003\..\Toolbar\WebBrowser: (BitTorrentBar Toolbar) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files\BitTorrentBar\tbBit1.dll (Conduit Ltd.)

O3 - HKU\S-1-5-21-1844237615-507921405-1801674531-1003\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [CloneCDTray] C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)

O4 - HKLM..\RunOnce: [NSSInstallation] C:\Program Files\DivX\Symantec\scstubinstaller.exe (Symantec Corporation)

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1844237615-507921405-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()

O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cab ()

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab (Solitaire Showdown Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.226.1.94 24.226.10.193 24.226.1.93

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Documents and Settings\Dota\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Dota\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2007/06/12 16:26:11 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2001/04/18 11:23:00 | 000,000,041 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O35 - HKU\S-1-5-21-1844237615-507921405-1801674531-1003..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/03 15:58:42 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dota\Desktop\OTL.exe

[2011/04/03 14:18:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dota\Application Data\Avira

[2011/04/02 12:17:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData

[2011/04/02 12:15:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira

[2011/04/02 12:15:26 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys

[2011/04/02 12:15:25 | 000,137,656 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys

[2011/04/02 12:15:25 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys

[2011/04/02 12:15:25 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys

[2011/04/02 12:15:25 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys

[2011/04/02 12:15:24 | 000,000,000 | ---D | C] -- C:\Program Files\Avira

[2011/04/02 12:15:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira

[2011/03/31 23:35:06 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC

[2011/03/31 23:26:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dota\Local Settings\Application Data\Winamp Toolbar

[2011/03/30 16:18:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dota\Application Data\OpenOffice.org

[2011/03/30 16:17:08 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\OpenOffice.org 3.3

[2011/03/30 16:16:23 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3

[2011/03/30 16:15:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dota\Desktop\OpenOffice.org 3.3 (en-US) Installation Files

[2011/03/27 02:27:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun

[2011/03/27 02:27:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun

[2011/03/27 02:27:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

[2011/03/27 02:22:06 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll

[2011/03/27 02:22:06 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe

[2011/03/27 02:22:06 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe

[2011/03/27 02:22:06 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe

[2011/03/27 02:22:06 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl

[2011/03/27 02:21:50 | 000,000,000 | ---D | C] -- C:\Program Files\Java

[2011/03/27 02:21:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dota\Application Data\Sun

[2011/03/24 01:15:04 | 000,000,000 | ---D | C] -- C:\Program Files\mIRC

[2011/03/24 01:15:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dota\Application Data\mIRC

[2011/03/24 01:15:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\mIRC

[2011/03/05 20:08:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dota\Start Menu\Programs\Winamp Detector Plug-in

[2011/03/05 20:08:17 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp Detect

[2011/03/05 20:08:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Winamp

[2011/03/05 20:08:11 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp Toolbar

[2011/03/05 20:08:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Winamp Toolbar

[2011/03/05 20:07:32 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp

[2011/03/05 20:07:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dota\Application Data\Winamp

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/03 15:58:43 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dota\Desktop\OTL.exe

[2011/04/03 15:12:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2011/04/03 14:22:01 | 000,000,362 | ---- | M] () -- C:\WINDOWS\tasks\Install_NSS.job

[2011/04/03 14:18:56 | 000,432,856 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2011/04/03 14:18:56 | 000,067,560 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2011/04/03 14:17:31 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2011/04/03 14:17:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011/04/03 13:39:47 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2011/04/03 05:23:43 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\Access.dat

[2011/04/02 12:23:16 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Dota\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2011/04/02 12:23:16 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2011/04/02 12:15:35 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk

[2011/04/02 12:10:48 | 000,186,177 | ---- | M] () -- C:\Documents and Settings\Dota\Desktop\what is this.JPG

[2011/04/02 11:29:54 | 000,012,282 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\dcs020pnx6qb2cg757557o3g4oo7cl1yrtu055q0kf6f

[2011/04/02 11:29:53 | 000,012,282 | -HS- | M] () -- C:\Documents and Settings\Dota\Local Settings\Application Data\dcs020pnx6qb2cg757557o3g4oo7cl1yrtu055q0kf6f

[2011/03/31 23:51:58 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/03/31 23:29:10 | 000,015,674 | -HS- | M] () -- C:\Documents and Settings\Dota\Local Settings\Application Data\7a3d8u8784tdd04w7i4a1pj

[2011/03/31 23:29:10 | 000,015,674 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\7a3d8u8784tdd04w7i4a1pj

[2011/03/31 23:27:53 | 000,000,321 | -HS- | M] () -- C:\boot.ini

[2011/03/31 21:06:06 | 000,150,528 | ---- | M] () -- C:\Documents and Settings\Dota\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/03/31 13:35:26 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011/03/31 13:35:22 | 000,124,520 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2011/03/30 16:17:08 | 000,000,885 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.3.lnk

[2011/03/30 16:12:28 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI

[2011/03/30 07:01:57 | 000,006,009 | ---- | M] () -- C:\Documents and Settings\Dota\Desktop\Insurance Companies.rtf

[2011/03/27 02:21:54 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll

[2011/03/27 02:21:54 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe

[2011/03/27 02:21:54 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe

[2011/03/27 02:21:54 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe

[2011/03/27 02:21:54 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl

[2011/03/26 15:38:31 | 000,240,592 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin

[2011/03/26 15:38:31 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin

[2011/03/26 15:38:28 | 000,240,592 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin

[2011/03/24 01:15:04 | 000,000,626 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\mIRC.lnk

[2011/03/17 15:26:16 | 000,000,059 | ---- | M] () -- C:\WINDOWS\pp.enc

[2011/03/14 18:52:49 | 000,001,301 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Continue Carlospoker setup.lnk

[2011/03/09 22:23:13 | 000,000,768 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\StarCraft II.lnk

[2011/03/08 21:41:35 | 000,000,284 | ---- | M] () -- C:\Documents and Settings\Dota\Desktop\New Rich Text Document.rtf

[2011/03/06 20:57:37 | 000,000,216 | ---- | M] () -- C:\Documents and Settings\Dota\Desktop\own3dtv.rtf

[2011/03/05 20:08:17 | 000,000,672 | ---- | M] () -- C:\Documents and Settings\Dota\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk

[2011/03/05 20:08:17 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Winamp.lnk

[2011/03/05 20:08:16 | 000,001,130 | ---- | M] () -- C:\Documents and Settings\Dota\Desktop\50 FREE MP3s +1 Free Audiobook!.lnk

[2011/03/04 17:11:12 | 000,137,656 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/02 12:23:16 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk

[2011/04/02 12:15:35 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk

[2011/04/02 12:10:47 | 000,186,177 | ---- | C] () -- C:\Documents and Settings\Dota\Desktop\what is this.JPG

[2011/04/02 01:06:26 | 000,012,282 | -HS- | C] () -- C:\Documents and Settings\Dota\Local Settings\Application Data\dcs020pnx6qb2cg757557o3g4oo7cl1yrtu055q0kf6f

[2011/04/02 01:06:26 | 000,012,282 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\dcs020pnx6qb2cg757557o3g4oo7cl1yrtu055q0kf6f

[2011/03/31 23:05:37 | 000,015,674 | -HS- | C] () -- C:\Documents and Settings\Dota\Local Settings\Application Data\7a3d8u8784tdd04w7i4a1pj

[2011/03/31 23:05:37 | 000,015,674 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\7a3d8u8784tdd04w7i4a1pj

[2011/03/30 16:17:08 | 000,000,885 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.3.lnk

[2011/03/30 00:33:07 | 000,006,009 | ---- | C] () -- C:\Documents and Settings\Dota\Desktop\Insurance Companies.rtf

