Thread: Possible Malware Issue
View Single Post
Old 06-08-2008, 11:15 PM   #1 (permalink)
kiranaus
Registered User
 
Join Date: Jun 2008
Posts: 26
OS: xp sp2


Possible Malware Issue
When I logged onto my computer a few days ago, I found that the icons on my desktop had been alphabetized and rearranged -- the recycle bin in the bottom right corner, "My Computer" and "My Documents" gone -- none of them were where they used to be. The taskbar was missing the quick links tool bar I always used, and my Norton Internet Security icon missing from the system tray. The title bar of windows seem smaller than normal, and the Minimize/Full screen/Close buttons are really small. All of the shortcuts above "All Programs" are gone. The entire Windows theme is oddly gray, noticeable on explorer windows and when I highlight folders in the startmenu. My desktop background is a greyish blue color.
I change the THEME under Display Properties to "Windows XP" and the "greyness" goes away, but when I open up the display properties again, it has reverted back to a "Modified Theme" and the buttons in the title bar remain small. When I try to change the background, the mouse flickers, and nothing happens. When I use Windows Explorer, and progress through the directories, I get an odd message: "These files are hidden. This folder contains files that keep your system working properly. You should not modify its contents.", with the option to "Show the contents of this folder" The message appears when accessing C:, Program Files, Windows, and I assume other "important" directories. When I try to "Show hidden files and folders" under "Folder Options" in TOOLS, once again the mouse flickers, but nothing happens. Another abnormality I have noticed is that when deleting files, I am no longer given the option to send anything to the Recycle Bin. If I right-click the recycle bin and click Properties, I get an error: "The properties for this item are not available."

If I logout/login or restart the computer, the desktop reverts back to the initial condition described above.

This very well may be but a separate issue related to the program, but I might as well mention that every time I open an audio/video file with Zoom Player, I get video but no sound, and any changes I make to the settings are defaulted when I close and open the player. I was thinking there may just be a codec issue or something re installation could fix, but I'm not one to see how all of this could or could not be related :D.

I have taken the following action:
Update Norton virus definitions, full system scan, Trojan.Wimad fully removed, failed to removed Trojan.Adclicker and Trojan Horse (I found nothing in the registry related to this)
Scan with Spybot Search and Destroy, and FIX
Scan with Ad-Aware SE Personal, and FIX
Full system scan with Norton in SAFEMODE, the same two Trojans could not be removed.
~I've also followed the five steps recommended and attached/posted the logs.

Thank-you, I would greatly appreciate any assistance.

Deckard's System Scanner v20071014.68
Run by HP_Owner on 2008-06-08 23:00:44
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
105: 2008-06-09 05:01:09 UTC - RP437 - Deckard's System Scanner Restore Point
104: 2008-06-09 02:46:36 UTC - RP436 - Installed overland
103: 2008-06-09 02:41:49 UTC - RP435 - Removed Suitcase
102: 2008-06-09 02:26:23 UTC - RP434 - Removed Sony Ericsson PC Suite 1.20.173
101: 2008-06-09 02:18:21 UTC - RP433 - Removed Star Wars®: Knights of the Old Republic (TM)


-- First Restore Point --
1: 2008-03-09 10:01:10 UTC - RP333 - Software Distribution Service 3.0


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as HP_Owner.exe) --------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 11:04:08 PM, on 6/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\HP_Owner.AE066C3A9B\Desktop\dss.exe
C:\PROGRA~1\HJT\HP_Owner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.alot.com/sidebar?pr=as....1.200&q=Write smething&url=http://home.alot.com?client_id=DADB3D8001C8B00721386ABC&install_time=07-05-2008:00:02&src_id=11015&tb_version=1.2.1.200 (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll (file missing)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll (file missing)
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [SymLnch] "C:\Documents and Settings\HP_Owner.AE066C3A9B\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070826\Support\SymLnch\SymLnch.exe" "C:\Documents and Settings\HP_Owner.AE066C3A9B\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070826\Setup.exe" "/REALUPREBOOT /temp /patched"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.com.ezproxy.lrc.m.../ebraryRdr.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/.../GAME_UNO1.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Print Spooler Service (iim9cotmohu) - Unknown owner - C:\WINDOWS\system32\fplljkduj.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe


-- HijackThis Fixed Entries (C:\PROGRA~1\HJT\backups\) -------------------------

backup-20060518-202751-101 O1 - Hosts: 127.0.0.5 www.autoescrowpay.com
backup-20060518-202751-102 O1 - Hosts: 127.0.0.5 www.allcount.net
backup-20060518-202751-105 O1 - Hosts: 127.0.0.5 n-glx.s-redirect.com
backup-20060518-202751-113 O1 - Hosts: 127.0.0.5 www.pizdato.biz
backup-20060518-202751-119 O1 - Hosts: 127.0.0.5 txiframe.biz
backup-20060518-202751-153 O1 - Hosts: 127.0.0.5 sexfiles.nu
backup-20060518-202751-180 O1 - Hosts: 127.0.0.5 onedayoffer.biz
backup-20060518-202751-186 O1 - Hosts: 127.0.0.5 awmcash.biz
backup-20060518-202751-197 O1 - Hosts: 127.0.0.5 counter.sexmaniack.com
backup-20060518-202751-267 O1 - Hosts: 127.0.0.5 www.awmdabest.com
backup-20060518-202751-279 O1 - Hosts: 127.0.0.5 trafficbest.net
backup-20060518-202751-290 O1 - Hosts: 127.0.0.5 www.procounter.biz
backup-20060518-202751-299 O1 - Hosts: 127.0.0.5 vparivalka.com
backup-20060518-202751-302 O1 - Hosts: 127.0.0.5 www.besthvac.com
backup-20060518-202751-303 O1 - Hosts: 127.0.0.5 www.sp2******.biz
backup-20060518-202751-320 O1 - Hosts: 127.0.0.5 www.toolbarpartner.com
backup-20060518-202751-331 O1 - Hosts: 127.0.0.5 sp2******.biz
backup-20060518-202751-335 O1 - Hosts: 127.0.0.5 advadmin.biz
backup-20060518-202751-340 O1 - Hosts: 127.0.0.5 slutmania.biz
backup-20060518-202751-346 O1 - Hosts: 127.0.0.5 loadcash.biz
backup-20060518-202751-352 O1 - Hosts: 127.0.0.5 topsearch10.com
backup-20060518-202751-360 O1 - Hosts: 127.0.0.5 iframe.biz
backup-20060518-202751-367 O1 - Hosts: 127.0.0.5 www.trafficbest.net
backup-20060518-202751-369 O1 - Hosts: 127.0.0.5 crazy-toolbar.com
backup-20060518-202751-373 O1 - Hosts: 127.0.0.5 allcount.net
backup-20060518-202751-382 O1 - Hosts: 127.0.0.5 www.crazy-toolbar.com
backup-20060518-202751-394 O1 - Hosts: 127.0.0.5 www.tracktraff.cc
backup-20060518-202751-398 O1 - Hosts: 127.0.0.5 awmdabest.com
backup-20060518-202751-413 O1 - Hosts: 127.0.0.5 www.allforadult.com
backup-20060518-202751-453 O1 - Hosts: 127.0.0.5 topcash.biz
backup-20060518-202751-455 O1 - Hosts: 127.0.0.5 www.ambush-script.com
backup-20060518-202751-472 O1 - Hosts: 127.0.0.5 www.newiframe.biz
backup-20060518-202751-481 O1 - Hosts: 127.0.0.5 www.buldog-stats.com
backup-20060518-202751-506 O1 - Hosts: 127.0.0.5 www.topcash.biz
backup-20060518-202751-512 O1 - Hosts: 127.0.0.5 greg-tut.com
backup-20060518-202751-536 O1 - Hosts: 127.0.0.5 www.vesbiz.biz
backup-20060518-202751-539 O1 - Hosts: 127.0.0.5 buldog-stats.com
backup-20060518-202751-544 O1 - Hosts: 127.0.0.5 www.megapornix.com
backup-20060518-202751-606 O1 - Hosts: 127.0.0.5 megapornix.com
backup-20060518-202751-615 O1 - Hosts: 127.0.0.5 vesbiz.biz
backup-20060518-202751-634 O1 - Hosts: 127.0.0.5 besthvac.com
backup-20060518-202751-637 O1 - Hosts: 127.0.0.5 nylonsexy.com
backup-20060518-202751-638 O1 - Hosts: 127.0.0.5 procounter.biz
backup-20060518-202751-646 O1 - Hosts: 127.0.0.5 vxiframe.biz
backup-20060518-202751-678 O1 - Hosts: 127.0.0.5 www.onedayoffer.biz
backup-20060518-202751-686 O1 - Hosts: 127.0.0.5 www.vparivalka.com
backup-20060518-202751-702 O1 - Hosts: 127.0.0.5 www.greg-tut.com
backup-20060518-202751-705 O1 - Hosts: 127.0.0.5 traff4.com
backup-20060518-202751-718 O1 - Hosts: 127.0.0.5 ambush-script.com
backup-20060518-202751-730 O1 - Hosts: 127.0.0.5 www.advadmin.biz
backup-20060518-202751-744 O1 - Hosts: 127.0.0.5 www.iframeprofit.com
backup-20060518-202751-781 O1 - Hosts: 127.0.0.5 www.statscash.biz
backup-20060518-202751-785 O1 - Hosts: 127.0.0.5 www.vxiframe.biz
backup-20060518-202751-802 O1 - Hosts: 127.0.0.5 x.full-tgp.net
backup-20060518-202751-807 O1 - Hosts: 127.0.0.5 newiframe.biz
backup-20060518-202751-813 O1 - Hosts: 127.0.0.5 www.slutmania.biz
backup-20060518-202751-827 O1 - Hosts: 127.0.0.5 www.loadcash.biz
backup-20060518-202751-834 O1 - Hosts: 127.0.0.5 autoescrowpay.com
backup-20060518-202751-835 O1 - Hosts: 127.0.0.5 www.awmcash.biz
backup-20060518-202751-843 O1 - Hosts: 127.0.0.5 www.iframe.biz
backup-20060518-202751-853 O1 - Hosts: 127.0.0.5 tracktraff.cc
backup-20060518-202751-877 O1 - Hosts: 127.0.0.5 www.beehappyy.biz
backup-20060518-202751-884 O1 - Hosts: 127.0.0.5 pizdato.biz
backup-20060518-202751-890 O1 - Hosts: 127.0.0.5 allforadult.com
backup-20060518-202751-919 O1 - Hosts: 127.0.0.5 fregat.drocherway.com
backup-20060518-202751-926 O1 - Hosts: 127.0.0.5 toolbarpartner.com
backup-20060518-202751-936 O1 - Hosts: 127.0.0.5 www.sexfiles.nu
backup-20060518-202751-938 O1 - Hosts: 127.0.0.5 www.nylonsexy.com
backup-20060518-202751-947 O1 - Hosts: 127.0.0.5 iframeprofit.com
backup-20060518-202751-964 O1 - Hosts: 127.0.0.5 www.traff4.com
backup-20060518-202751-973 O1 - Hosts: 127.0.0.5 statscash.biz
backup-20060518-202751-976 O1 - Hosts: 127.0.0.5 www.txiframe.biz
backup-20060518-202751-979 O1 - Hosts: 127.0.0.5 beehappyy.biz
backup-20060518-202751-995 O1 - Hosts: 127.0.0.5 www.topsearch10.com
backup-20060518-202927-266 O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Program Files\Poker.com\poker.exe (file missing) (HKCU)
backup-20060518-204049-255 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
backup-20060518-204049-425 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
backup-20060518-204049-454 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
backup-20060518-204049-635 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
backup-20060518-204049-645 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
backup-20060518-204049-728 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
backup-20060518-204049-820 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
backup-20060518-204049-988 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
backup-20060518-204900-400 O2 - BHO: Nothing - {f79fd28e-36ee-4989-aa61-9dd8e30a82fa} - C:\WINDOWS\system32\hpF877.tmp
backup-20060606-201513-522 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
backup-20060606-201513-688 O4 - HKLM\..\Run: [SpywareQuake.com] C:\Program Files\SpywareQuake.com\Spyware-Quake.exe /h
backup-20060606-201513-720 O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
backup-20060606-201513-897 O4 - HKCU\..\Run: [Srro] "C:\DOCUME~1\HP_Owner\MYDOCU~1\CROSOF~1.NET\csrss.exe" -vt yazr
backup-20060606-201513-908 R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
backup-20060606-201816-590 O2 - BHO: Nothing - {6ab7158b-4bff-4160-ad7d-4d622df548cf} - C:\WINDOWS\system32\hp100.tmp (file missing)
backup-20060810-195118-701 O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
backup-20060810-195118-921 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com.../fix_homepage/
backup-20060811-122711-815 O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/Activ...veLauncher.cab
backup-20060811-122711-960 O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
backup-20060811-122712-487 O20 - Winlogon Notify: wintfj32 - wintfj32.dll (file missing)
backup-20060821-161141-186 O23 - Service: Remote Administration Service - Unknown owner - C:\WINDOWS\system32\UMGR32.EXE
backup-20060905-094544-225 O4 - HKLM\..\Run: [stonedrv] c:\windows\system32\stonedrv.exe
backup-20060905-094544-516 O4 - HKLM\..\RunServices: [stonedrv] c:\windows\system32\stonedrv.exe
backup-20060905-094544-732 O4 - HKCU\..\Run: [stonedrv] c:\windows\system32\stonedrv.exe
backup-20060905-132211-276 O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/ca...C_1_0_0_44.cab

-- File Associations -----------------------------------------------------------

.js - unable to read key
.js - unable to read key
.scr - scrfile - shell\open\command - "%1" %*
.txt - unable to read key
.txt - unable to read key


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 fasttx2k - c:\windows\system32\drivers\fasttx2k.sys <Not Verified; Promise Technology, Inc.; Promise FastTrak Series Driver>
R1 AFS2K - c:\windows\system32\drivers\afs2k.sys <Not Verified; Oak Technology Inc.; AFS>
R1 SiSkp - c:\windows\system32\drivers\srvkp.sys <Not Verified; Silicon Integrated Systems Corporation; SiS (R) WindowsXP Display Manager>
R3 AgereSoftModem (Agere Systems Soft Modem) - c:\windows\system32\drivers\agrsm.sys <Not Verified; Agere Systems; Agere SoftModem Driver>
R3 Iviaspi (IVI ASPI Shell) - c:\windows\system32\drivers\iviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell>
R3 Pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>
R3 Ps2 - c:\windows\system32\drivers\ps2.sys <Not Verified; Hewlett-Packard Company; Hewlett-Packard Company PS2 SYS>
R3 WmBEnum (Logitech Virtual Bus Enumerator Driver) - c:\windows\system32\drivers\wmbenum.sys <Not Verified; Logitech Inc.; Logitech WingMan Software>
R3 WmFilter (Logitech WingMan HID Filter Driver) - c:\windows\system32\drivers\wmfilter.sys <Not Verified; Logitech Inc.; Logitech WingMan Software>
R3 WmXlCore (Logitech WingMan Translation Layer Driver) - c:\windows\system32\drivers\wmxlcore.sys <Not Verified; Logitech Inc.; Logitech WingMan Software>

S3 ialm - c:\windows\system32\drivers\ialmnt5.sys <Not Verified; Intel Corporation; Intel Graphics Accelerator Drivers for Windows NT(R)>
S3 nm (Network Monitor Driver) - c:\windows\system32\drivers\nmnt.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
S3 SiS315 - c:\windows\system32\drivers\sisgrp.sys <Not Verified; Silicon Integrated Systems Corporation; SiS (R) Compatible Super VGA Miniport Driver for Windows XP>
S3 USBAAPL (Apple Mobile USB Driver) - c:\windows\system32\drivers\usbaapl.sys <Not Verified; Apple, Inc.; Apple Mobile Device USB Driver>
S3 viagfx - c:\windows\system32\drivers\vtmini.sys <Not Verified; Copyright (C) VIA/S3 Graphics Co, Ltd.; UniChrome(Pro) IGP Driver>
S3 w810bus (Sony Ericsson W810 Driver driver (WDM)) - c:\windows\system32\drivers\w810bus.sys (file missing)
S3 w810mdfl (Sony Ericsson W810 USB WMC Modem Filter) - c:\windows\system32\drivers\w810mdfl.sys (file missing)
S3 w810mdm (Sony Ericsson W810 USB WMC Modem Driver) - c:\windows\system32\drivers\w810mdm.sys (file missing)
S3 w810mgmt (Sony Ericsson W810 USB WMC Device Management Drivers (WDM)) - c:\windows\system32\drivers\w810mgmt.sys (file missing)
S3 w810obex (Sony Ericsson W810 USB WMC OBEX Interface) - c:\windows\system32\drivers\w810obex.sys (file missing)
S3 WmVirHid (Logitech Virtual Hid Device Driver) - c:\windows\system32\drivers\wmvirhid.sys <Not Verified; Logitech Inc.; Logitech WingMan Software>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 CCALib8 (Canon Camera Access Library 8) - c:\program files\canon\cal\calmain.exe <Not Verified; Canon Inc.; >
R2 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>

S2 iim9cotmohu (Print Spooler Service) - c:\windows\system32\fplljkduj.exe /service (file missing)
S3 p2pgasvc (Peer Networking Group Authentication) - c:\windows\system32\svchost.exe -k p2psvc <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S4 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
S4 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-06-02 20:09:11 628 --a------ C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - HP_Owner.job
2008-05-28 08:08:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-05-08 and 2008-06-08 -----------------------------

2008-06-07 22:10:11 0 d-------- C:\WINDOWS\LastGood
2008-06-07 22:09:30 0 d-------- C:\Program Files\Panda Security
2008-06-07 13:02:32 0 d-------- C:\Program Files\SpywareBlaster
2008-06-06 08:27:33 0 d-------- C:\WINDOWS\system32\CatRoot
2008-06-06 08:27:14 0 d-------- C:\WINDOWS\system32\com
2008-06-06 08:23:40 0 d--hs---- C:\found.000
2008-06-01 17:18:54 0 d-------- C:\Program Files\Common Files\Canon
2008-05-31 12:18:10 0 d-------- C:\WINDOWS\system32\Adobe
2008-05-25 17:02:03 66336 --ah----- C:\BBACADEM
2008-05-22 19:54:22 14848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-22 17:01:31 92208 --a------ C:\WINDOWS\system32\WING.DLL <Not Verified; Microsoft Corporation; WinG>


-- Find3M Report ---------------------------------------------------------------

2008-06-08 23:04:08 0 d-------- C:\Program Files\HJT
2008-06-08 23:03:07 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-08 21:11:05 0 d---s---- C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft
2008-06-08 20:41:51 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-08 20:29:43 0 d-------- C:\Program Files\VSO
2008-06-08 20:27:39 0 d-------- C:\Program Files\Common Files\Teleca Shared
2008-06-08 20:21:56 0 d-------- C:\Program Files\LucasArts
2008-06-08 17:07:13 0 d-------- C:\Program Files\Zoom Player
2008-06-07 21:48:55 0 d-------- C:\Program Files\Windows Live
2008-06-07 13:02:46 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-07 12:53:32 0 d-------- C:\Program Files\Winamp
2008-06-07 01:13:53 0 d-------- C:\Program Files\LimeWire
2008-06-07 00:39:04 0 d-------- C:\Program Files\Symantec
2008-06-01 17:26:20 0 d-------- C:\Program Files\Canon
2008-06-01 17:18:54 0 d-------- C:\Program Files\Common Files
2008-05-29 21:41:54 0 d-------- C:\Program Files\Incomplete
2008-04-25 15:22:00 0 d-------- C:\Program Files\QuickTime
2008-04-25 15:08:51 0 d-------- C:\Program Files\Apple Software Update
2008-04-23 23:35:55 0 d-------- C:\Program Files\Common Files\DVDVideoSoft
2008-04-23 23:35:52 0 d-------- C:\Program Files\DVDVideoSoft
2008-04-16 23:42:43 0 d-------- C:\Program Files\Azureus
2008-04-15 23:29:59 0 d-------- C:\Program Files\Chessmaster 8000
2008-04-12 00:30:04 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-04-10 22:43:18 0 d-------- C:\Program Files\Common Files\Control Panels
2008-04-10 22:42:55 0 d-------- C:\Program Files\Common Files\Adobe
2008-03-27 02:12:54 151583 --a------ C:\WINDOWS\system32\msjint40.dll <Not Verified; Microsoft Corporation; Microsoft (R) Jet>
2008-03-19 03:47:00 1845248 --a------ C:\WINDOWS\system32\win32k.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-03-18 21:49:47 335 --a------ C:\WINDOWS\mozregistry.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5AA2BA46-9913-4dc7-9620-69AB0FA17AE7}]
C:\Program Files\alot\bin\alot.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
08/24/2007 09:51 PM 316784 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
03/20/2008 08:16 PM 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [08/24/2007 10:53 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [02/14/2008 11:01 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [12/11/2007 01:10 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"SymLnch"="C:\Documents and Settings\HP_Owner.AE066C3A9B\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070826\Support\SymLnch\SymLnch.exe" "C:\Documents and Settings\HP_Owner.AE066C3A9B\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070826\Setup.exe" "/REALUPREBOOT /temp /patched"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Suitcase Startup.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Suitcase Startup.lnk
backup=C:\WINDOWS\pss\Suitcase Startup.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
backup=C:\WINDOWS\pss\Updates from HP.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^HP_Owner.AE066C3A9B^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\HP_Owner.AE066C3A9B\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
"C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EYTHM]
C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
ALCWZRD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
"C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoTBar]
c:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DXDllRegExe]
dxdllreg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fplljkduj]
C:\WINDOWS\system32\fplljkduj.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
"C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"C:\Program Files\HP\HP Software Update\HPWuSchd.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon06]
C:\WINDOWS\system32\hphmon06.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD06]
c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
c:\windows\system\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
C:\HP\KBD\KBD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
C:\WINDOWS\system32\ps2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
C:\WINDOWS\SMINST\RECGUARD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
"C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpeedUpMyPC]
C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0 -reboot 1

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS11 Preload]
C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ATI Smart"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"MDM"=2 (0x2)
"ISPwdSvc"=3 (0x3)
"UleadBurningHelper"=2 (0x2)
"Capture Device Service"=2 (0x2)
"usnjsvc"=3 (0x3)
"ose"=3 (0x3)
"Adobe LM Service"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"LiveUpdate Notice"=2 (0x2)
"LiveUpdate"=3 (0x3)
"Automatic LiveUpdate Scheduler"=2 (0x2)
"Bonjour Service"=2 (0x2)
"Adobe Version Cue CS3"=3 (0x3)
"WLSetupSvc"=3 (0x3)
"comHost"=3 (0x3)
"rpcapd"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc p2psvc p2pimsvc p2pgasvc PNRPSvc

*Newly Created Service* - COMHOST
*Newly Created Service* - RKPAVPROC



-- End of Deckard's System Scanner: finished at 2008-06-08 23:05:02 ------------
Attached Files
File Type: txt ActiveScan.txt (15.5 KB, 3 views)
File Type: txt extra.txt (24.8 KB, 12 views)
kiranaus is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here