PC running slower then normal, HJT log included.

Tuffie

Tuffie

Active Member
Trevor just isn't feeling like hes doing all he can to make me happy, I think he might be sick, heres a HJT log I ran on him, thanks in advance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:21:43 PM, on 7/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [msnsc] C:\WINDOWS\system32\msnsc.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Help\Tours" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_06] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_07] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Help\Tours" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Windows Driver Foundation - User-mode Driver Framework (WudfSvc) - Unknown owner - hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,57,00,75,00,64,00,66,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,47,00,72,00,6f,00,75,00,70,00,00,00 (file missing)

--
End of file - 9720 bytes
 
Last edited:
I'll update the FP's HJT log now.

Heres the combo fix log if you need it:


ComboFix 08-07-23.4 - Tuffie 2008-07-24 15:16:25.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.579 [GMT 10:00]
Running from: C:\Documents and Settings\Tuffie\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Tuffie\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-06-24 to 2008-07-24 )))))))))))))))))))))))))))))))
.

2008-07-24 13:38 . 2008-07-24 13:38 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-21 15:14 . 2008-07-21 15:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-07-21 15:03 . 2008-07-21 15:03 <DIR> d-------- C:\Program Files\StuffPlug3
2008-07-21 14:43 . 2008-07-21 14:43 <DIR> d-------- C:\Program Files\Messenger Plus! Live
2008-07-21 11:52 . 2007-11-14 15:18 553 --a------ C:\WINDOWS\USetup.iss
2008-07-20 23:44 . 2008-07-20 23:49 <DIR> d-------- C:\Downloads
2008-07-20 20:08 . 2008-07-20 20:08 <DIR> d-------- C:\Documents and Settings\Tuffie\Application Data\Software Informer
2008-07-20 20:03 . 2008-07-20 20:03 <DIR> d-------- C:\Program Files\Software Informer
2008-07-20 20:03 . 2008-07-20 20:08 <DIR> d-------- C:\Program Files\Free Download Manager
2008-07-20 20:03 . 2008-07-21 21:20 <DIR> d-------- C:\Documents and Settings\Tuffie\Application Data\Free Download Manager
2008-07-20 20:03 . 2008-07-20 20:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG
2008-07-20 15:56 . 2008-07-20 15:56 <DIR> d-------- C:\Nexon
2008-07-20 15:56 . 2008-07-20 17:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NexonUS
2008-07-20 04:16 . 2008-07-20 04:16 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-20 04:16 . 2008-07-20 04:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-19 00:06 . 2008-07-19 00:07 <DIR> d-------- C:\Documents and Settings\Tuffie\Application Data\Ventrilo
2008-07-19 00:05 . 2008-07-19 00:05 <DIR> d-------- C:\Program Files\Ventrilo
2008-07-19 00:05 . 2008-07-19 00:05 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-18 23:04 . 2008-07-18 23:04 <DIR> d-------- C:\Program Files\Theorica Divx ;-) Codecs
2008-07-18 23:01 . 2008-07-18 23:01 <DIR> d-------- C:\Program Files\LD-Anime
2008-07-17 12:59 . 2008-07-17 12:59 <DIR> d-------- C:\Program Files\XP Codec Pack
2008-07-17 12:59 . 2008-07-01 00:47 421,888 --a------ C:\WINDOWS\system32\ac3filter.acm
2008-07-17 08:26 . 2008-07-24 15:18 2,748,448 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-07-17 08:26 . 2008-07-24 11:34 24,020 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-07-17 08:23 . 2008-07-17 08:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-07-17 08:23 . 2008-07-09 09:05 75,248 --a------ C:\WINDOWS\zllsputility.exe
2008-07-17 08:23 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-07-17 08:23 . 2008-07-17 08:25 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-07-17 08:22 . 2008-07-17 08:22 <DIR> d-------- C:\Program Files\Zone Labs
2008-07-17 08:21 . 2008-07-24 15:12 <DIR> d-------- C:\WINDOWS\Internet Logs
2008-07-16 15:12 . 2008-07-21 16:05 <DIR> d-------- C:\Documents and Settings\Tuffie\Application Data\skypePM
2008-07-16 15:12 . 2008-07-16 15:12 48 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-07-16 15:11 . 2008-07-16 15:11 <DIR> d-------- C:\Program Files\Skype
2008-07-16 15:11 . 2008-07-16 15:11 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-07-16 15:11 . 2008-07-21 21:01 <DIR> d-------- C:\Documents and Settings\Tuffie\Application Data\Skype
2008-07-16 15:11 . 2008-07-16 15:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-07-16 10:43 . 2008-07-16 10:45 <DIR> d-------- C:\Program Files\GCFScape
2008-07-16 09:09 . 2008-07-16 09:09 42,320 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-07-13 20:13 . 2008-07-13 20:13 <DIR> d---s---- C:\Documents and Settings\Tuffie\UserData
2008-07-13 13:18 . 2008-07-13 13:18 <DIR> d-------- C:\Program Files\AskSBar
2008-07-13 13:18 . 2008-07-23 15:09 <DIR> d-------- C:\Documents and Settings\Tuffie\Application Data\Azureus
2008-07-13 13:18 . 2008-07-13 13:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-07-13 13:17 . 2008-07-16 01:19 <DIR> d-------- C:\Program Files\Azureus
2008-07-13 12:45 . 2008-07-24 13:14 <DIR> d--h----- C:\$AVG8.VAULT$
2008-07-11 17:34 . 2008-07-11 19:17 23 --a------ C:\Documents and Settings\Tuffie\jagex_runescape_preferences.dat
2008-07-11 17:33 . 2008-07-11 17:33 <DIR> d-------- C:\WINDOWS\Sun
2008-07-11 17:33 . 2008-07-11 17:33 <DIR> d-------- C:\WINDOWS\.jagex_cache_32
2008-07-09 12:48 . 2008-07-09 12:48 <DIR> d-------- C:\Program Files\ReflexiveArcade
2008-07-09 12:47 . 2008-07-24 11:30 <DIR> d-------- C:\Program Files\Common Files\EasyInfo
2008-07-08 08:06 . 2008-07-08 08:06 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-07-07 17:33 . 2008-07-07 17:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-07-07 17:29 . 2008-07-07 17:29 <DIR> d-------- C:\Program Files\Common Files\Control Panels
2008-07-07 17:27 . 2008-07-07 17:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ALM
2008-07-07 17:10 . 2007-02-20 16:04 2,463,976 --a------ C:\WINDOWS\system32\NPSWF32.dll
2008-07-07 17:10 . 2007-02-20 16:04 190,696 --a------ C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
2008-07-07 17:02 . 2008-07-07 17:02 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-07-07 16:37 . 2008-07-07 17:31 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-07-07 01:27 . 2008-07-07 01:27 <DIR> d--h----- C:\WINDOWS\PIF
2008-07-07 01:27 . 2008-07-07 01:27 <DIR> d-------- C:\Documents and Settings\Tuffie\Application Data\Media Player Classic
2008-07-07 01:03 . 2008-07-07 01:03 <DIR> d-------- C:\Program Files\Windows Live
2008-07-07 00:08 . 2008-07-07 00:08 268 --ah----- C:\sqmdata00.sqm
2008-07-07 00:08 . 2008-07-07 00:08 244 --ah----- C:\sqmnoopt00.sqm
2008-07-06 23:23 . 2008-07-24 00:54 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-07-06 23:23 . 2008-07-24 09:52 137,840 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-07-06 23:23 . 2008-07-24 09:52 111,928 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-07-06 23:23 . 2008-07-06 23:23 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-07-06 22:23 . 2008-07-24 11:22 <DIR> d-------- C:\Program Files\EA GAMES
2008-07-06 22:11 . 2008-07-06 22:11 <DIR> d-------- C:\Documents and Settings\Tuffie\Application Data\DAEMON Tools Pro
2008-07-06 22:10 . 2008-07-06 22:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
2008-07-06 22:09 . 2008-07-06 22:10 <DIR> d-------- C:\Program Files\DAEMON Tools Pro
2008-07-06 22:05 . 2008-07-06 22:05 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-07-06 21:55 . 2008-07-24 11:41 <DIR> d-------- C:\Documents and Settings\Tuffie\Tracing
2008-07-06 20:27 . 2008-07-06 20:27 22,328 --a------ C:\Documents and Settings\Tuffie\Application Data\PnkBstrK.sys
2008-07-06 20:20 . 2008-07-06 20:20 <DIR> d-------- C:\Program Files\Activision
2008-07-06 20:19 . 2008-07-06 20:19 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-07-06 19:25 . 2008-07-06 19:25 <DIR> d-------- C:\Program Files\AHT
2008-07-06 19:25 . 2008-07-06 19:25 <DIR> d-------- C:\Documents and Settings\Tuffie\WINDOWS
2008-07-06 19:25 . 1999-03-23 09:12 299,520 --a------ C:\WINDOWS\uninst.exe
2008-07-06 19:25 . 2000-03-22 19:42 261 --a------ C:\WINDOWS\system32\ga119u1.reg
2008-07-06 19:25 . 2000-03-24 12:52 237 --a------ C:\WINDOWS\system32\ga119g1.reg
2008-07-06 14:02 . 2008-07-06 14:02 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Xfire
2008-07-06 14:02 . 2008-07-06 14:02 0 --a------ C:\WINDOWS\nsreg.dat
2008-07-06 12:59 . 2008-07-06 12:59 <DIR> d-------- C:\Program Files\Unlocker
2008-07-06 12:59 . 2008-07-06 12:59 <DIR> d-------- C:\Program Files\MSN Messenger
2008-07-06 12:59 . 2008-07-06 12:59 <DIR> d-------- C:\Program Files\Microsoft PowerToys
2008-07-06 12:59 . 2008-07-06 12:59 <DIR> d-------- C:\Program Files\HashTab Shell Extension
2008-07-06 12:58 . 2008-07-06 13:00 <DIR> d-------- C:\WINDOWS\system32\MsDtc
2008-07-05 20:26 . 2008-07-05 20:26 2,494,464 --a------ C:\WINDOWS\system32\ffdshow.ax
2008-07-05 20:14 . 2008-07-05 20:14 3,591,168 --a------ C:\WINDOWS\system32\libavcodec.dll
2008-07-05 20:14 . 2008-07-05 20:14 456,192 --a------ C:\WINDOWS\system32\libmplayer.dll
2008-07-05 20:13 . 2008-07-05 20:13 708,096 --a------ C:\WINDOWS\system32\ff_x264.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-24 05:15 --------- d-----w C:\Documents and Settings\Tuffie\Application Data\Xfire
2008-07-24 01:59 --------- d-----w C:\Program Files\Xfire
2008-07-24 01:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-22 06:01 2,910,208 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
2008-07-22 06:01 1,435,136 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp
2008-07-22 02:19 --------- d-----w C:\Program Files\Steam
2008-07-21 14:55 2,987,520 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
2008-07-21 01:51 --------- d-----w C:\Program Files\Realtek
2008-07-18 04:40 2,955,264 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2008-07-18 04:40 1,360,896 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2008-07-17 03:50 244,224 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-07-17 03:50 1,354,240 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-07-08 23:05 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
2008-07-08 06:15 --------- d-----w C:\Documents and Settings\Tuffie\Application Data\Apple Computer
2008-07-07 03:17 --------- d-----w C:\Documents and Settings\Tuffie\Application Data\TeamViewer
2008-07-07 01:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8
2008-07-07 01:01 96,520 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-07-07 01:01 76,040 ----a-w C:\WINDOWS\system32\drivers\avgtdix.sys
2008-07-07 01:01 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll
2008-07-06 12:24 1,559 ----a-w C:\Program Files\Play Battlefield 2.lnk
2008-07-06 03:59 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Xfire
2008-07-06 03:44 --------- d-----w C:\Program Files\Java
2008-07-06 03:43 --------- d-----w C:\Program Files\Common Files\Java
2008-07-06 03:42 --------- d-----w C:\Program Files\Safari
2008-07-06 03:42 --------- d-----w C:\Program Files\Apple Software Update
2008-07-06 03:41 --------- d-----w C:\Program Files\Tunatic
2008-07-06 03:41 --------- d-----w C:\Program Files\mIRC
2008-07-06 03:41 --------- d-----w C:\Program Files\CCleaner
2008-07-06 03:41 --------- d-----w C:\Documents and Settings\Tuffie\Application Data\mIRC
2008-07-06 03:39 --------- d-----w C:\Program Files\iTunes
2008-07-06 03:39 --------- d-----w C:\Program Files\iPod
2008-07-06 03:38 --------- d-----w C:\Program Files\TeamViewer3
2008-07-06 03:38 --------- d-----w C:\Program Files\QuickTime
2008-07-06 03:38 --------- d-----w C:\Program Files\Bonjour
2008-07-06 03:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-07-06 03:37 --------- d-----w C:\Program Files\Soulseek
2008-07-06 03:37 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-07-06 03:37 --------- d-----w C:\Program Files\Common Files\Apple
2008-07-06 03:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-07-06 03:33 --------- d-----w C:\Program Files\AVG
2008-07-06 03:14 --------- d-----w C:\Documents and Settings\Tuffie\Application Data\InstallShield
2008-07-06 03:13 4,716 ----a-w C:\WINDOWS\gdrv.sys
2008-07-06 03:12 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-07-06 03:12 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-07-06 03:10 --------- d-----w C:\Program Files\Intel
2008-07-06 03:03 --------- d-----w C:\Program Files\microsoft frontpage
2008-07-03 07:03 4,745,216 ----a-w C:\WINDOWS\system32\drivers\RtkHDAud.sys
2008-07-03 06:51 16,876,032 ----a-w C:\WINDOWS\RTHDCPL.exe
2008-06-22 16:34 177,664 ----a-w C:\WINDOWS\system32\ff_theora.dll
2008-06-19 06:42 2,808,832 ----a-w C:\WINDOWS\alcwzrd.exe
2008-06-19 06:27 9,715,200 ----a-w C:\WINDOWS\RTLCPL.exe
2008-06-19 06:20 57,344 ----a-w C:\WINDOWS\Alcmtr.exe
2008-06-18 08:01 77,824 ----a-w C:\WINDOWS\SoundMan.exe
2008-06-13 10:39 23,552 ----a-w C:\WINDOWS\system32\ff_wmv9.dll
2008-06-12 16:25 962,560 ----a-w C:\WINDOWS\system32\VSFilter.dll
2008-05-17 17:23 352,256 ----a-w C:\WINDOWS\system32\ijl15.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-11-08 13:34 3739672]
"DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 23:08 136136]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 09:42 2156368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-07 11:01 1232152]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 23:41 8523776]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 09:05 919016]
"nwiz"="nwiz.exe" [2007-12-05 23:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-03 16:51 16876032 C:\WINDOWS\RTHDCPL.exe]
"SoundMan"="SOUNDMAN.EXE" [2008-06-18 18:01 77824 C:\WINDOWS\SoundMan.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2005-12-14 14:27 7094272]
"msnsc"="C:\WINDOWS\system32\msnsc.exe" [2006-01-15 11:49 62054]

C:\Documents and Settings\Tuffie\Start Menu\Programs\Startup\
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2008-07-16 09:09:02 3050832]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.imc"= C:\WINDOWS\system32\imc32.acm
"vidc.i263"= C:\WINDOWS\system32\i263_32.drv
"VIDC.YV12"= yv12vfw.dll
"VIDC.XFR1"= xfcodec.dll
"msacm.ac3filter"= ac3filter.acm
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm
"VIDC.HFYU"= huffyuv.dll
"msacm.avis"= ff_acm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\TeamViewer3\\TeamViewer.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"C:\\Program Files\\Steam\\steamapps\\iwoopyourass737\\counter-strike source\\hl2.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"C:\Nexon\Combat Arms\CombatArms.exe"= C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"C:\Nexon\Combat Arms\Engine.exe"= C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe
"C:\\Nexon\\Combat Arms\\NMService.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-07 11:01]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-07 11:01]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-07 11:01]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-07 11:01]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WudfServiceGroup REG_SZ hex(7):57,00,55,00,44,00,46,00,53,00,76,00,63,00,00,00,00,00

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
.
------- Supplementary Scan -------
.
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
O8 -: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 -: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 -: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 -: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 -: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 -: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 -: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 -: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 -: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 -: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 -: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 -: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-24 15:18:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WudfPf]
"ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00,53,00,5c,00,57,00,75,00,64,00,66,00,50,00,66,00,2e,00,73,00,79,00,73,00,00,00"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WudfRd]
"ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00,53,00,5c,00,77,00,75,00,64,00,66,00,72,00,64,00,2e,00,73,00,79,00,73,00,00,00"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WudfSvc]
"ImagePath"="hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,57,00,75,00,64,00,66,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,47,00,72,00,6f,00,75,00,70,00,00,00"
"ServiceDll"="hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,57,00,55,00,44,00,46,00,53,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WudfPf]
"ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00,53,00,5c,00,57,00,75,00,64,00,66,00,50,00,66,00,2e,00,73,00,79,00,73,00,00,00"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WudfRd]
"ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00,53,00,5c,00,77,00,75,00,64,00,66,00,72,00,64,00,2e,00,73,00,79,00,73,00,00,00"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WudfSvc]
"ImagePath"="hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,57,00,75,00,64,00,66,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,47,00,72,00,6f,00,75,00,70,00,00,00"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WudfSvc]
"ImagePath"="hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,57,00,75,00,64,00,66,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,47,00,72,00,6f,00,75,00,70,00,00,00"
"ServiceDll"="hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,57,00,55,00,44,00,46,00,53,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00"
.
Completion time: 2008-07-24 15:19:39
ComboFix-quarantined-files.txt 2008-07-24 05:19:13

Pre-Run: 130,777,522,176 bytes free
Post-Run: 130,751,262,720 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

292
 
Best now to update the original post with a new hijackthis log, because the higher pros, need them.....

just don't do it in the future,

now:

Please do a scan with Kaspersky Online Scanner

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer.
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • In the drop down box labeled Files of type change the type to Text file.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
 
Looks like i've got a virus that isn't a virus, and that's binded to my IRC.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, July 26, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, July 25, 2008 16:18:29
Records in database: 1008024
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
F:\

Scan statistics:
Files scanned: 132883
Threat name: 1
Infected objects: 2
Suspicious objects: 0
Duration of the scan: 01:36:07


File name / Threat name / Threats count
C:\Documents and Settings\Tuffie\My Documents\Downloads\Softwarez and tuts\Chat and IM\mirc632.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.632 1
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.632 1

The selected area was scanned.
 
cohen, please see http://www.computerforum.com/computer-security/announcements.html
In particular:
To comply with the wishes of sUBs, the author of combofix, only qualified staff from a reputable anti-malware site are allowed to post combofix scripts here.

Any member seen to be breaking this rule will be subject to a warning and\or infraction, and a possible ban.

This only applies to combofix scripts, recommending a scan with combofix is fine.
Click to expand...

Tuffie, please disregard the above. Kaspersky is detecting mIRC only because it is installed by a number of infections to help create backdoors into the system. See http://www.viruslist.com/en/viruses/encyclopedia?virusid=63181

If you have intentionally installed the program, it is nothing to worry about.

Your logfiles show no signs of malware.

Please register (it's free, don't worry) with PCPitStop and run the full tests here. When the tests are complete, a results page will pop up. Click Share these results with TechExpress on the right-hand side. Then copy the URL provided and post it here for me.
 
PCPitstop has indicated a few areas which could help improve performance, but nothing major. You logs indicate no sign of malware, so I don't think that is responsible for your slowdowns. Unfortunately, I don't think there's much I can do to help you speed it up. Sorry.
 
You must log in or register to reply here.
Back
Top