[2011/03/26 15:00:27 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2011/03/24 01:15:04 | 000,000,626 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\mIRC.lnk

[2011/03/17 15:26:16 | 000,000,059 | ---- | C] () -- C:\WINDOWS\pp.enc

[2011/03/08 21:41:10 | 000,000,284 | ---- | C] () -- C:\Documents and Settings\Dota\Desktop\New Rich Text Document.rtf

[2011/03/06 20:57:37 | 000,000,216 | ---- | C] () -- C:\Documents and Settings\Dota\Desktop\own3dtv.rtf

[2011/03/05 21:40:13 | 000,001,301 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Continue Carlospoker setup.lnk

[2011/03/05 20:08:17 | 000,000,672 | ---- | C] () -- C:\Documents and Settings\Dota\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk

[2011/03/05 20:08:17 | 000,000,654 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Winamp.lnk

[2011/03/05 20:08:16 | 000,001,130 | ---- | C] () -- C:\Documents and Settings\Dota\Start Menu\Programs\50 FREE MP3s +1 Free Audiobook!.lnk

[2011/03/05 20:08:16 | 000,001,130 | ---- | C] () -- C:\Documents and Settings\Dota\Desktop\50 FREE MP3s +1 Free Audiobook!.lnk

[2011/03/01 07:45:21 | 000,035,090 | ---- | C] () -- C:\WINDOWS\DIIUnin.dat

[2010/12/06 14:45:55 | 000,240,592 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin

[2010/12/06 14:45:54 | 000,240,592 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin

[2010/12/06 14:45:54 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin

[2010/12/06 14:45:41 | 002,293,194 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin

[2010/11/15 12:58:55 | 000,066,344 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

[2010/06/30 15:36:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\Access.dat

[2010/06/24 15:55:14 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI

[2010/01/26 22:57:45 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\pv_c3.exe

[2009/11/20 23:06:14 | 000,000,048 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

[2009/11/20 22:44:26 | 000,150,528 | ---- | C] () -- C:\Documents and Settings\Dota\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/11/20 22:07:12 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini

[2009/11/20 22:00:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2009/11/20 21:48:58 | 000,001,769 | ---- | C] () -- C:\WINDOWS\Language_trs.ini

[2009/11/20 21:43:40 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2009/11/20 21:38:43 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2009/11/20 21:04:08 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

[2009/11/20 21:04:07 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll

[2009/11/20 16:33:00 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2009/11/20 16:31:54 | 000,124,520 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2008/04/13 23:55:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin

[2006/12/31 01:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2001/08/23 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2001/08/23 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2001/08/23 08:00:00 | 000,432,856 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2001/08/23 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2001/08/23 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2001/08/23 08:00:00 | 000,067,560 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2001/08/23 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2001/08/23 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2001/08/23 08:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2001/08/23 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

< End of report >

------------------------------------------------------

Extras.Txt

OTL Extras logfile created on: 4/3/2011 3:59:59 PM - Run 1

OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Dota\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 57.00% Memory free

4.00 Gb Paging File | 3.00 Gb Available in Paging File | 73.00% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 298.08 Gb Total Space | 3.78 Gb Free Space | 1.27% Space Free | Partition Type: NTFS

Drive D: | 1397.26 Gb Total Space | 665.21 Gb Free Space | 47.61% Space Free | Partition Type: NTFS

Drive E: | 512.96 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: NICK-ADD496396C | User Name: Dota | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1844237615-507921405-1801674531-1003\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

htmlfile [edit] -- Reg Error: Key error.

http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)

Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)

Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 1

"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"56079:TCP" = 56079:TCP:*:Enabled:Pando Media Booster

"56079:UDP" = 56079:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DoNotAllowExceptions" = 0

"DisableNotifications" = 1

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"56079:TCP" = 56079:TCP:*:Enabled:Pando Media Booster

"56079:UDP" = 56079:UDP:*:Enabled:Pando Media Booster

"8380:TCP" = 8380:TCP:*:Enabled:League of Legends Launcher

"8380:UDP" = 8380:UDP:*:Enabled:League of Legends Launcher

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)

"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)

"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)

"C:\Program Files\StarCraft II Beta\StarCraft II.exe" = C:\Program Files\StarCraft II Beta\StarCraft II.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)

"C:\Program Files\Steam\steamapps\common\sid meier's civilization iv\Civilization4.exe" = C:\Program Files\Steam\steamapps\common\sid meier's civilization iv\Civilization4.exe:*:Enabled:Sid Meier's Civilization IV -- (Firaxis Games)

"C:\Program Files\Steam\steamapps\common\sid meier's civilization iv beyond the sword\Beyond the Sword\Civ4BeyondSword.exe" = C:\Program Files\Steam\steamapps\common\sid meier's civilization iv beyond the sword\Beyond the Sword\Civ4BeyondSword.exe:*:Enabled:Sid Meier's Civilization IV: Beyond the Sword -- (Firaxis Games)

"C:\Program Files\Steam\steamapps\common\alien swarm\srcds.exe" = C:\Program Files\Steam\steamapps\common\alien swarm\srcds.exe:*:Enabled:Alien Swarm Dedicated Server -- ()

"C:\Program Files\Tunngle\tnglctrl.exe" = C:\Program Files\Tunngle\tnglctrl.exe:*:Enabled:Tunngle Service -- (Tunngle.net GmbH)

"C:\Program Files\Tunngle\tunngle.exe" = C:\Program Files\Tunngle\tunngle.exe:*:Enabled:Tunngle Client -- (Tunngle.net GmbH)

"C:\Program Files\StarCraft II\StarCraft II.exe" = C:\Program Files\StarCraft II\StarCraft II.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)

"C:\Program Files\StarCraft II\Versions\Base15405\SC2.exe" = C:\Program Files\StarCraft II\Versions\Base15405\SC2.exe:*:Enabled:StarCraft II -- (Blizzard Entertainment, Inc.)

"C:\Program Files\StarCraft II\Versions\Base16561\SC2.exe" = C:\Program Files\StarCraft II\Versions\Base16561\SC2.exe:*:Enabled:StarCraft II -- (Blizzard Entertainment, Inc.)

"C:\Program Files\StarCraft II\Versions\Base16605\SC2.exe" = C:\Program Files\StarCraft II\Versions\Base16605\SC2.exe:*:Enabled:StarCraft II -- (Blizzard Entertainment, Inc.)

"C:\Program Files\Steam\steamapps\common\recettear - demo\recettear.exe" = C:\Program Files\Steam\steamapps\common\recettear - demo\recettear.exe:*:Enabled:Recettear: An Item Shop's Tale - Demo -- (Easygamestation)

"C:\Program Files\Steam\steamapps\common\recettear - demo\custom.exe" = C:\Program Files\Steam\steamapps\common\recettear - demo\custom.exe:*:Enabled:Recettear: An Item Shop's Tale - Demo -- ()

"C:\Program Files\StarCraft II\Versions\Base16755\SC2.exe" = C:\Program Files\StarCraft II\Versions\Base16755\SC2.exe:*:Enabled:StarCraft II -- (Blizzard Entertainment, Inc.)

"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()

"C:\Riot Games\League of Legends\air\LolClient.exe" = C:\Riot Games\League of Legends\air\LolClient.exe:*:Enabled:League of Legends Lobby -- (Adobe Systems Inc.)

"C:\Riot Games\League of Legends\game\League of Legends.exe" = C:\Riot Games\League of Legends\game\League of Legends.exe:*:Enabled:League of Legends Game Client -- ()

"C:\Program Files\Logitech\Vid HD\Vid.exe" = C:\Program Files\Logitech\Vid HD\Vid.exe:*:Enabled:Logitech Vid HD

"C:\Program Files\Steam\steamapps\common\alien swarm\swarm.exe" = C:\Program Files\Steam\steamapps\common\alien swarm\swarm.exe:*:Enabled:Alien Swarm -- ()

"C:\Program Files\Dyyno\Dyyno Broadcaster\dgcsrv.exe" = C:\Program Files\Dyyno\Dyyno Broadcaster\dgcsrv.exe:*:Enabled:Dyyno Broadcaster -- (Dyyno)

"C:\Program Files\Dyyno\Dyyno Broadcaster\dppm_source.exe" = C:\Program Files\Dyyno\Dyyno Broadcaster\dppm_source.exe:*:Enabled:Dyyno Broadcaster -- ()

"C:\Program Files\StarCraft II\Versions\Base17326\SC2.exe" = C:\Program Files\StarCraft II\Versions\Base17326\SC2.exe:*:Enabled:StarCraft II -- (Blizzard Entertainment, Inc.)

"C:\Program Files\StarCraft II\Versions\Base18092\SC2.exe" = C:\Program Files\StarCraft II\Versions\Base18092\SC2.exe:*:Enabled:StarCraft II -- (Blizzard Entertainment, Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{10A1D1C4-F0B0-4341-B49A-A9ED8FBDBF9D}" = Livestream Procaster

"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v. 1.3.1249.0

"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java 6 Update 22

"{28999392-5871-4A39-863A-D2A6EA3260AF}" = League of Legends

"{2BA00471-0328-3743-93BD-FA813353A783}" = Microsoft .NET Framework 3.0 Service Pack 1

"{2FC099BD-AC9B-33EB-809C-D332E1B27C40}" = Microsoft .NET Framework 3.5

"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3

"{43DCF766-6838-4F9A-8C91-D92DA586DFA8}" = Microsoft Windows Journal Viewer

"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant

"{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective

"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1

"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Display Control Panel

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 260.99

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.36

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1

"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger

"{B8C3B479-1716-11D5-968A-0050BA84F5F7}" = Baldur's Gate II - Throne of Bhaal

"{BC90276B-BE38-451C-8E4D-FF28FF08ABF6}" = Bloodline Champions Beta

"{C3592426-531E-4110-911D-BFECE2CE284C}" = osu!

"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver

"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BC}" = WinZip 14.0

"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype

Link to post
Share on other sites

  • Root Admin

As you have signs of stealing our software this post will be closed. If you wish to discuss this further you can send a Private Message to an Administrator.

d:\!NICK\documents and settings\Nick2\Desktop\desktop junk organizer!\CORE10k.EXE (Dont.Steal.Our.Software) -> Quarantined and deleted successfully.

Link to post
Share on other sites

  • Root Admin

Okay based on discussion in PM I'll assist you at this time.

Please disable ALL torrent and Peer2Peer software. Uninstall ALL Java software.

Temporarily disable your Anti-Virus and run the following.

  1. Download ComboFix from below:
    Combofix download
    * IMPORTANT !!! Place combofix.exe on your Desktop
  2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  3. Double click on combofix.exe & follow the prompts.
  4. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    cfRC_screen_1.png
    The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.
    With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.
    Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement.
    ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper.
    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says:
    The Recovery Console was successfully installed.
    cfRC_screen_2.png
    Click on Yes, to continue scanning for malware.
  5. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  6. When finished, it shall produce a log for you. Post that log in your next reply
    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
    ---------------------------------------------------------------------------------------------
  7. Ensure your AntiVirus and AntiSpyware applications are re-enabled.
    ---------------------------------------------------------------------------------------------

Link to post
Share on other sites

Kept scanning and took too long so I stopped the scan. Rebooted into normal mode, attempted to open control panel and uninstall Java from there. It just opened up the virus again. Can't seem to uninstall Java from Safe Mode even if I have nothing open. I am able to remove other programs though such as games etc.

Just a list of processes, doubt it will help.

http://i.imgur.com/fnlAM.jpg

Link to post
Share on other sites

  • 3 weeks later...
Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.