Browser redirects to Shopica and various sites (Hijacked ?)

Page 1 of 2 1, 2  Next

View previous topic View next topic Go down

Re: Browser redirects to Shopica and various sites (Hijacked ?)

Post by Dr Jay on 18th July 2010, 3:31 am

Please download [You must be registered and logged in to see this link.] and save it to your Desktop. Do NOT perform a scan yet

  • Double-click on drweb-cureit.exe to start the program.
    An Express Scan of your PC notice will appear.
  • Under Start the Express Scan Now, Click OK to start the scan.
    This is a short scan that will scan the files currently running in memory.
    If something is found, click the Yes button when it asks you if you want to cure it.
  • Once the short scan has finished, Click Options > Change settings
  • Choose the Scan tab and UNcheck Heuristic analysis
  • Back at the main window, click Custom Scan, then Select drives (a red dot will show which drives have been chosen).
  • Then click the Start/Stop Scanning button (green arrow on the right, and the scan will start.
  • When finished, a message will be displayed at the bottom advising if any viruses were found.
  • Click Yes to all if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can see the icon next to the files found.
    If so, click it, then click the next icon right below and select Move incurable.
    (This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)
  • Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
  • Save the DrWeb.csv report to your Desktop.
  • Exit Dr.Web Cureit when you have finished.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13743
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302211
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Browser redirects to Shopica and various sites (Hijacked ?)

Post by Resto on 18th July 2010, 1:03 pm

Dr.Web CureIt report posted per your request. Thank you.

couponprinter.exe\data012;C:\Documents and Settings\HP_Owner\Desktop\couponprinter.exe;Adware.Coupons.34;;
couponprinter.exe\data013;C:\Documents and Settings\HP_Owner\Desktop\couponprinter.exe;Adware.Coupons.34;;
couponprinter.exe\data015;C:\Documents and Settings\HP_Owner\Desktop\couponprinter.exe;Adware.Coupons.34;;
couponprinter.exe\data016;C:\Documents and Settings\HP_Owner\Desktop\couponprinter.exe;Adware.Coupons.34;;
couponprinter.exe;C:\Documents and Settings\HP_Owner\Desktop;Container contains infected objects;Moved.;
KillWind.exe;C:\hp\bin;Tool.ProcessKill;Incurable.Moved.;
A0027584.ocx;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP302;Adware.Coupons.34;Incurable.Moved.;
A0027592.exe\data012;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP302\A0027592.exe;Adware.Coupons.34;;
A0027592.exe\data013;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP302\A0027592.exe;Adware.Coupons.34;;
A0027592.exe\data015;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP302\A0027592.exe;Adware.Coupons.34;;
A0027592.exe\data016;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP302\A0027592.exe;Adware.Coupons.34;;
A0027592.exe;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP302;Container contains infected objects;Moved.;
CouponPrinter.ocx;C:\WINDOWS;Adware.Coupons.34;Incurable.Moved.;

Resto
Intermediate
Intermediate

Posts Posts : 63
Joined Joined : 2009-09-17
OS OS : Windows 7 64 bit
Points Points : 27041
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Browser redirects to Shopica and various sites (Hijacked ?)

Post by Dr Jay on 18th July 2010, 6:59 pm

Are the browser redirects still continuing?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13743
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302211
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Browser redirects to Shopica and various sites (Hijacked ?)

Post by Resto on 18th July 2010, 10:16 pm

I have not experienced any more browser redirects. Thank you.
What's next ?!

Resto
Intermediate
Intermediate

Posts Posts : 63
Joined Joined : 2009-09-17
OS OS : Windows 7 64 bit
Points Points : 27041
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Browser redirects to Shopica and various sites (Hijacked ?)

Post by Dr Jay on 19th July 2010, 5:57 am

Please run a free online scan with the [You must be registered and logged in to see this link.]
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13743
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302211
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Browser redirects to Shopica and various sites (Hijacked ?)

Post by Resto on 19th July 2010, 1:15 pm

DragonMaster Jay, Good morning. Here is the ESET log. Thanks.

# version=7
# iexplore.exe=6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=de057ca556d10540beb6fb0959be0d90
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-07-19 01:01:16
# local_time=2010-07-19 09:01:16 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 25427998 25427998 0 0
# compatibility_mode=1024 16777175 100 0 2259045 2259045 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=93366
# found=0
# cleaned=0
# scan_time=3094

Resto
Intermediate
Intermediate

Posts Posts : 63
Joined Joined : 2009-09-17
OS OS : Windows 7 64 bit
Points Points : 27041
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Browser redirects to Shopica and various sites (Hijacked ?)

