Results 1 to 4 of 4

Thread: Help please, Virtumonde on my school laptop

  1. 2008-06-08, 13:54 #1
    DoodleGirl16
    DoodleGirl16 is offline
    Junior Member
    Join Date
    Jun 2008
    Posts
    4

    Default Help please, Virtumonde on my school laptop

    My laptop's/tablet's spybot scan shows that I have Virtuemonde on my computer, I cannot get ahold of my school's tech office so I need help to fix it.

    Here are the logs

    Here is my HJT log

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:26:43, on 6/6/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\WINDOWS\SYSTEM32\WISPTIS.EXE
    C:\WINDOWS\System32\tabbtnu.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
    C:\Program Files\HPQ\Q Menu\QICON.EXE
    C:\Program Files\HPQ\Q Menu\CpqMcSrV.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\HPQ\shared\hpqwmi.exe
    C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
    C:\PROGRA~1\Yahoo!\YOP\yop.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\Roxio\Media Experience\DMXLauncher.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    C:\PROGRA~1\Yahoo!\browser\ycommon.exe
    C:\Program Files\DNA\btdna.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\INITIO\Button Manager v1.836\inihid.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Documents and Settings\mgendron2010\My Documents\hijackthis\HiJackThis[1].exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system\svchost.exe
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {10B5E5C2-8901-4E3C-BF61-AC6E11039292} - C:\WINDOWS\system32\iiffCvWP.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: (no name) - {3E5F75F5-9D3E-472A-8B9B-195C88190A41} - C:\WINDOWS\system32\ssqOIASm.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {62C8D917-E880-4A00-B4D0-B1F008256B57} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: CVirtualDNSObj Object - {86C510E9-97EF-4749-914F-0280247BE3A6} - C:\WINDOWS\VirtualDNS.dll (file missing)
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: (no name) - {B8D98393-4495-46F3-B9EE-6D94698A798B} - C:\WINDOWS\system32\pmnnk.dll (file missing)
    O2 - BHO: (no name) - {D4E9C398-E32F-4420-BCA0-3EA5934A8F4C} - C:\WINDOWS\system32\urqNHbBu.dll (file missing)
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O4 - HKLM\..\Run: [TabletWizard] C:\WINDOWS\help\SplshWrp.exe
    O4 - HKLM\..\Run: [TabletTip] "C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" /resume
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
    O4 - HKLM\..\Run: [Q Menu] C:\Program Files\HPQ\Q Menu\QICON.EXE -QICON
    O4 - HKLM\..\Run: [hpqMcSrv] "C:\Program Files\HPQ\Q Menu\CpqMcSrV.exe" /Start
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [Snippet] "C:\Program Files\Microsoft Experience Pack\Snipping Tool\SnippingTool.exe" /i
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
    O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\eTrust Internet Security Suite\cctray\cctray.exe"
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
    O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
    O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\Media Experience\DMXLauncher.exe"
    O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [50f6df0e] rundll32.exe "C:\WINDOWS\system32\jnharsta.dll",b
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
    O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
    O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
    O4 - HKUS\S-1-5-19\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
    O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
    O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
    O4 - Startup: Sticky Notes.lnk = C:\WINDOWS\system32\stikynot.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: Button Manager v1.836.lnk = ?
    O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
    O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
    O4 - Global Startup: TotalMedia Backup Monitor.lnk = C:\Program Files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\mgendron2010\Start Menu\Programs\>IMVU\Run IMVU.lnk (file missing)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
    O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
    O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader.cab
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
    O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/amp...1.11_en_dl.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shoc...sh/swflash.cab
    O16 - DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} (InstantAction Game Launcher) - http://www.instantaction.com/download/iaplayer.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/bej...loader_v10.cab
    O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = vdoh.org
    O17 - HKLM\Software\..\Telephony: DomainName = vdoh.org
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = vdoh.org
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = vdoh.org
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = vdoh.org
    O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: iiffCvWP - C:\WINDOWS\SYSTEM32\iiffCvWP.dll
    O20 - Winlogon Notify: pmnnk - C:\WINDOWS\system32\pmnnk.dll (file missing)
    O20 - Winlogon Notify: tuvustr - tuvustr.dll (file missing)
    O20 - Winlogon Notify: WinCtrl32 - C:\WINDOWS\SYSTEM32\WinCtrl32.dll
    O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: CaCCProvSP - Unknown owner - C:\Program Files\CA\eTrust Internet Security Suite\ccprovsp.exe (file missing)
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\shared\hpqwmi.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: License Management Service ESD - element5 - C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe (file missing)
    O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows\system32\mssrv32.exe
    O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe
    O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe
    O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

    --
    End of file - 18101 bytes






    Kaspersky report

    -------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER REPORT
    Saturday, June 07, 2008 16:34:49
    Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
    Kaspersky Online Scanner version: 5.0.98.0
    Kaspersky Anti-Virus database last update: 7/06/2008
    Kaspersky Anti-Virus database records: 837393
    -------------------------------------------------------------------------------

    Scan Settings:
    Scan using the following antivirus database: extended
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - My Computer:
    C:\
    D:\
    F:\
    I:\
    O:\
    U:\
    V:\
    X:\

    Scan Statistics:
    Total number of scanned objects: 263893
    Number of viruses found: 25
    Number of infected objects: 99
    Number of suspicious objects: 0
    Duration of the scan process: 02:38:40

    Infected Object Name / Virus Name / Last Action
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\06d463fdd8e2eb3e9ca63f75cde5298c_57ed76de-2651-447a-a36b-eb2b3f984d41 Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\07a3aa74da852a348832f7a73d898988_57ed76de-2651-447a-a36b-eb2b3f984d41 Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0cbf723e9ee5c89adf2b4cdf0ab2a7bf_57ed76de-2651-447a-a36b-eb2b3f984d41 Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0d82c94537d7f229fef59c1ff18df1f8_57ed76de-2651-447a-a36b-eb2b3f984d41 Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0e87b4c9ffcb033c2e490ee850c00657_57ed76de-2651-447a-a36b-eb2b3f984d41 Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\102704c0651079d0e617aabbce12d14a_57ed76de-2651-447a-a36b-eb2b3f984d41 Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1278b6b0d54f5def6fd8791605ed0e7c_57ed76de-2651-447a-a36b-eb2b3f984d41 Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\14a8dcb78d2b76f6df790a28414622ea_57ed76de-2651-447a-a36b-eb2b3f984d41 Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\17a638035f850769c1bde19aae49456b_57ed76de-2651-447a-a36b-eb2b3f984d41 Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1e228e900d28ce83f869bd62c24f50ee_57ed76de-2651-447a-a36b-eb2b3f984d41 Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2066b1b711ba0976799cbdf988553cdf_57ed76de-2651-447a-a36b-eb2b3f984d41 Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2197dec1790759e656db761ddfa3d17a_57ed76de-2651-447a-a36b-eb2b3f984d41 Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2324f4e9b1a770d526fa0cef60708772_57ed76de-2651-447a-a36b-eb2b3f984d41 Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\23d32868eb313dec295e6e19b1c6ee5c_57ed76de-2651-447a-a36b-eb2b3f984d41 Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\24e9e746e73f7c60997b5b897ef0bde4_57ed76de-2651-447a-a36b-eb2b3f984d41 Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2bda2dcef9a0324172b647ebfac60f57_57ed76de-2651-447a-a36b-eb2b3f984d41 Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2e7b49d18528c878da60b23b5062fc60_57ed76de-2651-447a-a36b-eb2b3f984d41 Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\343de852dab57a777a1e7dafad79863c_57ed76de-2651-447a-a36b-eb2b3f984d41 Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\37dba8fa72598418c7a0a834d829429a_57ed76de-2651-447a-a36b-eb2b3f984d41 Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3d72a44d32f9832c588f1708440bdcc8_57ed76de-2651-447a-a36b-eb2b3f984d41 Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3e1b78fbff39151a11856d5b364951b7_57ed76de-2651-447a-a36b-eb2b3f984d41 Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\475c3626bd706def98ecdce14aa967cd_57ed76de-2651-447a-a36b-eb2b3f984d41 Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4d455bb5a612a97497b029239f627cde_57ed76de-2651-447a-a36b-eb2b3f984d41 Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\51e48fc751c67894bafd8f5a399b5e9c_57ed76de-2651-447a-a36b-eb2b3f984d41 Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5cffbcd8c8f765d11f51c8a0056841c0_57ed76de-2651-447a-a36b-eb2b3f984d41 Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6012f0d4133b54921579f31dfe26e69d_57ed76de-2651-447a-a36b-eb2b3f984d41 Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\60238b7b0599bf3942c0ad5b6c923448_57ed76de-2651-447a-a36b-eb2b3f984d41 Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\664018944027277d514cdcc16be2daaf_57ed76de-2651-447a-a36b-eb2b3f984d41 Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\690e4339a424351dc2bfc759885f8cf6_57ed76de-2651-447a-a36b-eb2b3f984d41 Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\698b84892a0b4973b81a6326d09ed074_57ed76de-2651-447a-a36b-eb2b3f984d41 Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\711ec88c682ad3218a6f6dea7bf1c99c_57ed76de-2651-447a-a36b-eb2b3f984d41 Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\794b7c559115fa564f38fb73c2573913_57ed76de-2651-447a-a36b-eb2b3f984d41 Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\796cbf7a7c9f3c91ceffec02f7d7eb28_57ed76de-2651-447a-a36b-eb2b3f984d41 Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\799361c15e40a7dd22a2475cc9ad8631_57ed76de-2651-447a-a36b-eb2b3f984d41 Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7e91db5480f46e95b3b9f4b08b9760e7_57ed76de-2651-447a-a36b-eb2b3f984d41 Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\80a993eea8c5d7b407454cf65b75ae01_57ed76de-2651-447a-a36b-eb2b3f984d41 Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8822e9460b319a91f41d4d6ebedfc972_57ed76de-2651-447a-a36b-eb2b3f984d41 Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\884a0c872fa8621a98ba4f8759f5b292_57ed76de-2651-447a-a36b-eb2b3f984d41 Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\89436202270768c784e1cadf05790c16_57ed76de-2651-447a-a36b-eb2b3f984d41 Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8c2773e505f68aa4033a95ea3ded5652_57ed76de-2651-447a-a36b-eb2b3f984d41 Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\922d9ca81b65d174ec64c4cf6a63f84b_57ed76de-2651-447a-a36b-eb2b3f984d41 Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\95e667f2464dc63fb29adf0bb97717ac_57ed76de-2651-447a-a36b-eb2b3f984d41 Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a285433597078e9c62b98d930d3672de_57ed76de-2651-447a-a36b-eb2b3f984d41 Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a57372899b23f997dab8daf2058134b7_57ed76de-2651-447a-a36b-eb2b3f984d41 Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\aec5354061aff3fe66577091975d730e_57ed76de-2651-447a-a36b-eb2b3f984d41 Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b30f4bec82a292bdcc18cccc90040b0f_57ed76de-2651-447a-a36b-eb2b3f984d41 Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b3462c29370d1519bf300365e9acb0c8_57ed76de-2651-447a-a36b-eb2b3f984d41 Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b421fea98abb931dfe7ed49c8f2012c3_57ed76de-2651-447a-a36b-eb2b3f984d41 Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\baaecca5bb92b164ae03bde864c6f4c3_57ed76de-2651-447a-a36b-eb2b3f984d41 Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c18834d5517f7a1bd72b563ab5880ca4_57ed76de-2651-447a-a36b-eb2b3f984d41 Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c6888fd87e2b5403b0d1e3ad7851e379_57ed76de-2651-447a-a36b-eb2b3f984d41 Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c7cf0db04607b727b191376a95546aaf_57ed76de-2651-447a-a36b-eb2b3f984d41 Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c98796a31d99fa5f733c2f5ef0dc8386_57ed76de-2651-447a-a36b-eb2b3f984d41 Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\cd81e63eda552144426e56b5e5e51798_57ed76de-2651-447a-a36b-eb2b3f984d41 Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\de84f6a075e725c7cf9aa690a982130e_57ed76de-2651-447a-a36b-eb2b3f984d41 Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e10bb8601dba854fab3041d0819206d3_57ed76de-2651-447a-a36b-eb2b3f984d41 Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e2e863c150dd74b7c4b7fd722357f7ab_57ed76de-2651-447a-a36b-eb2b3f984d41 Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e342fbd54f31ffd50b957b0beb2e7ec6_57ed76de-2651-447a-a36b-eb2b3f984d41 Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e413b7fda50cfa173a9a82e4f93a24e5_57ed76de-2651-447a-a36b-eb2b3f984d41 Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e8e7d92f7d3bc862b127c4c241d82e1d_57ed76de-2651-447a-a36b-eb2b3f984d41 Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ea860d0fa72d536376c02ee24f84daad_57ed76de-2651-447a-a36b-eb2b3f984d41 Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f562d614b71344a23fb108bce1d70261_57ed76de-2651-447a-a36b-eb2b3f984d41 Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fb4411d142f6f704e4ec26c1dc380b4e_57ed76de-2651-447a-a36b-eb2b3f984d41 Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fbeaaca5c159844072bc8f5a0c645708_57ed76de-2651-447a-a36b-eb2b3f984d41 Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-03162007-103213.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinRenos.zip/jdxah.dll Infected: not-virus:Hoax.Win32.Agent.at skipped
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinRenos.zip ZIP: infected - 1 skipped
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinRenos1.zip/jdxah.dll_old Infected: not-virus:Hoax.Win32.Agent.at skipped
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinRenos1.zip ZIP: infected - 1 skipped
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinRenos2.zip/zfe2.exe Infected: Trojan-Downloader.Win32.Zlob.kni skipped
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinRenos2.zip ZIP: infected - 1 skipped
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinRenos3.zip/zfe1.exe Infected: not-virus:Hoax.Win32.Renos.bdu skipped
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinRenos3.zip ZIP: infected - 1 skipped
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDownloaderbs.zip/vltdfabw.dll Infected: Trojan.Win32.Vapsup.gcq skipped
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDownloaderbs.zip ZIP: infected - 1 skipped
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDownloaderbs1.zip/vltdfabw.dll_old Infected: Trojan.Win32.Vapsup.gcq skipped
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDownloaderbs1.zip ZIP: infected - 1 skipped
    C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
    C:\Documents and Settings\LocalService\NTUSER.DAT.LOG Object is locked skipped
    C:\Documents and Settings\mgendron2010\Application Data\Microsoft\IMJP8_1\imjp81u.dic Object is locked skipped
    C:\Documents and Settings\mgendron2010\Application Data\Sun\Java\Deployment\cache\6.0\0\5e461a00-7aed9f1a/BlackBox.class Infected: Exploit.Java.ByteVerify skipped
    C:\Documents and Settings\mgendron2010\Application Data\Sun\Java\Deployment\cache\6.0\0\5e461a00-7aed9f1a/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
    C:\Documents and Settings\mgendron2010\Application Data\Sun\Java\Deployment\cache\6.0\0\5e461a00-7aed9f1a/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped
    C:\Documents and Settings\mgendron2010\Application Data\Sun\Java\Deployment\cache\6.0\0\5e461a00-7aed9f1a ZIP: infected - 3 skipped
    C:\Documents and Settings\mgendron2010\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\mgendron2010\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
    C:\Documents and Settings\mgendron2010\Desktop\SmitfraudFix.exe/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
    C:\Documents and Settings\mgendron2010\Desktop\SmitfraudFix.exe RAR: infected - 1 skipped
    C:\Documents and Settings\mgendron2010\Local Settings\Application Data\ApplicationHistory\TCServer.exe.7c11743d.ini.inuse Object is locked skipped
    C:\Documents and Settings\mgendron2010\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\mgendron2010\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\mgendron2010\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{5441E082-FD9B-4FC6-90B5-0E5737E4BFB7} Object is locked skipped
    C:\Documents and Settings\mgendron2010\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\mgendron2010\Local Settings\History\History.IE5\MSHist012008060720080608\index.dat Object is locked skipped
    C:\Documents and Settings\mgendron2010\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\mgendron2010\Local Settings\Temporary Internet Files\Content.IE5\ZIKB39S5\kb456456[1] Infected: not-a-virus:AdWare.Win32.Virtumonde.yag skipped
    C:\Documents and Settings\mgendron2010\ntuser.dat Object is locked skipped
    C:\Documents and Settings\mgendron2010\NTUSER.DAT.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\NetworkService\NTUSER.DAT.LOG Object is locked skipped
    C:\Program Files\INITIO\Button Manager v1.836\inihid.exe Infected: not-a-virus:AdWare.Win32.Look2Me.e skipped
    C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\BWKDLogs\BWTargetInf.log Object is locked skipped
    C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chandir.dat Object is locked skipped
    C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chandir.idx Object is locked skipped
    C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chn.dat Object is locked skipped
    C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chn.idx Object is locked skipped
    C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\D0000000.FCS Object is locked skipped
    C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\inuse.txt Object is locked skipped
    C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\L0000046.FCS Object is locked skipped
    C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\main.log Object is locked skipped
    C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs.dat Object is locked skipped
    C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs.idx Object is locked skipped
    C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_die.dat Object is locked skipped
    C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_die.idx Object is locked skipped
    C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_dnd.dat Object is locked skipped
    C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_dnd.idx Object is locked skipped
    C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_ext.dat Object is locked skipped
    C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_ext.idx Object is locked skipped
    C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_rcv.dat Object is locked skipped
    C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_rcv.idx Object is locked skipped
    C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\storydb.dat Object is locked skipped
    C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\storydb.idx Object is locked skipped
    C:\RECYCLER\S-1-5-21-4157893092-2580116332-2277760538-4843\Dc10.tmp Infected: Trojan.Win32.Buzus.fit skipped
    C:\RECYCLER\S-1-5-21-4157893092-2580116332-2277760538-4843\Dc11.tmp Infected: Trojan.Win32.Buzus.fit skipped
    C:\RECYCLER\S-1-5-21-4157893092-2580116332-2277760538-4843\Dc13.tmp Infected: Trojan.Win32.Buzus.fit skipped
    C:\RECYCLER\S-1-5-21-4157893092-2580116332-2277760538-4843\Dc14.tmp Infected: Trojan.Win32.Buzus.fit skipped
    C:\RECYCLER\S-1-5-21-4157893092-2580116332-2277760538-4843\Dc16.tmp Infected: Trojan.Win32.Buzus.fit skipped
    C:\RECYCLER\S-1-5-21-4157893092-2580116332-2277760538-4843\Dc17.tmp Infected: Trojan.Win32.Buzus.fit skipped
    C:\RECYCLER\S-1-5-21-4157893092-2580116332-2277760538-4843\Dc18.tmp Infected: Trojan.Win32.Buzus.fit skipped
    C:\RECYCLER\S-1-5-21-4157893092-2580116332-2277760538-4843\Dc245\Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
    C:\RECYCLER\S-1-5-21-4157893092-2580116332-2277760538-4843\Dc246\Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
    C:\RECYCLER\S-1-5-21-4157893092-2580116332-2277760538-4843\Dc247\Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
    C:\RECYCLER\S-1-5-21-4157893092-2580116332-2277760538-4843\Dc265\Content.IE5\7WP1FK08\CAXCKVX1 Infected: not-a-virus:AdWare.Win32.Virtumonde.xzp skipped
    C:\RECYCLER\S-1-5-21-4157893092-2580116332-2277760538-4843\Dc265\Content.IE5\QR8N7KLK\gnida[1].swf Infected: Trojan-Downloader.SWF.Gida.a skipped
    C:\RECYCLER\S-1-5-21-4157893092-2580116332-2277760538-4843\Dc6.exe Infected: Trojan-Downloader.Win32.Tibs.abi skipped
    C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
    C:\System Volume Information\_restore{7A942F8F-C6CA-438F-9B12-481D3208D182}\RP576\A0151062.exe Infected: Trojan-Dropper.Win32.Agent.qzl skipped
    C:\System Volume Information\_restore{7A942F8F-C6CA-438F-9B12-481D3208D182}\RP579\A0151271.dll Infected: Trojan.Win32.Vapsup.gdx skipped
    C:\System Volume Information\_restore{7A942F8F-C6CA-438F-9B12-481D3208D182}\RP579\A0151292.sys Infected: Trojan-Downloader.Win32.Mutant.adi skipped
    C:\System Volume Information\_restore{7A942F8F-C6CA-438F-9B12-481D3208D182}\RP579\A0151293.exe/data0000.cab/NERO-8~1.EXE/Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
    C:\System Volume Information\_restore{7A942F8F-C6CA-438F-9B12-481D3208D182}\RP579\A0151293.exe/data0000.cab/NERO-8~1.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
    C:\System Volume Information\_restore{7A942F8F-C6CA-438F-9B12-481D3208D182}\RP579\A0151293.exe/data0000.cab Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
    C:\System Volume Information\_restore{7A942F8F-C6CA-438F-9B12-481D3208D182}\RP579\A0151293.exe Rsrc-Package: infected - 3 skipped
    C:\System Volume Information\_restore{7A942F8F-C6CA-438F-9B12-481D3208D182}\RP579\A0151304.sys Infected: Trojan-Downloader.Win32.Mutant.adi skipped
    C:\System Volume Information\_restore{7A942F8F-C6CA-438F-9B12-481D3208D182}\RP580\A0151545.sys Infected: Trojan-Downloader.Win32.Mutant.adi skipped
    C:\System Volume Information\_restore{7A942F8F-C6CA-438F-9B12-481D3208D182}\RP581\A0151566.exe Infected: Trojan-Downloader.Win32.Tibs.abi skipped
    C:\System Volume Information\_restore{7A942F8F-C6CA-438F-9B12-481D3208D182}\RP581\A0151589.sys Infected: Trojan-Dropper.Win32.Agent.shb skipped
    C:\System Volume Information\_restore{7A942F8F-C6CA-438F-9B12-481D3208D182}\RP581\A0152589.sys Infected: Trojan-Dropper.Win32.Agent.shb skipped
    C:\System Volume Information\_restore{7A942F8F-C6CA-438F-9B12-481D3208D182}\RP581\A0152590.exe Infected: Trojan.Win32.Buzus.fit skipped
    C:\System Volume Information\_restore{7A942F8F-C6CA-438F-9B12-481D3208D182}\RP581\A0152617.dll Infected: Trojan.Win32.Vapsup.gcq skipped
    C:\System Volume Information\_restore{7A942F8F-C6CA-438F-9B12-481D3208D182}\RP581\A0152625.sys Infected: Trojan-Dropper.Win32.Agent.shb skipped
    C:\System Volume Information\_restore{7A942F8F-C6CA-438F-9B12-481D3208D182}\RP581\A0152626.exe Infected: Trojan.Win32.Buzus.fit skipped
    C:\System Volume Information\_restore{7A942F8F-C6CA-438F-9B12-481D3208D182}\RP581\A0152653.sys Infected: Trojan-Dropper.Win32.Agent.shb skipped
    C:\System Volume Information\_restore{7A942F8F-C6CA-438F-9B12-481D3208D182}\RP581\A0152654.exe Infected: Trojan.Win32.Buzus.fit skipped
    C:\System Volume Information\_restore{7A942F8F-C6CA-438F-9B12-481D3208D182}\RP581\A0152678.dll Infected: Trojan-Downloader.Win32.Mutant.adg skipped
    C:\System Volume Information\_restore{7A942F8F-C6CA-438F-9B12-481D3208D182}\RP581\A0152680.dll Infected: Trojan-Downloader.Win32.Mutant.adg skipped
    C:\System Volume Information\_restore{7A942F8F-C6CA-438F-9B12-481D3208D182}\RP581\A0152682.dll Infected: Trojan-Downloader.Win32.Mutant.adg skipped
    C:\System Volume Information\_restore{7A942F8F-C6CA-438F-9B12-481D3208D182}\RP581\A0152684.dll Infected: Trojan-Downloader.Win32.Mutant.adg skipped
    C:\System Volume Information\_restore{7A942F8F-C6CA-438F-9B12-481D3208D182}\RP581\A0152686.dll Infected: Trojan-Downloader.Win32.Mutant.adg skipped
    C:\System Volume Information\_restore{7A942F8F-C6CA-438F-9B12-481D3208D182}\RP581\A0152688.dll Infected: Trojan-Downloader.Win32.Mutant.adg skipped
    C:\System Volume Information\_restore{7A942F8F-C6CA-438F-9B12-481D3208D182}\RP581\A0152690.dll Infected: Trojan-Downloader.Win32.Mutant.adg skipped
    C:\System Volume Information\_restore{7A942F8F-C6CA-438F-9B12-481D3208D182}\RP581\A0152692.dll Infected: Trojan-Downloader.Win32.Mutant.adg skipped
    C:\System Volume Information\_restore{7A942F8F-C6CA-438F-9B12-481D3208D182}\RP581\A0152694.dll Infected: Trojan-Downloader.Win32.Mutant.adg skipped
    C:\System Volume Information\_restore{7A942F8F-C6CA-438F-9B12-481D3208D182}\RP582\A0152707.exe/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
    C:\System Volume Information\_restore{7A942F8F-C6CA-438F-9B12-481D3208D182}\RP582\A0152707.exe RAR: infected - 1 skipped
    C:\System Volume Information\_restore{7A942F8F-C6CA-438F-9B12-481D3208D182}\RP582\A0152720.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
    C:\System Volume Information\_restore{7A942F8F-C6CA-438F-9B12-481D3208D182}\RP582\A0152747.exe Infected: Trojan.Win32.Buzus.fit skipped
    C:\System Volume Information\_restore{7A942F8F-C6CA-438F-9B12-481D3208D182}\RP582\A0152763.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.yag skipped
    C:\System Volume Information\_restore{7A942F8F-C6CA-438F-9B12-481D3208D182}\RP582\A0152771.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.yag skipped
    C:\System Volume Information\_restore{7A942F8F-C6CA-438F-9B12-481D3208D182}\RP582\A0152774.dll Infected: Trojan-Downloader.Win32.Mutant.adg skipped
    C:\System Volume Information\_restore{7A942F8F-C6CA-438F-9B12-481D3208D182}\RP582\A0152781.sys Infected: Trojan-Dropper.Win32.Agent.shb skipped
    C:\System Volume Information\_restore{7A942F8F-C6CA-438F-9B12-481D3208D182}\RP582\A0152794.dll Infected: Trojan-Downloader.Win32.Mutant.adg skipped
    C:\System Volume Information\_restore{7A942F8F-C6CA-438F-9B12-481D3208D182}\RP582\A0152796.dll Infected: Trojan-Downloader.Win32.Mutant.ado skipped
    C:\System Volume Information\_restore{7A942F8F-C6CA-438F-9B12-481D3208D182}\RP582\A0152801.sys Infected: Trojan-Dropper.Win32.Agent.shb skipped
    C:\System Volume Information\_restore{7A942F8F-C6CA-438F-9B12-481D3208D182}\RP582\A0152816.dll Infected: Trojan.Win32.Vapsup.gdy skipped
    C:\System Volume Information\_restore{7A942F8F-C6CA-438F-9B12-481D3208D182}\RP582\A0152826.dll Infected: Trojan-Downloader.Win32.Mutant.ado skipped
    C:\System Volume Information\_restore{7A942F8F-C6CA-438F-9B12-481D3208D182}\RP582\A0152831.sys Infected: Trojan-Dropper.Win32.Agent.shb skipped
    C:\System Volume Information\_restore{7A942F8F-C6CA-438F-9B12-481D3208D182}\RP582\A0152847.dll Infected: Trojan-Downloader.Win32.Mutant.ado skipped
    C:\System Volume Information\_restore{7A942F8F-C6CA-438F-9B12-481D3208D182}\RP582\A0152849.dll Infected: Trojan-Downloader.Win32.Mutant.ado skipped
    C:\System Volume Information\_restore{7A942F8F-C6CA-438F-9B12-481D3208D182}\RP582\A0152854.sys Infected: Trojan-Dropper.Win32.Agent.shb skipped
    C:\System Volume Information\_restore{7A942F8F-C6CA-438F-9B12-481D3208D182}\RP582\A0152870.dll Infected: Trojan-Downloader.Win32.Mutant.ado skipped
    C:\System Volume Information\_restore{7A942F8F-C6CA-438F-9B12-481D3208D182}\RP582\A0152876.sys Infected: Trojan-Dropper.Win32.Agent.shb skipped
    C:\System Volume Information\_restore{7A942F8F-C6CA-438F-9B12-481D3208D182}\RP582\A0152917.dll Infected: Trojan-Downloader.Win32.Mutant.ado skipped
    C:\System Volume Information\_restore{7A942F8F-C6CA-438F-9B12-481D3208D182}\RP582\A0152922.sys Infected: Trojan-Dropper.Win32.Agent.shb skipped
    C:\System Volume Information\_restore{7A942F8F-C6CA-438F-9B12-481D3208D182}\RP582\A0152923.exe Infected: Trojan.Win32.Buzus.fit skipped
    C:\System Volume Information\_restore{7A942F8F-C6CA-438F-9B12-481D3208D182}\RP582\A0152944.dll Infected: Trojan-Downloader.Win32.Mutant.ado skipped
    C:\System Volume Information\_restore{7A942F8F-C6CA-438F-9B12-481D3208D182}\RP582\A0152963.sys Infected: Trojan-Dropper.Win32.Agent.shb skipped
    C:\System Volume Information\_restore{7A942F8F-C6CA-438F-9B12-481D3208D182}\RP582\change.log Object is locked skipped
    C:\WINDOWS\Debug\Netlogon.log Object is locked skipped
    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
    C:\WINDOWS\Downloaded Program Files\popcaploader.dll Infected: not-a-virus:Downloader.Win32.PopCap.b skipped
    C:\WINDOWS\esbq.exe Infected: Trojan.Win32.Vapsup.gea skipped
    C:\WINDOWS\SchedLgU.Txt Object is locked skipped
    C:\WINDOWS\Sti_Trace.log Object is locked skipped
    C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
    C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
    C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\default Object is locked skipped
    C:\WINDOWS\system32\config\default.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SAM Object is locked skipped
    C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
    C:\WINDOWS\system32\config\software Object is locked skipped
    C:\WINDOWS\system32\config\software.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\system Object is locked skipped
    C:\WINDOWS\system32\config\system.LOG Object is locked skipped
    C:\WINDOWS\system32\drivers\dtscsi.sys Object is locked skipped
    C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
    C:\WINDOWS\system32\drivers\ucI74(2).sys Infected: Trojan-Dropper.Win32.Agent.shb skipped
    C:\WINDOWS\system32\drivers\ucI74(3).sys Infected: Trojan-Dropper.Win32.Agent.shb skipped
    C:\WINDOWS\system32\drivers\ucI74(4).sys Infected: Trojan-Dropper.Win32.Agent.shb skipped
    C:\WINDOWS\system32\drivers\ucI74(5).sys Infected: Trojan-Dropper.Win32.Agent.shb skipped
    C:\WINDOWS\system32\drivers\ucI74.sys Object is locked skipped
    C:\WINDOWS\system32\h323log.txt Object is locked skipped
    C:\WINDOWS\system32\iiffCvWP.dll Infected: Trojan-Downloader.Win32.ConHook.auf skipped
    C:\WINDOWS\system32\mssrv32.exe Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
    C:\WINDOWS\system32\wcawgfan.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.yag skipped
    C:\WINDOWS\system32\WinCtrl32.dll Infected: Trojan-Downloader.Win32.Mutant.ado skipped
    C:\WINDOWS\system32\WinCtrl32.dl_ Infected: Trojan-Downloader.Win32.Mutant.ado skipped
    C:\WINDOWS\Temp\BN3.tmp Infected: Trojan.Win32.Buzus.fit skipped
    C:\WINDOWS\Temp\BN4.tmp Infected: Trojan.Win32.Buzus.fit skipped
    C:\WINDOWS\vltdfabw.dll Infected: Trojan.Win32.Vapsup.gcq skipped
    C:\WINDOWS\vregfwlx.dll Infected: Trojan.Win32.Vapsup.gdw skipped
    C:\WINDOWS\wiadebug.log Object is locked skipped
    C:\WINDOWS\wiaservc.log Object is locked skipped

    Scan process completed.
  2. 2008-06-09, 15:35 #2
    pskelley
    pskelley is offline
    In Memoriam -Always in our heart pskelley's Avatar
    Join Date
    Oct 2005
    Location
    Clearwater, Florida
    Posts
    20,247

    Default

    Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
    "BEFORE you POST" (READ this Procedure before Requesting Assistance)
    http://forums.spybot.info/showthread.php?t=288
    All advice given is taken at your own risk.
    Please make sure you have read this information so we are on the same page.

    Help please, Virtumonde on my school laptop
    My laptop's/tablet's spybot scan shows that I have Virtuemonde on my computer, I cannot get ahold of my school's tech office so I need help to fix it.
    You need to take the time to read the directions, you would see this:
    The malware removal forum is set up to help those in need of assistance with their personal computers. This service is free and provided by volunteers.

    We realize on occasion an IT person might need a second opinion. In which case please state that up-front and note the steps already taken. Our volunteers appreciate that.

    If you are a computer business claiming to remove spyware for your paying customers, please ensure it is a second opinion you are seeking, and not posting your jobs for others to clean. Volunteers are not here to support such. Personal computer clients may be directed to this forum to receive free advice in the first person.

    Note:
    When the infected computer in question is a company machine in the workplace, and you are an employee.( or a computer that belongs to the school)

    Your organization must give their permission for assistance to be received in the removal of malware. The intention of this forum is not to replace a company's IT department.

    More than one machine could be at stake, possibly even the server. If sensitive material has been compromised by an infection, the company could be held liable.

    Please inform your IT department or Supervisor when a workplace computer has been infected, immediately.

    Thanks for your understanding.

    You have a badly infected computer and I suggest you contact your school's tech office now.

    Thanks
    MS-MVP Consumer Security 2007-08-09
    Proud Member ASAP
    UNITE Member 2006
  3. 2008-06-14, 14:10 #3
    DoodleGirl16
    DoodleGirl16 is offline
    Junior Member
    Join Date
    Jun 2008
    Posts
    4

    Default

    The problem I have is, that I cannot get ahold of my school's tech office. My computer has had this problem for over a week now, and if I couldn't contact them now, I'm doubtful I will be able to until the end of the summer, and I would rather not leave my computer at the mercy of some viruses till then. I was asking in hopes that somebody would help me. Since I've allready payed for this computer I think I have the option of trying to fix it, and if it has something that can spraed across a network the only cmputers at risk are my brother's laptops and my dad's two computers. If nobody can offer me assisstance here, can anybody point me to a better place to look for help? Or a better program that might work? If you don't wanna post it feel free to pm me, I'm not trying to sue people or aything wierd, and I'm not going to go click happy on what you send me, I'll do my homework and figure out if it has a chance of helping me. I'm hoping to get A+ certified this summer as well, I'm not sure if that will help with much but I'm sure I have a good understanding as far as computers go.

    Sorry I took so long to respond, I was out of town all week, thanks for the advice.
  4. 2008-06-14, 16:45 #4
    pskelley
    pskelley is offline
    In Memoriam -Always in our heart pskelley's Avatar
    Join Date
    Oct 2005
    Location
    Clearwater, Florida
    Posts
    20,247

    Default

    If you will not be able to respond on a timely basis, please make me aware.

    Post a new HJT log since this one is from 6/8 and malware changes quickly especially if it has internet access.

    You are very infected by some bad trojans, including a vundo infection and you are hacked by Ukrainian criminals. This will not be fast and it will not be easy. If you are not comfortable working with computer, you may wish to not even start. I strongly suggest you stay offline to deny the hackers access and I believe you should read this:
    How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
    http://www.dslreports.com/faq/10451
    When Should I Format, How Should I Reinstall
    http://www.dslreports.com/faq/10063

    If you wish to try to clean the computer I will post the first instructions as soon as I hear from site management concerning the ownership issues I brought up.

    Thanks...Phil
    MS-MVP Consumer Security 2007-08-09
    Proud Member ASAP
    UNITE Member 2006
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules