LinkBack URL
About LinkBacks- 05-04-2009 04:42 PM #21Member
- Join Date
- Apr 2009
- Posts
- 29
- Points
- 0
it still...
is giving me this msg:
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !
Contents of C:\boot.ini:
[boot loader]
timeout=30
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=1 /fastdetect
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS=2 /fastdetect
scsi(0)disk(0)rdisk(0)partition(1)\WINDOWS=3 /fastdetect
scsi(0)disk(0)rdisk(0)partition(2)\WINDOWS=4 /fastdetect
scsi(0)disk(0)rdisk(1)partition(2)\WINDOWS=5 /fastdetect
scsi(0)disk(0)rdisk(1)partition(2)\WINDOWS=6 /fastdetect
C:\WINDOWS=7 /fastdetect
[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- 05-05-2009 04:07 AM #22Moderator Forum Moderator
- Join Date
- Mar 2009
- Location
- The Netherlands
- Posts
- 950
- Points
- 38
That is not right. This should be the ONLY contents of boot.ini
Please edit it again, post the bootcheck.exe log and do not reboot until I approve the contents.Code:[boot loader] timeout=30 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- 05-06-2009 05:05 PM #23Member
- Join Date
- Apr 2009
- Posts
- 29
- Points
- 0
i dont...
know what to do...it keeps givin me this msg:
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !
Contents of C:\boot.ini:
[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- 05-07-2009 01:51 AM #24Moderator Forum Moderator
- Join Date
- Mar 2009
- Location
- The Netherlands
- Posts
- 950
- Points
- 38
Looks good. You can now reboot safely. I will post instructions later (at school now).
- 05-07-2009 02:06 AM #25Member
- Join Date
- Apr 2009
- Posts
- 29
- Points
- 0
is it.....
okay? it still says recovery console not installed....I appreciate tha help, you guys rock!LOL
- 05-07-2009 10:05 AM #26Moderator Forum Moderator
- Join Date
- Mar 2009
- Location
- The Netherlands
- Posts
- 950
- Points
- 38
Hi,
Yes, like I said earlier some of Windows' files are infected but only with RC installed ComboFix can do this. RC could not install and most of the times boot.ini is wrong then. The first results of BootCheck also showed that boot.ini was completely empty or did not even exist. That is why the latest posts we have been busy creating a boot.ini that fits your computer so RC can install so ComboFix can replace the infected files.it still says recovery console not installed
Now first delete the old ComboFix executible(s) on your desktop.
Then visit this webpage for download links, and instructions for running the tool:
A guide and tutorial on using ComboFix
Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. For information on how to disable your anti virus program please see this:
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
Go on with the ComboFix guide when it opens its log please post it together with a new HJT log.
The ComboFix log is saved here: C:\ComboFix.txt
Regards,
John.
- 05-07-2009 11:20 AM #27Member
- Join Date
- Apr 2009
- Posts
- 29
- Points
- 0
tha recovery console....
worked like a charm...heres tha results for combofix.....
ComboFix 09-05-06.08 - Danny 05/07/2009 12:16.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2191 [GMT -4:00]
Running from: c:\documents and settings\Danny\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
.
((((((((((((((((((((((((( Files Created from 2009-04-07 to 2009-05-07 )))))))))))))))))))))))))))))))
.
2009-05-07 04:12 . 2009-05-07 04:12 -------- d-----w c:\program files\Mozilla ActiveX Control v1.7.12
2009-05-07 04:11 . 2009-05-07 04:11 -------- d-----w c:\program files\VideoLAN
2009-05-07 04:09 . 2009-05-07 04:12 -------- d-----w c:\program files\Graboid
2009-05-04 11:43 . 2009-05-04 11:43 547840 ----a-w c:\windows\system32\wiaaut.dll
2009-05-01 23:02 . 2009-05-01 23:02 -------- d-----w c:\program files\DAEMON Tools Toolbar
2009-05-01 23:02 . 2009-05-02 12:45 -------- d-----w c:\program files\DAEMON Tools Lite
2009-04-30 08:49 . 2009-04-30 08:49 -------- d-----w c:\documents and settings\All Users\Application Data\ParetoLogic
2009-04-30 08:49 . 2009-04-30 09:01 -------- d-----w c:\documents and settings\All Users\Application Data\DriverCure
2009-04-28 09:09 . 2009-04-28 09:09 0 ----a-w c:\windows\nsreg.dat
2009-04-28 04:13 . 2009-04-29 23:05 -------- d-----w C:\Downloads
2009-04-28 04:11 . 2009-04-28 04:13 -------- d-----w c:\program files\GoZilla
2009-04-25 23:14 . 2009-04-25 23:14 -------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2009-04-25 23:14 . 2009-04-25 23:14 -------- d-----w c:\program files\Viewpoint
2009-04-25 23:14 . 2009-04-25 23:17 -------- d-----w c:\documents and settings\All Users\Application Data\AOL OCP
2009-04-25 23:14 . 2009-04-25 23:14 -------- d-----w c:\documents and settings\All Users\Application Data\AOL
2009-04-25 23:13 . 2009-04-25 23:35 -------- d-----w c:\program files\Common Files\AOL
2009-04-23 00:07 . 2009-04-23 00:07 -------- d-----w c:\documents and settings\All Users\Application Data\Trymedia
2009-04-22 23:24 . 2009-04-22 23:29 29 ----a-w c:\windows\popcinfo.dat
2009-04-22 22:43 . 2009-04-22 22:43 -------- d-sh--w c:\windows\ftpcache
2009-04-22 00:01 . 2009-04-22 00:01 -------- d-----w c:\program files\EA Games
2009-04-21 23:48 . 2006-01-06 14:10 7548 ----a-w c:\windows\system32\drivers\Samhid.sys
2009-04-21 23:48 . 2006-01-04 20:39 77824 ----a-w c:\windows\system32\FDRdriver.dll
2009-04-21 23:48 . 2007-06-14 19:38 487424 ----a-w c:\windows\system32\FDRpage.dll
2009-04-21 23:48 . 2009-04-21 23:48 -------- d-----w c:\program files\PHILIPS
2009-04-21 23:48 . 2007-06-08 14:59 204800 ----a-w c:\windows\system32\CreateDir.exe
2009-04-18 22:39 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-18 22:39 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-18 22:39 . 2009-04-18 22:39 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-16 07:02 . 2009-04-16 07:02 -------- d-----w c:\windows\system32\MpEngineStore
2009-04-16 06:21 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-16 06:21 . 2008-04-21 12:08 215552 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-04-16 06:18 . 2009-03-06 14:22 284160 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-16 06:18 . 2009-02-09 12:10 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-16 06:18 . 2009-02-06 11:11 110592 -c----w c:\windows\system32\dllcache\services.exe
2009-04-16 06:18 . 2009-02-09 12:10 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-16 06:18 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-16 06:18 . 2009-02-09 12:10 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-16 06:18 . 2009-02-09 12:10 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-16 06:18 . 2009-02-09 12:10 617472 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-16 06:18 . 2009-02-09 12:10 714752 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-13 16:09 . 2009-04-17 02:55 -------- d-----w c:\program files\PokerStars
2009-04-13 03:27 . 2009-04-14 13:30 -------- d-----w c:\program files\PokerStars.NET
2009-04-12 18:43 . 2009-04-27 06:12 138184 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-04-12 18:43 . 2009-04-27 06:11 183112 ----a-w c:\windows\system32\PnkBstrB.exe
2009-04-12 18:43 . 2009-04-22 00:17 66872 ----a-w c:\windows\system32\PnkBstrA.exe
2009-04-12 17:41 . 2009-04-12 17:41 -------- d-----w c:\documents and settings\All Users\Application Data\Electronic Arts
2009-04-12 17:40 . 2009-04-12 17:40 -------- d-----w c:\program files\Electronic Arts
2009-04-12 17:40 . 2009-04-12 17:40 -------- d-----w C:\ProgramData
2009-04-12 17:40 . 2009-04-12 17:40 2784 ----a-w c:\windows\system32\ealregsnapshot1.reg
2009-04-12 06:34 . 2009-04-12 06:34 4212 ---ha-w c:\windows\system32\zllictbl.dat
2009-04-12 06:33 . 2009-04-12 16:50 -------- d-----w c:\windows\Internet Logs
2009-04-11 11:41 . 2009-04-11 11:45 -------- d-----w c:\program files\Common Files\DivX Shared
2009-04-11 08:13 . 2009-04-11 08:13 -------- d-sh--w c:\documents and settings\LocalService\IETldCache
2009-04-11 08:11 . 2009-04-11 08:11 -------- d-sh--w c:\documents and settings\Danny\IETldCache
2009-04-11 08:09 . 2009-04-11 08:32 -------- d-----w c:\windows\ie8updates
2009-04-11 08:09 . 2009-02-20 18:09 78336 ----a-w c:\windows\system32\ieencode.dll
2009-04-11 08:07 . 2009-02-28 04:55 105984 -c----w c:\windows\system32\dllcache\iecompat.dll
2009-04-11 00:51 . 2009-04-12 16:50 -------- d-----w c:\program files\Yahoo!
2009-04-10 23:59 . 2009-05-02 13:07 11952 ----a-w c:\windows\system32\avgrsstx.dll
2009-04-10 23:59 . 2009-05-02 13:07 325896 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-04-10 23:59 . 2009-05-07 08:55 -------- d-----w c:\windows\system32\drivers\Avg
2009-04-10 23:59 . 2009-05-02 13:07 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-04-10 23:04 . 2009-04-10 23:04 -------- d-----w C:\HJT
2009-04-10 17:17 . 2009-04-10 17:17 -------- d-----w c:\program files\Trend Micro
2009-04-10 17:02 . 2009-04-10 17:07 -------- d-----w C:\IE-SPYAD
2009-04-10 16:05 . 2009-04-10 16:05 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-10 15:53 . 2009-04-10 15:57 -------- d-----w c:\windows\SxsCaPendDel
2009-04-10 14:40 . 2009-04-10 14:40 -------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-04-10 14:40 . 2009-05-01 23:01 -------- d-----w c:\program files\SUPERAntiSpyware
2009-04-09 06:49 . 2009-04-09 06:50 -------- d-----w c:\windows\system32\Adobe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-02 03:43 . 2009-01-16 14:28 -------- d-----w c:\program files\Java
2009-04-30 08:47 . 2009-01-16 13:48 721904 ----a-w c:\windows\system32\drivers\sptd.sys
2009-04-29 17:54 . 2009-03-11 22:26 -------- d-----w c:\program files\9Dragons
2009-04-28 07:00 . 2009-03-17 06:05 -------- d-----w c:\program files\Trojan Remover
2009-04-27 22:46 . 2009-01-16 13:57 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-25 05:28 . 2009-01-16 14:51 -------- d-----w c:\program files\Google
2009-04-23 17:39 . 2009-01-16 13:57 -------- d-----w c:\program files\AGEIA Technologies
2009-04-23 17:38 . 2009-01-16 13:58 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-23 17:38 . 2009-01-16 13:58 -------- d-----w c:\program files\NVIDIA Corporation
2009-04-12 17:40 . 2009-01-16 17:23 -------- d-----w c:\program files\Common Files\InstallShield
2009-04-11 09:00 . 2009-01-16 14:52 -------- d-----w c:\program files\Vuze
2009-03-31 20:22 . 2009-03-31 20:22 8192 ----a-w C:\mtwb.dat
2009-03-30 20:53 . 2009-03-30 20:53 -------- d-----w c:\program files\Fast Browser SearchP
2009-03-29 05:35 . 2009-03-29 05:35 -------- d-----w c:\program files\Common Files\DirectX
2009-03-29 00:04 . 2009-03-29 00:04 -------- d-----w c:\program files\AVG
2009-03-27 08:51 . 2009-03-15 23:49 664 ----a-w c:\windows\system32\d3d9caps.dat
2009-03-27 06:34 . 2009-01-18 22:39 3 ----a-w c:\windows\sbacknt.bin
2009-03-27 04:28 . 2009-03-21 20:40 -------- d-----w c:\program files\MySpace
2009-03-19 15:38 . 2009-03-19 15:38 -------- d-----w c:\program files\BitTorrent
2009-03-19 15:08 . 2009-03-19 15:08 499712 ----a-w c:\windows\system32\msvcp71.dll
2009-03-19 06:18 . 2009-03-19 06:18 -------- d-----w c:\program files\WinPcap
2009-03-11 23:43 . 2009-03-11 23:43 -------- d-----w c:\program files\Common Files\INCA Shared
2009-03-09 09:19 . 2009-01-16 15:03 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-06 14:22 . 2008-02-11 03:12 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2008-02-11 03:14 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-24 19:34 . 2009-02-24 19:34 90112 ----a-w c:\windows\system32\dpl100.dll
2009-02-24 19:34 . 2009-02-24 19:34 823296 ----a-w c:\windows\system32\divx_xx0c.dll
2009-02-24 19:34 . 2009-02-24 19:34 823296 ----a-w c:\windows\system32\divx_xx07.dll
2009-02-24 19:34 . 2009-02-24 19:34 815104 ----a-w c:\windows\system32\divx_xx0a.dll
2009-02-24 19:34 . 2009-02-24 19:34 802816 ----a-w c:\windows\system32\divx_xx11.dll
2009-02-24 19:34 . 2009-02-24 19:34 684032 ----a-w c:\windows\system32\DivX.dll
2009-02-09 12:10 . 2008-02-11 03:11 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2008-02-11 03:12 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 12:10 . 2008-02-11 03:12 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2008-02-11 03:09 617472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 11:13 . 2008-02-11 03:13 1846784 ----a-w c:\windows\system32\win32k.sys
.
------- Sigcheck -------
[-] 2009-01-16 13:56 502272 6225F14B8CE08CCBA8B25AD27843C674 c:\windows\$NtServicePackUninstall$\winlogon.exe
[7] 2008-04-14 00:12 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2009-01-16 23:09 507904 679A7259741F6A09994F02CE261B5F2E c:\windows\system32\winlogon.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-04-24_22.15.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-07 07:26 . 2009-05-07 07:26 16384 c:\windows\Temp\Perflib_Perfdata_5e4.dat
+ 2009-05-07 07:26 . 2009-05-07 07:26 16384 c:\windows\Temp\Perflib_Perfdata_530.dat
+ 2008-02-11 03:12 . 2009-04-28 21:14 78318 c:\windows\system32\perfc009.dat
- 2008-02-11 03:12 . 2009-04-16 07:20 78318 c:\windows\system32\perfc009.dat
+ 2006-01-31 12:21 . 2006-01-31 12:21 25900 c:\windows\system32\drivers\scdemu.sys
+ 2009-04-10 23:59 . 2009-05-02 13:07 27784 c:\windows\system32\drivers\avgmfx86.sys
+ 2008-02-11 03:12 . 2008-04-14 00:12 84992 c:\windows\system32\dllcache\olepro32.dll
+ 2009-04-27 22:47 . 2009-04-27 22:47 65024 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2009-04-27 22:47 . 2009-04-27 22:47 18944 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2009-04-25 23:14 . 2009-04-25 23:14 38428 c:\windows\Downloaded Program Files\unagiuninst.exe
- 2008-02-11 03:12 . 2009-04-16 07:20 462498 c:\windows\system32\perfh009.dat
+ 2008-02-11 03:12 . 2009-04-28 21:14 462498 c:\windows\system32\perfh009.dat
- 2009-01-16 14:28 . 2009-03-17 06:17 148888 c:\windows\system32\javaws.exe
+ 2009-01-16 14:28 . 2009-03-09 09:19 148888 c:\windows\system32\javaws.exe
- 2009-01-16 14:28 . 2009-03-17 06:17 144792 c:\windows\system32\javaw.exe
+ 2009-01-16 14:28 . 2009-03-09 09:19 144792 c:\windows\system32\javaw.exe
+ 2009-01-16 14:28 . 2009-03-09 09:19 144792 c:\windows\system32\java.exe
- 2009-01-16 14:28 . 2009-03-17 06:17 144792 c:\windows\system32\java.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-03-28 3325952]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-05-01 1830128]
"DAEMON Tools Lite"="e:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-12 13672448]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-02 1947928]
"Go!Zilla"="c:\program files\GoZilla\Goz.exe" [2008-06-25 3350800]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-11-12 1630208]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-12-12 16859136]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-02 13:07 11952 ----a-w c:\windows\system32\avgrsstx.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"e:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"d:\\Program Files\\Crysis\\Bin32\\Crysis.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Program Files\\BlackSite Area 51\\Binaries\\BlackSite.exe"=
"d:\\Program Files\\Combat Flight Simulator 3\\cfs3.exe"=
"d:\\Program Files\\Combat Flight Sim\\COMBATFS.EXE"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [4/10/2009 7:59 PM 325896]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [4/10/2009 7:59 PM 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [3/23/2009 2:07 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [3/23/2009 2:07 PM 72944]
R1 SSHDRV85;SSHDRV85;c:\windows\system32\drivers\SSHDRV85.sys [1/16/2009 7:22 PM 78848]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [4/10/2009 7:59 PM 908568]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [4/10/2009 7:59 PM 298776]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [11/15/2007 4:30 PM 34064]
R3 samhid;samhid;c:\windows\system32\drivers\Samhid.sys [4/21/2009 7:48 PM 7548]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [3/23/2009 2:07 PM 7408]
S2 gupdate1c9a2721f672196;Google Update Service (gupdate1c9a2721f672196);c:\program files\Google\Update\GoogleUpdate.exe [3/11/2009 1:52 PM 133104]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [4/25/2009 7:14 PM 24652]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\M]
\Shell\AutoRun\command - M:\SETUP.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9cfdd0e5-e3d2-11dd-956b-92fb5d3e4d3a}]
\Shell\AutoRun\command - M:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
2009-05-07 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-11 17:52]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
LSP: %SYSTEMROOT%\system32\nvLsp.dll
FF - ProfilePath - c:\documents and settings\Danny\Application Data\Mozilla\Firefox\Profiles\cf1ujdwv.default\
FF - prefs.js: browser.startup.homepage - google
FF - component: c:\program files\Google\Google Gears\Firefox\components\gears.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-07 12:17
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-682003330-2052111302-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:09,56,55,b3,13,5a,35,44,47,69,2c,26,83,90,75,62,3b,e0,a2,1b,3e,
71,36,eb,eb,c9,2a,03,0e,13,bd,99,60,aa,95,b3,62,3c,53,1b,b4,53,e1,29,9b,f8,\
"rkeysecu"=hex:4b,42,26,12,ba,ed,84,20,54,0e,90,e4,8a,24,66,5e
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(764)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
- - - - - - - > 'lsass.exe'(820)
c:\windows\system32\nvLsp.dll
- - - - - - - > 'explorer.exe'(3944)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-05-07 12:18
ComboFix-quarantined-files.txt 2009-05-07 16:18
ComboFix2.txt 2009-04-29 22:22
ComboFix3.txt 2009-04-24 22:17
Pre-Run: 12,673,875,968 bytes free
Post-Run: 12,665,274,368 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
269 --- E O F --- 2009-04-16 07:02
- 05-07-2009 11:24 AM #28Member
- Join Date
- Apr 2009
- Posts
- 29
- Points
- 0
and this is hijackthis results....
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:23:19 PM, on 5/7/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\windows\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Customize Your Settings
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.16.0\gears.dll
O2 - BHO: Go!Zilla IE Helper - {E1FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GoZilla\GozCatch.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Go!Zilla] C:\Program Files\GoZilla\Goz.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "E:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.16.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.16.0\gears.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1232117994375
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: Google Update Service (gupdate1c9a2721f672196) (gupdate1c9a2721f672196) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\windows\system32\GameMon.des.exe (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe
O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
--
End of file - 7769 bytes
- 05-08-2009 01:06 AM #29Moderator Forum Moderator
- Join Date
- Mar 2009
- Location
- The Netherlands
- Posts
- 950
- Points
- 38
Today, in the next 24 hours, I will not be able to reply, but shortly after I will. Sorry for the delay.
- 05-08-2009 01:30 AM #30Member
- Join Date
- Apr 2009
- Posts
- 29
- Points
- 0
I had....
a friend come over and reinstall windows....I think it helped...my comp is alot faster and nothing got picked up by virus scans....here is a hijackthis log after reinstall:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:19:45 AM, on 5/8/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\MSI\Live Update 3\LMonitor.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\MSI\SecureDoc\Logon.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\MSI\DualCoreCenter\DualCoreCenter.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Web Search :: DAEMON-Search.com
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.16.0\gears.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe
O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - Global Startup: DualCoreCenter.lnk = C:\Program Files\MSI\DualCoreCenter\StartUpDualCoreCenter.exe
O4 - Global Startup: SecureDoc.lnk = C:\Program Files\MSI\SecureDoc\Logon.exe
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.16.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.16.0\gears.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Update Service (gupdate1c9cf9ad533cda8) (gupdate1c9cf9ad533cda8) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
--
End of file - 4748 bytes
Reply With Quote