Post by Dr Jay on 20th July 2010, 2:12 am

Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:
  • Select Start > All Programs > Accessories > System tools > System Restore.
  • On the dialogue box that appears select Create a Restore Point
  • Click NEXT
  • Enter a name e.g. Clean
  • Click CREATE

You now have a clean restore point, to get rid of the bad ones:
  • Select Start > All Programs > Accessories > System tools > Disk Cleanup.
  • In the Drop down box that appears select your main drive e.g. C
  • Click OK
  • The System will do some calculation and the display a dialogue box with TABS
  • Select the More Options Tab.
  • At the bottom will be a system restore box with a CLEANUP button click this
  • Accept the Warning and select OK again, the program will close and you are done


To remove all of the tools we used and the files and folders they created, please do the following:
Please download [You must be registered and logged in to see this link.] by OldTimer:

  • Save it to your Desktop.
  • Double click OTC.exe.
  • Click the CleanUp! button.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

==

Please download [You must be registered and logged in to see this link.] to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start
    button to begin the process. Depending on how often you clean temp
    files, execution time should be anywhere from a few seconds to a minute
    or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.


==

Download Security Check by screen317 from [You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.].
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13743
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302211
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Browser redirects to Shopica and various sites (Hijacked ?)

Post by Resto on 20th July 2010, 3:29 am

The requested document is posted below. It looks like I have several things that are out of date. If they are able to be updated, I will be glad to do so. Do you have instructions on how to best do this ? Thanks !

Results of screen317's Security Check version 0.99.4
Windows XP Service Pack 2
[You must be registered and logged in to see this link.]
Internet Explorer 6 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
AVG Free 9.0
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
HijackThis 2.0.2
Java(TM) 6 Update 15
Out of date Java installed!
Adobe Flash Player 10.0.42.34
Adobe Reader 6.0.1
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent

AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
````````````````````````````````
DNS Vulnerability Check:

Unknown. This method cannot test your vulnerability to DNS cache poisoning.

``````````End of Log````````````

Resto
Intermediate
Intermediate

Posts Posts : 63
Joined Joined : 2009-09-17
OS OS : Windows 7 64 bit
Points Points : 27041
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Browser redirects to Shopica and various sites (Hijacked ?)

Post by Dr Jay on 20th July 2010, 4:07 am

Please upgrade to Windows XP SP3, because it includes all previously released updates. It also includes a small number of new functionalities. Some of the updates that Service Pack 3 provides, you may not have. It is now available via [You must be registered and logged in to see this link.].

More info about SP3: [You must be registered and logged in to see this link.]

==============================

Please download the newest version of Adobe Acrobat Reader from [You must be registered and logged in to see this link.]

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.

==

Please download the newest version of Java from [You must be registered and logged in to see this link.].

Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment). Please uninstall/remove each of them.

Once old versions are gone, please install the newest version.

========================

Please read the following information that I have provided, which will help you prevent malicious software in the future. Please keep in mind, malware is a continuous danger on the Internet. It is highly important to stay safe while browsing, to prevent re-infection.

Software recommendations

Firewall

  • [You must be registered and logged in to see this link.]: the free version is just as good as the premium. I have linked you to the free version.
  • [You must be registered and logged in to see this link.]: the free version is just as good as the premium. I have linked you to the free version. The optional security suite enhances the firewall by 40% increase. If you would like to install the suite that includes antivirus, then remove your old antivirus first.
  • [You must be registered and logged in to see this link.]: free and excellent firewall.


AntiSpyware

  • [You must be registered and logged in to see this link.]
    SpywareBlaster is a program that prevents spyware from installing on your computer. A tutorial on using SpywareBlaster may be found [You must be registered and logged in to see this link.].
  • [You must be registered and logged in to see this link.].
    Spybot - Search & Destroy is a spyware and adware removal program. It also has realtime protection, TeaTimer to help safeguard your computer against spyware. (The link for Spybot - Search & Destroy contains a tutorial that will help you download, install, and begin using Spybot).


NOTE: Please keep ALL of these programs up-to-date and run them whenever you suspect a problem to prevent malware problems.

Resident Protection help
A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall, and scanning anti-spyware program at a time. Passive protectors such as SpywareBlaster can be run with any of them.

Securing your computer

  • [You must be registered and logged in to see this link.] - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • [You must be registered and logged in to see this link.] replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is your local computer's loopback address, meaning it will be difficult to infect your computer in the future.


Please consider using an alternate browser
Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScript, can make it even more secure. Opera is another good option.

If you are interested:


See [You must be registered and logged in to see this link.] for more info about malware and prevention.

Thank you for choosing GeekPolice. Please see [You must be registered and logged in to see this link.] if you would like to leave feedback or contribute to our site. Do you have any more questions?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13743
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302211
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Browser redirects to Shopica and various sites (Hijacked ?)

Post by Resto on 21st July 2010, 5:35 am

Sorry for the delay in replying to you.

Thanks for all you have done to rectify my issue. Everything seems to be working well at this time.

I will carefully follow your instructions to update all of the suggested items.

I really appreciate the professional and courteous assistance you have provided !

Resto
Intermediate
Intermediate

Posts Posts : 63
Joined Joined : 2009-09-17
OS OS : Windows 7 64 bit
Points Points : 27041
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Browser redirects to Shopica and various sites (Hijacked ?)

Post by Resto on 13th August 2010, 3:29 am

Since the above-referenced malware was removed from my computer, I have not had the need to utilize my internal DVD Burner - until today. I am not sure if this is related to any of the disinfection procedures or if it is another issue entirely, but I thought I would ask your opinion about this issue.

If I am not mistaken, it seems that there was something suspicious related to my ATAPI and cdrom drivers.

RKU showed:

>Stealth
==============================================
0xF7411000 WARNING: suspicious driver modification [atapi.sys::0x86383AEA]
0xF76C8000 WARNING: Virus alike driver modification [cdrom.sys], 53248 bytes
==============================================

You then asked me to do this with Combo Fix:

killall::
TDL::
c:\windows\system32\drivers\cdrom.sys
c:\windows\system32\drivers\atapi.sys

Reboot::

--------------------------------------------------------------------------------

Could any of this be contributing to my current issue ?

My burner / player will play recorded DVD and CD media perfectly, however it will not recognize blank media when I install it to burn. As soon as a blank DVD is inserted, it begins to spin continuously at a high rate of speed. Burning software does not show that the blank media has been detected. Closing the burning software does not stop the spinning. As a matter of fact, the blank media spins continuously and will not stop even when there are no applications or processes open. I should add that I am using the same blank media (DVD-R) from the same package of blank media that has always worked properly. I have also tried numerous DVD's from a stack of 100 of these blank media to rule out whether the discs were faulty or not.

While the blank media is spinning.... if I open "My Computer" to view properties of my E: drive - and right click on the E: drive - I get an hourglass and no window opens up for me to view properties. Everything seems to hang up at this point. When I finally get this closed down via Task Manager, my desktop has no icons visible - no Start icon or anything - and the blank media is still spinning at high speed in the DVD burner / player. The only thing I can do to restore functionality is to manually shut off my machine with the power switch.

The only thing that seems to stop the spinning media is blind luck. I push the eject button on the internal DVD burner / player....sometimes this stops the spinning media and it ejects correctly....sometimes pushing the eject button does nothing at all.... sometimes pushing the eject button opens the drawer with the blank media still spinning at top speed. Very confusing.

Device Manager says that the device is working properly and that I have the most updated driver available for the device.

Any ideas, troubleshooting tips, or instructions for me to follow ?

As always, thanks in advance for your assistance.

Resto
Intermediate
Intermediate

Posts Posts : 63
Joined Joined : 2009-09-17
OS OS : Windows 7 64 bit
Points Points : 27041
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Browser redirects to Shopica and various sites (Hijacked ?)

Post by Dr Jay on 14th August 2010, 4:57 am

Go to this page, and click on the Run now button: [You must be registered and logged in to see this link.]

It will run a diagnostic to tell you why you cannot play media, etc.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13743
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302211
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Browser redirects to Shopica and various sites (Hijacked ?)

Post by Resto on 14th August 2010, 6:02 pm

DragonMaster Jay,

Thanks for the recommendation, but it is not working.

This computer will not connect to the Microsoft Support site. I have clicked on the link you gave me above. I have manually entered that URL in the address bar. I have also tried support.microsoft.com as well. No luck connecting with any of these methods.

My other computer readily accesses the link you have provided, so I'm guessing that there is still something not quite right with this computer.

Any further assistance will be greatly appreciated.

Resto
Intermediate
Intermediate

Posts Posts : 63
Joined Joined : 2009-09-17
OS OS : Windows 7 64 bit
Points Points : 27041
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Browser redirects to Shopica and various sites (Hijacked ?)

Post by Resto on 15th August 2010, 4:01 am

Not sure why I was not able to access the Microsoft Security website earlier today. I was able to easily get to it with no issues tonight. I ran the diagnostic you requested. The log is posted below. Thank you.
------------------------------------------------------------------------------------------

CD/DVD Reading and WritingPublisher details

Issues found
Media in CD/DVD drive is not readable (HL-DT-ST DVDRRW GWA-4161B)Media in
CD/DVD drive is not readable (HL-DT-ST DVDRRW GWA-4161B)
The drive is empty or the media format is not supportedNot fixed
Insert readable mediaSucceeded

Issues checked
Class filter drivers are corruptClass filter drivers are corrupt
One or more class-specific filter drivers are missing/corruptChecked
Device filter drivers are corrupt (HL-DT-ST DVDRRW GWA-4161B)Device filter
drivers are corrupt (HL-DT-ST DVDRRW GWA-4161B)
One or more device-specific filter drivers are missing/corruptChecked
Device is not working properly (HL-DT-ST DVDRRW GWA-4161B)Device is not
working properly (HL-DT-ST DVDRRW GWA-4161B)
This device is experiencing a problem that is preventing it from working
properlyChecked
Drive is disabled (HL-DT-ST DVDRRW GWA-4161B)Drive is disabled (HL-DT-ST
DVDRRW GWA-4161B)
The CD/DVD drive have been disabled in Device ManagerChecked
Drive is not assigned a drive letterDrive is not assigned a drive letter
The CD/DVD drive is not accessible via an assigned drive letterChecked

Issues foundDetection details

6Media in CD/DVD drive is not readable (HL-DT-ST DVDRRW
GWA-4161B)Not fixed

The drive is empty or the media format is not supported
Insert readable mediaSucceeded

Insert a readable CD or DVD into the selected CD/DVD drive


Issues checkedDetection details

6Class filter drivers are corruptChecked

One or more class-specific filter drivers are missing/corrupt
Repair class filter driversNot Run

Remove missing/corrupt class filter driver references

6Device filter drivers are corrupt (HL-DT-ST DVDRRW
GWA-4161B)Checked

One or more device-specific filter drivers are missing/corrupt
Uninstall deviceNot Run

Uninstall the problem device

6Device is not working properly (HL-DT-ST DVDRRW GWA-4161B)Checked

This device is experiencing a problem that is preventing it from working
properly
Rescan devicesNot Run

Check for changes in available devices
Uninstall deviceNot Run

Assign drive letters to all drives that do not have drive letter

6Drive is disabled (HL-DT-ST DVDRRW GWA-4161B)Checked

The CD/DVD drive have been disabled in Device Manager
Enable the deviceNot Run

The device must be enabled before it can be used

6Drive is not assigned a drive letterChecked

The CD/DVD drive is not accessible via an assigned drive letter
Assign drive letterNot Run

Assign drive letters to all drives that do not have drive letter


Detection details

Collection information
Computer Name: CHRIS
Windows Version:5.1
Architecture:x86
Time:8/14/2010 11:47:02 PM

Publisher details

CD/DVD Reading and Writing
This diagnostic identifies and resolves common problems that may prevent
you from reading and writing CDs/DVDs
Package Version:2.0
Publisher:Microsoft Corporation


Resto
Intermediate
Intermediate

Posts Posts : 63
Joined Joined : 2009-09-17
OS OS : Windows 7 64 bit
Points Points : 27041
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Browser redirects to Shopica and various sites (Hijacked ?)

Post by Dr Jay on 16th August 2010, 8:38 pm

cdrom.sys is damaged. We will need to replace that.

Please download SystemLook from one of the links below and save it to your Desktop.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code:
    :filefind
    cdrom.sys

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13743
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302211
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Browser redirects to Shopica and various sites (Hijacked ?)

Post by Resto on 16th August 2010, 11:42 pm

Thank you.

SystemLook log per your request:

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 19:39 on 16/08/2010 by HP_Owner (Administrator - Elevation successful)

========== filefind ==========

Searching for "cdrom.sys"
C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys -----c 49536 bytes [03:30 23/07/2010] [12:00 04/08/2004] AF9C19B3100FE010496B1A27181FBF72
C:\WINDOWS\ServicePackFiles\i386\cdrom.sys ------ 62976 bytes [21:46 18/08/2008] [18:40 13/04/2008] 1F4260CC5B42272D71F79E570A27A4FE
C:\WINDOWS\system32\drivers\cdrom.sys --a--- 62976 bytes [12:00 04/08/2004] [18:40 13/04/2008] 1F4260CC5B42272D71F79E570A27A4FE

-=End Of File=-

Resto
Intermediate
Intermediate

Posts Posts : 63
Joined Joined : 2009-09-17
OS OS : Windows 7 64 bit
Points Points : 27041
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Browser redirects to Shopica and various sites (Hijacked ?)

Post by Dr Jay on 17th August 2010, 4:20 am

Please download ComboFix from [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.] (Click the green button on the page to download it).

Rename ComboFix.exe to combo-fix.exe before you save it to your Desktop
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in the quotebox below into it:
    killall::

    FCopy::
    C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys | C:\WINDOWS\system32\drivers\cdrom.sys

    Reboot::
  • Save this as CFScript.txt, in the same location as ComboFix.exe



  • Referring to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at C:\ComboFix.txt
  • Please post the contents of the log in your next reply.




NOTE:
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It should just continue scanning.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13743
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302211
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Browser redirects to Shopica and various sites (Hijacked ?)

Post by Resto on 17th August 2010, 5:51 am

ComboFix log posted below. Thank you.

------------------------------------------------------------------------------------------

ComboFix 10-08-16.03 - HP_Owner 08/17/2010 1:28.5.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.566 [GMT -4:00]
Running from: c:\documents and settings\HP_Owner\Desktop\combo-fix.exe
Command switches used :: c:\documents and settings\HP_Owner\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\HP_Owner\Application Data\inst.exe

.
--------------- FCopy ---------------

c:\windows\$NtServicePackUninstall$\cdrom.sys --> c:\windows\system32\drivers\cdrom.sys
.
((((((((((((((((((((((((( Files Created from 2010-07-17 to 2010-08-17 )))))))))))))))))))))))))))))))
.

2010-08-16 02:24 . 2010-08-16 02:24 -------- d-----w- c:\windows\system32\XPSViewer
2010-08-16 02:24 . 2010-08-16 02:24 -------- d-----w- c:\program files\MSBuild
2010-08-16 02:24 . 2010-08-16 02:24 -------- d-----w- c:\program files\Reference Assemblies
2010-08-16 02:23 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-08-16 02:23 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-08-16 02:23 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-08-16 02:23 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-08-16 02:23 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2010-08-16 02:23 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-08-16 02:23 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-08-16 02:23 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-08-16 02:23 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2010-08-16 02:23 . 2010-08-16 02:23 -------- d-----w- C:\81fc91858e2fca0d05fc
2010-08-15 03:40 . 2010-08-15 03:40 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\ElevatedDiagnostics
2010-08-08 21:31 . 2010-08-08 21:31 503808 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-22bf9bcd-n\msvcp71.dll
2010-08-08 21:31 . 2010-08-08 21:31 499712 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-22bf9bcd-n\jmc.dll
2010-08-08 21:31 . 2010-08-08 21:31 348160 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-22bf9bcd-n\msvcr71.dll
2010-08-08 21:31 . 2010-08-08 21:31 61440 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-367b0667-n\decora-sse.dll
2010-08-08 21:31 . 2010-08-08 21:31 12800 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-367b0667-n\decora-d3d.dll
2010-07-23 12:38 . 2009-08-13 15:16 512000 ------w- c:\windows\system32\dllcache\jscript.dll
2010-07-23 03:39 . 2010-07-23 03:39 -------- d-----w- c:\windows\system32\scripting
2010-07-23 03:39 . 2010-07-23 03:39 -------- d-----w- c:\windows\l2schemas
2010-07-23 03:39 . 2010-07-23 03:39 -------- d-----w- c:\windows\system32\bits
2010-07-23 03:30 . 2010-07-23 03:30 -------- d-----w- c:\windows\EHome
2010-07-23 03:10 . 2010-07-23 03:10 -------- d-----w- c:\program files\Common Files\Java
2010-07-23 03:10 . 2010-07-23 03:10 503808 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-61b9ee4a-n\msvcp71.dll
2010-07-23 03:10 . 2010-07-23 03:10 499712 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-61b9ee4a-n\jmc.dll
2010-07-23 03:10 . 2010-07-23 03:10 348160 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-61b9ee4a-n\msvcr71.dll
2010-07-23 03:10 . 2010-07-23 03:10 61440 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-5dbcde63-n\decora-sse.dll
2010-07-23 03:10 . 2010-07-23 03:10 12800 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-5dbcde63-n\decora-d3d.dll
2010-07-23 03:10 . 2010-07-23 03:09 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-20 17:17 . 2010-07-20 17:17 921440 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgemc.exe
2010-07-20 17:17 . 2010-07-20 17:17 4368224 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2010-07-20 17:17 . 2010-07-20 17:17 1615200 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssie.dll
2010-07-20 17:17 . 2010-07-20 17:17 1107296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgxpl.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-17 05:10 . 2006-04-06 21:53 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Canon
2010-08-17 01:33 . 2006-04-30 20:00 67624 ----a-w- c:\documents and settings\HP_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-12 05:57 . 2010-05-27 19:41 -------- d-----w- c:\program files\DVDFab 7
2010-08-12 05:57 . 2010-05-27 19:42 47360 ----a-w- c:\documents and settings\HP_Owner\Application Data\pcouffin.sys
2010-08-12 05:57 . 2010-05-27 19:42 47360 ----a-w- c:\documents and settings\HP_Owner\Application Data\pcouffin.sys
2010-08-12 05:57 . 2010-05-27 19:41 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Vso
2010-08-12 04:53 . 2010-05-27 19:42 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-07-29 20:44 . 2008-12-04 05:18 -------- d-----w- c:\program files\Coupons
2010-07-24 14:27 . 2008-03-06 04:38 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2010-07-23 03:42 . 2005-01-27 05:13 83187 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-07-23 03:42 . 2010-07-23 03:42 45056 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe
2010-07-23 03:42 . 2010-07-23 03:42 44032 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Scripts\devcon.exe
2010-07-23 03:09 . 2005-08-17 15:42 -------- d-----w- c:\program files\Java
2010-07-21 22:55 . 2006-03-17 20:46 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\AdobeUM
2010-07-18 13:57 . 2006-05-06 00:07 2138 ----a-w- c:\documents and settings\HP_Owner\Application Data\wklnhst.dat
2010-07-15 19:15 . 2010-06-12 16:42 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-15 19:15 . 2010-07-15 19:15 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-15 19:13 . 2010-06-12 16:42 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-11 03:11 . 2010-07-11 03:11 -------- d-----w- c:\program files\ESET
2010-07-10 03:37 . 2010-07-10 03:37 -------- d-----w- c:\program files\7-Zip
2010-07-09 21:17 . 2010-07-09 21:17 -------- d-----w- c:\documents and settings\Administrator.CHRIS\Application Data\Malwarebytes
2010-06-30 12:31 . 2004-08-04 12:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-26 23:54 . 2008-12-29 01:48 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-06-26 23:53 . 2008-12-29 01:49 -------- d-----w- c:\program files\DIFX
2010-06-26 23:51 . 2010-06-26 23:51 31287640 ----a-w- c:\documents and settings\All Users\Application Data\Leapfrog\LeapFrog Connect\Updates\UPCInstaller.exe
2010-06-26 23:51 . 2009-12-26 18:50 6178648 ----a-w- c:\documents and settings\All Users\Application Data\Leapfrog\LeapFrog Connect\Updates\TagPlugin.exe
2010-06-24 12:10 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-06-24 12:10 . 2004-08-04 11:00 667136 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 19:39 . 2010-06-23 19:39 501936 ----a-w- c:\documents and settings\All Users\Application Data\Google\Google Toolbar\Update\gtb5.tmp.exe
2010-06-23 13:44 . 2004-08-04 12:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2004-08-04 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2004-08-04 12:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2004-08-04 12:00 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2004-08-04 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-13 15:50 . 2010-06-12 16:42 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2005-11-03 09:09 . 2006-03-16 00:45 22 --sha-w- c:\windows\SMINST\HPCD.SYS
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-26 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-18 61952]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-05 77824]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-05 114688]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-26 245760]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-02-23 278528]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-03-29 155648]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2010-06-10 554328]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-15 2065760]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-12-30 108544]
Picture Package Menu.lnk - c:\program files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2007-12-18 151552]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-15 19:15 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package Menu.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Picture Package Menu.lnk
backup=c:\windows\pss\Picture Package Menu.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher]
2004-10-14 20:54 253952 ----a-w- c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2006-03-29 03:57 155648 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\LeapFrog\\LeapFrog Connect\\LeapFrogConnect.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 sonypvl3;sonypvl3;c:\windows\system32\drivers\sonypvl3.sys [3/22/2008 3:28 PM 19507]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/12/2010 12:42 PM 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/12/2010 12:42 PM 243024]
R1 sonypvf3;sonypvf3;c:\windows\system32\drivers\sonypvf3.sys [3/22/2008 3:28 PM 619390]
R1 sonypvt3;sonypvt3;c:\windows\system32\drivers\sonypvt3.sys [3/22/2008 3:28 PM 423454]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [7/15/2010 3:13 PM 921952]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/15/2010 3:15 PM 308136]
S1 sonypvd3;Sony DVD Handycam;c:\windows\system32\drivers\sonypvd3.sys [3/22/2008 3:28 PM 64964]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/1/2010 10:33 AM 135664]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [12/28/2008 9:49 PM 18560]
.
Contents of the 'Scheduled Tasks' folder

2010-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 14:33]

2010-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 14:33]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearch Page = [You must be registered and logged in to see this link.]
uDefault_Search_URL = [You must be registered and logged in to see this link.]
uSearch Bar = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
uSearchAssistant = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
DPF: Garmin Communicator Plug-In - [You must be registered and logged in to see this link.]
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-08-17 01:33
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\LeapFrog\LeapFrog Connect\CommandService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\HPZipm12.exe
c:\windows\system32\wdfmgr.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-08-17 01:38:43 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-17 05:38

Pre-Run: 72,740,900,864 bytes free
Post-Run: 72,976,646,144 bytes free

- - End Of File - - BD7F6EE0DC02A5EBA063625A995E7D6A

Resto
Intermediate
Intermediate

Posts Posts : 63
Joined Joined : 2009-09-17
OS OS : Windows 7 64 bit
Points Points : 27041
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Browser redirects to Shopica and various sites (Hijacked ?)

Post by Dr Jay on 17th August 2010, 5:55 am

Now, try a CD and let me know if it works.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13743
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302211
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Browser redirects to Shopica and various sites (Hijacked ?)

Post by Resto on 17th August 2010, 6:12 am

No. Not working correctly !

1) Will not recognize blank DVD-R media
- Burning software states "Device not ready...or no media present"
- Endless spinning of disc
- Will sometimes stop disc and eject it when "eject" button is pressed
- Will sometimes open drawer with disc still at full speed when "eject"
button is pressed

2) Played a recorded CD perfectly

Very confusing !

Resto
Intermediate
Intermediate

Posts Posts : 63
Joined Joined : 2009-09-17
OS OS : Windows 7 64 bit
Points Points : 27041
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Browser redirects to Shopica and various sites (Hijacked ?)

Post by Dr Jay on 18th August 2010, 5:48 am

Ohhh, now I get it. I just thought it was with CDs, my bad.

Download and run this tool:
[You must be registered and logged in to see this link.]

It will fix how Windows recognize correct disc types.

==============

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code:
    :reg
    [HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control/Class/4D36E965-E325-11CE-BFC1-08002BE10318]

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13743
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302211
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Browser redirects to Shopica and various sites (Hijacked ?)

Post by Resto on 18th August 2010, 12:50 pm

DragonMaster Jay,

The link provided is not working: [You must be registered and logged in to see this link.]

It generates a 404 Error stating that the requested resource (FixCdRomTypeError.exe) is not available.

Looking forward to your next reply. Thank you.

Resto
Intermediate
Intermediate

Posts Posts : 63
Joined Joined : 2009-09-17
OS OS : Windows 7 64 bit
Points Points : 27041
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Browser redirects to Shopica and various sites (Hijacked ?)

Post by Dr Jay on 18th August 2010, 6:18 pm

Ok. Go ahead with the next step, SystemLook.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13743
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302211
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Browser redirects to Shopica and various sites (Hijacked ?)

Post by Resto on 18th August 2010, 8:58 pm

SystemLook log posted below. Thank you.
------------------------------------------------------------------------------------------
SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 16:55 on 18/08/2010 by HP_Owner (Administrator - Elevation successful)

========== reg ==========

[HKEY_LOCAL_MACHINE]
(No values found)

[HKEY_LOCAL_MACHINE\HARDWARE]

[HKEY_LOCAL_MACHINE\SAM]

[HKEY_LOCAL_MACHINE\SECURITY]

[HKEY_LOCAL_MACHINE\SOFTWARE]

[HKEY_LOCAL_MACHINE\SYSTEM]


-=End Of File=-

Resto
Intermediate
Intermediate

Posts Posts : 63
Joined Joined : 2009-09-17
OS OS : Windows 7 64 bit
Points Points : 27041
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Browser redirects to Shopica and various sites (Hijacked ?)

Post by Dr Jay on 18th August 2010, 9:11 pm

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code:
    :regfind
    UpperFilters
    LowerFilters

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13743
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302211
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Browser redirects to Shopica and various sites (Hijacked ?)

Post by Resto on 18th August 2010, 9:33 pm

OK. Here's the log. Thanks.

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 17:32 on 18/08/2010 by HP_Owner (Administrator - Elevation successful)

========== regfind ==========

Searching for "UpperFilters"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}]
"UpperFilters"="PartMgr"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}]
"UpperFilters"="PartMgr"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}]
"UpperFilters"="PartMgr"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}]
"UpperFilters"="PartMgr"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}]
"UpperFilters"="PartMgr"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}]
"UpperFilters"="PartMgr"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}]
"UpperFilters"="PartMgr"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}]
"UpperFilters"="PartMgr"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
"UpperFilters"="VolSnap"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
"UpperFilters"="VolSnap"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
"UpperFilters"="VolSnap"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
"UpperFilters"="VolSnap"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
"UpperFilters"="VolSnap"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
"UpperFilters"="VolSnap"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
"UpperFilters"="VolSnap"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
"UpperFilters"="VolSnap"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}]
"UpperFilters"="PartMgr"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}]
"UpperFilters"="PartMgr"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}]
"UpperFilters"="PartMgr"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}]
"UpperFilters"="PartMgr"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}]
"UpperFilters"="PartMgr"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}]
"UpperFilters"="PartMgr"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}]
"UpperFilters"="PartMgr"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}]
"UpperFilters"="PartMgr"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
"UpperFilters"="VolSnap"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
"UpperFilters"="VolSnap"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
"UpperFilters"="VolSnap"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
"UpperFilters"="VolSnap"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
"UpperFilters"="VolSnap"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
"UpperFilters"="VolSnap"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
"UpperFilters"="VolSnap"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
"UpperFilters"="VolSnap"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}]
"UpperFilters"="PartMgr"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}]
"UpperFilters"="PartMgr"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}]
"UpperFilters"="PartMgr"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}]
"UpperFilters"="PartMgr"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}]
"UpperFilters"="PartMgr"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}]
"UpperFilters"="PartMgr"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}]
"UpperFilters"="PartMgr"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}]
"UpperFilters"="PartMgr"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
"UpperFilters"="VolSnap"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
"UpperFilters"="VolSnap"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
"UpperFilters"="VolSnap"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
"UpperFilters"="VolSnap"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
"UpperFilters"="VolSnap"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
"UpperFilters"="VolSnap"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
"UpperFilters"="VolSnap"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
"UpperFilters"="VolSnap"

Searching for "LowerFilters"
No data found.

-=End Of File=-

Resto
Intermediate
Intermediate

Posts Posts : 63
Joined Joined : 2009-09-17
OS OS : Windows 7 64 bit
Points Points : 27041
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Browser redirects to Shopica and various sites (Hijacked ?)

Post by Dr Jay on 19th August 2010, 7:01 pm

Please open Notepad and enter in the following:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
"UpperFilters"=-

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
"UpperFilters"=-

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
"UpperFilters"=-
Then, click File > Save as...
Save as upperfilter.reg to your Desktop.
Choose Save as type... All Files.
Click Save.

Then, exit Notepad.

Double-click on upperfilter.reg, and allow it to merge.

Reboot your computer, and try the disc drive again.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13743
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302211
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Browser redirects to Shopica and various sites (Hijacked ?)

Post by Resto on 19th August 2010, 11:01 pm

Unfortunately, this action did not work. Things are actually a bit worse and even more confusing. Here's what I can tell you:

E: drive is now titled DVD-RW Drive. Not sure what it was called before. It is actually a DVD/CD Writer, Player, etc. - so I'm not sure if this is correct.

Commercially purchased, recorded CD and DVD media are recognized and will play correctly.

Recorded media that have been burned on my computer are not recognized. When one of these discs is in the E: drive - clicking on properties shows "0" bytes used, "0" bytes free and "0" bytes capacity. Prior to the last action we took, these media would play.

Blank media (both DVD-R and CD) are not recognized. When a disc is inserted into the E: drive, the disc spins continuously. Clicking on properties gives no information and simply causes a continuous hour glass to appear.

When the button is pressed to eject the unreadable and continuously spinning disc, the drawer will frequently open with the disc still spinning at top speed.

I am sorry that this issue is consuming so much of your time and energy. I hope that you can come up with some additional ideas to help rectify this situation.

Thanks.

Resto
Intermediate
Intermediate

Posts Posts : 63
Joined Joined : 2009-09-17
OS OS : Windows 7 64 bit
Points Points : 27041
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Browser redirects to Shopica and various sites (Hijacked ?)

Post by Dr Jay on 20th August 2010, 8:31 am

Ok. That means the solution did indeed work like planned. However, I think there are more steps to take. No biggie.

Right now, I would like to remove the drive from your system, as if the system has never seen it.

What I want to do is to uninstall the device from the Device Manager, reboot Windows, and see if Windows will install the correct device driver for it.

If not, then we will uninstall it again like above, and immediately after, use the correct device driver for it to be installed.

First, I need to know something, before we proceed, for safety reasons.

Do you have a drivers CD, which may have come with your computer?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13743
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302211
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Browser redirects to Shopica and various sites (Hijacked ?)

Post by Resto on 20th August 2010, 1:16 pm

If correct driver is not installed by Windows after a device uninstall from Device Manager and a reboot, the documentation that came with my computer states that factory-installed drivers can be be reinstalled via the following methods if need be.

It appears that Step 1, below, would be the preferred method if we have to go there !

1. By using the HP Application Recovery program: Start -> All Programs -> PC Help & Tools -> HP Application Recovery -> Driver Installation -> Next -> Select Driver to Install -> Install

2. If the first step is unsuccessful, System Recovery can be run from the Hard Disc Drive. There are two options.

Standard Recovery, which recovers factory-shipped programs, drivers and operating system without affecting any data files....or Full System Recovery, which completely erases and reformats the Hard disc drive.

Start -> All Programs -> PC Help & Tools -> HP PC System Recovery -> You are prompted to confirm that Microsoft System Restore and Driver Rollback has been performed -> If you have not performed the Microsoft System Recovery and Driver Rollback, click Microsoft System Restore and follow onscreen instructions -> If Microsoft System Restore and Driver Rollback has been performed, click Yes to start the recovery process -> Follow onscreen instructions.

3. Run from recovery discs (DVDs) created from my hard disc drive. I created these discs as soon as I purchased the computer.

I hope this gives you the information you need to procedd with your recommended next steps. Looking forward to your reply. Thank you.

Resto
Intermediate
Intermediate

Posts Posts : 63
Joined Joined : 2009-09-17
OS OS : Windows 7 64 bit
Points Points : 27041
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Browser redirects to Shopica and various sites (Hijacked ?)

Post by Dr Jay on 21st August 2010, 5:43 am

Good. ;)

Right-click on My Computer, and click on Manage.

Then, on the left, click on Device Manager.

Find DVD/CD-ROM drives, expand it, and for any listed, right-click and select Uninstall.

Reboot your computer.

On Windows logon, it shall prompt for you to install drivers for CD-ROM device(s). Allow the setup wizard to continue, and install its own driver.

Instead of providing disc, either choose to search via Windows Update, or choose from the list of provided drivers.

Let me know how far you get on this.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13743
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302211
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Browser redirects to Shopica and various sites (Hijacked ?)

Post by Resto on 21st August 2010, 7:07 pm

DragonMaster Jay,

Thanks a million. You have solved my problem.

The uninstall - reboot worked great. Upon reboot, Windows recognized my DVD/CD device and automatically installed the correct drivers.

The device is working perfectly. It reads and writes as it should. Both DVD and CD media (either recorded or blank) are correctly recognized.

I have now burned two DVDs with data I had been wanting to write since this problem began.

Thanks, again, for your tireless patience and willingness to assist.

Resto
Intermediate
Intermediate

Posts Posts : 63
Joined Joined : 2009-09-17
OS OS : Windows 7 64 bit
Points Points : 27041
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Browser redirects to Shopica and various sites (Hijacked ?)

Post by Dr Jay on 21st August 2010, 8:55 pm

Yay. Good news.

I'm glad it worked out. Smile


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13743
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302211
# Likes # Likes : 10

View user profile

Back to top Go down

Page 1 of 2 1, 2  Next

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum