Jump to content

dmueller375

Members
 View Profile  See their activity

  • Posts

    18

  • Joined

  • Last visited

Reputation

0 Neutral
  1. dmueller375
    Hi Elise, No problems, all is good. Thank you so much!! Gratefully Dave
  2. dmueller375
    Thanks again for the great explanation Elise. I was more nervous about blocked communication because the target was the ccvchst file, which is similar in name to ccsvhst.exe I discovered was taking up a large % of system cpu when I was first infected, as discovered through windows task manager. I'm sure all is fine, I'll report back to you tommorrow. Dave
  3. dmueller375
    Hi and thank you so much Elise, I'm sure you are right the pc is now clean, but...... I'm a bit nervous because the norton virus warning was similar to what i received before you were helping me. Is it possible to wait closing out this topic until we run the pc another day and I report back to you tommorrow evening? Dave
  4. dmueller375
    ESET scan results: C:\HelpAsst_backup\C\DOCUME~1\HELPAS~1\Application Data\Sun\Java\Deployment\cache\6.0\31\ba6991f-7a05e3f3 Java/TrojanDownloader.Agent.NAM trojan deleted - quarantined C:\HelpAsst_backup\C\DOCUME~1\HELPAS~1\Application Data\Sun\Java\Deployment\cache\6.0\36\7945eda4-36b6eb9e multiple threats deleted - quarantined While the ESET Scan was running, Norton gave me the following: ATIPI.SYS.vir This file requires manual removal Infected file: c:\Qoobox\quarantine\C\windows\system32\drivers\atapi.sys.vir manual removal required Infected file: c:\system volume information\_restore{b37680b2\ba0a-4e5d-bf30-83e44c588624}\RP1\A0000032.sys no fix attempted Please note I could not copy and paste the Norton results - I attempted to exactly retype but there may be mistakes Also: Unauthorized Access blocked Actor: C\windows\explorer.exe Actor pid: 1868 Target: \device\harddiskvolume2\program files\Norton Security Suite\engine\4.1.0.32\ccvchst.exe target PID: 2980 action: send terminate message to windows reaction: unauthorized access blocked
  5. dmueller375
    Hi Elise, I'm back. We can now access this pc from user name Kate. Great Job!!! All processes killed ========== OTL ========== HKU\S-1-5-21-2056517334-3818234146-3613033903-1012\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! HKU\S-1-5-21-2056517334-3818234146-3613033903-1012\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully! HKU\S-1-5-21-2056517334-3818234146-3613033903-1012\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully! ========== COMMANDS ========== [EMPTYTEMP] User: Administrator User: Administrator.FAMILY ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes ->Flash cache emptied: 348 bytes User: All Users User: Celia ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 469 bytes ->Java cache emptied: 64023560 bytes ->Flash cache emptied: 81929 bytes User: Dave ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 298245 bytes ->Java cache emptied: 236893853 bytes ->Flash cache emptied: 689132 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes User: Karen ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 6924750 bytes ->Java cache emptied: 33322382 bytes ->Flash cache emptied: 11943 bytes User: Kate ->Temp folder emptied: 687 bytes ->Temporary Internet Files folder emptied: 6680874 bytes ->Java cache emptied: 58218360 bytes ->Flash cache emptied: 1294381 bytes User: LocalService ->Temp folder emptied: 65748 bytes ->Temporary Internet Files folder emptied: 2366786 bytes ->Flash cache emptied: 348 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 735314 bytes ->Java cache emptied: 4493 bytes ->Flash cache emptied: 11343 bytes User: Owner %systemdrive% .tmp files removed: 14648 bytes %systemroot% .tmp files removed: 137401 bytes %systemroot%\System32 .tmp files removed: 26721297 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 802091 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 38393 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 419.00 mb OTL by OldTimer - Version 3.2.4.1 log created on 05292010_191642 Files\Folders moved on Reboot... File\Folder C:\WINDOWS\temp\Perflib_Perfdata_64c.dat not found! Registry entries deleted on Reboot...
  6. dmueller375
    Hi Elise, It depends on what you mean by "here", lol. I'm working away from the the infecteted / cleaned pc, I should be back to try your latest fix in the next 2 or 3 days. I appreciate your help and will certainly let you know the outcomes / post the results as requested. Hope your day is great! Dave
  7. dmueller375
    OTL logfile created on: 5/24/2010 1:29:31 PM - Run 5 OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Karen\My Documents Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 83.00% Memory free 3.00 Gb Paging File | 3.00 Gb Available in Paging File | 88.00% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 111.72 Gb Total Space | 33.06 Gb Free Space | 29.59% Space Free | Partition Type: NTFS Drive D: | 124.03 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: FAMILY Current User Name: Kate Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2010/05/17 08:39:58 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Karen\My Documents\OTL.exe PRC - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2010/02/25 18:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\4.1.0.32\ccsvchst.exe PRC - [2009/05/21 10:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe PRC - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007/08/27 10:36:34 | 000,111,912 | ---- | M] (SingleClick Systems) -- C:\Program Files\Dell Network Assistant\hnm_svc.exe PRC - [2007/01/04 16:38:18 | 000,112,336 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe PRC - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe PRC - [2003/10/29 02:06:00 | 000,024,576 | R--- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe PRC - [2003/06/18 09:54:10 | 000,294,972 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\SYSTEM32\DRIVERS\KodakCCS.exe PRC - [2003/02/04 08:22:30 | 000,181,312 | ---- | M] () -- C:\WINDOWS\SYSTEM32\ScsiAccess.EXE PRC - [2002/10/16 20:20:20 | 000,073,728 | ---- | M] () -- C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe ========== Modules (SafeList) ========== MOD - [2010/05/17 08:39:58 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Karen\My Documents\OTL.exe MOD - [2010/03/26 18:52:36 | 000,415,088 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\4.1.0.32\asoehook.dll MOD - [2009/07/12 03:02:02 | 000,653,120 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton Security Suite\Engine\4.1.0.32\microsoft.vc90.crt\msvcr90.dll MOD - [2009/07/12 03:02:00 | 000,569,664 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton Security Suite\Engine\4.1.0.32\microsoft.vc90.crt\msvcp90.dll MOD - [2008/04/13 19:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\msscript.ocx ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- -- (MSSQLServerADHelper) SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2010/02/25 18:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [unknown | Running] -- C:\Program Files\Norton Security Suite\Engine\4.1.0.32\ccSvcHst.exe -- (N360) SRV - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) SRV - [2008/03/18 16:52:32 | 000,020,480 | ---- | M] (Intuit) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService) SRV - [2007/08/27 10:36:34 | 000,111,912 | ---- | M] (SingleClick Systems) [Auto | Running] -- C:\Program Files\Dell Network Assistant\hnm_svc.exe -- (hnmsvc) SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService) SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service) SRV - [2006/11/09 18:30:14 | 000,065,536 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService) SRV - [2004/11/02 17:59:50 | 000,316,544 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Security Center\symwsc.exe -- (SymWSC) SRV - [2003/06/18 09:54:10 | 000,294,972 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\KodakCCS.exe -- (KodakCCS) SRV - [2003/03/03 13:33:40 | 000,143,360 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc) SRV - [2003/02/04 08:22:30 | 000,181,312 | ---- | M] () [Auto | Running] -- C:\WINDOWS\SYSTEM32\ScsiAccess.EXE -- (ScsiAccess) ========== Driver Services (SafeList) ========== DRV - [2010/05/22 21:57:48 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\SYMEVENT.SYS -- (SymEvent) DRV - [2010/05/22 01:00:00 | 001,347,504 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100524.002\NAVEX15.SYS -- (NAVEX15) DRV - [2010/05/22 01:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2010/05/22 01:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2010/05/22 01:00:00 | 000,085,552 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100524.002\NAVENG.SYS -- (NAVENG) DRV - [2010/04/29 12:44:04 | 000,537,136 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100429.001\BHDrvx86.sys -- (BHDrvx86) DRV - [2010/02/26 21:23:54 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0401000.020\Ironx86.SYS -- (SymIRON) DRV - [2010/02/26 21:23:21 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\N360\0401000.020\SRTSP.SYS -- (SRTSP) DRV - [2010/02/26 21:23:21 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0401000.020\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL) DRV - [2010/02/25 18:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0401000.020\ccHPx86.sys -- (ccHP) DRV - [2009/11/26 01:41:48 | 000,172,592 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0401000.020\SYMEFA.SYS -- (SymEFA) DRV - [2009/11/21 19:43:48 | 000,362,032 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0401000.020\SYMTDI.SYS -- (SYMTDI) DRV - [2009/11/16 19:51:14 | 000,329,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20100513.002\IDSXpx86.sys -- (IDSxpx86) DRV - [2009/10/14 22:50:05 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0401000.020\SYMDS.SYS -- (SymDS) DRV - [2008/04/13 13:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM) DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp) DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp) DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys -- (dsunidrv) DRV - [2006/12/18 18:01:20 | 000,012,672 | ---- | M] (SingleClick Systems) [Kernel | Auto | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\packet.sys -- (Packet) DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct) DRV - [2006/08/11 21:42:42 | 003,958,496 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -- (nv) DRV - [2004/08/04 00:29:49 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4) DRV - [2004/08/04 00:29:47 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3) DRV - [2004/08/04 00:29:45 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4) DRV - [2004/08/04 00:29:43 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3) DRV - [2004/08/04 00:29:42 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1) DRV - [2004/08/04 00:29:41 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0) DRV - [2004/08/04 00:29:37 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0) DRV - [2004/08/04 00:29:37 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1) DRV - [2004/08/04 00:29:37 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2) DRV - [2004/08/04 00:29:36 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x) DRV - [2004/04/23 22:43:00 | 000,374,752 | ---- | M] (Cisco-Linksys, LLC.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\WUSBGXP.sys -- (PRISM_A02) DRV - [2003/11/17 15:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSFHWBS2.sys -- (HSFHWBS2) DRV - [2003/11/17 15:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_CNXT.sys -- (winachsf) DRV - [2003/11/17 15:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DP.sys -- (HSF_DP) DRV - [2003/09/25 22:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\GTNDIS5.sys -- (GTNDIS5) DRV - [2003/08/06 01:04:00 | 000,100,373 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudfa.sys -- (tfsnudfa) DRV - [2003/08/06 01:04:00 | 000,098,068 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudf.sys -- (tfsnudf) DRV - [2003/08/06 01:04:00 | 000,083,284 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnifs.sys -- (tfsnifs) DRV - [2003/08/06 01:04:00 | 000,034,837 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsncofs.sys -- (tfsncofs) DRV - [2003/08/06 01:04:00 | 000,025,685 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnboio.sys -- (tfsnboio) DRV - [2003/08/06 01:04:00 | 000,014,229 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnopio.sys -- (tfsnopio) DRV - [2003/08/06 01:04:00 | 000,006,357 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnpool.sys -- (tfsnpool) DRV - [2003/08/06 01:04:00 | 000,004,117 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndrct.sys -- (tfsndrct) DRV - [2003/08/06 01:04:00 | 000,002,233 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndres.sys -- (tfsndres) DRV - [2003/07/31 03:21:00 | 000,084,576 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb) DRV - [2003/07/14 11:28:40 | 000,005,621 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys -- (sscdbhk5) DRV - [2003/07/14 11:28:22 | 000,023,219 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys -- (ssrtln) DRV - [2003/06/20 02:56:00 | 000,040,448 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys -- (drvnddm) DRV - [2003/06/18 09:53:08 | 000,138,485 | ---- | M] (Eastman Kodak Company) [Kernel | System | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ExportIt.sys -- (Exportit) DRV - [2003/06/18 09:53:08 | 000,063,002 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\DcPtp.sys -- (DcPTP) DRV - [2003/06/18 09:53:08 | 000,061,568 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\DcFpoint.sys -- (DcFpoint) DRV - [2003/06/18 09:53:08 | 000,038,997 | ---- | M] (Eastman Kodak Company) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\DCFS2k.sys -- (DCFS2K) DRV - [2003/06/18 09:53:08 | 000,036,826 | ---- | M] (Eastman Kodak Company) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\DcCam.sys -- (DcCam) DRV - [2003/06/18 09:53:08 | 000,008,058 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\DcLps.sys -- (DcLps) DRV - [2002/11/08 13:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci) DRV - [2002/10/15 22:41:06 | 000,102,220 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\sonypvs1.sys -- (sonypvs1) DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow) DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3) DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi) DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx) DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810) DRV - [2001/08/17 13:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys -- (MODEMCSA) DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra) DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160) DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080) DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280) DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k) DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x) DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc) DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550) DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde) DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde) DRV - [2001/08/17 12:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC) DRV - [2000/03/29 17:11:20 | 000,008,096 | ---- | M] (MicroStaff Co.,Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\MASPINT.SYS -- (MASPINT) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0 IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2056517334-3818234146-3613033903-1012\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway IE - HKU\S-1-5-21-2056517334-3818234146-3613033903-1012\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKU\S-1-5-21-2056517334-3818234146-3613033903-1012\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKU\S-1-5-21-2056517334-3818234146-3613033903-1012\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8 IE - HKU\S-1-5-21-2056517334-3818234146-3613033903-1012\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKU\S-1-5-21-2056517334-3818234146-3613033903-1012\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - Reg Error: Key error. File not found IE - HKU\S-1-5-21-2056517334-3818234146-3613033903-1012\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKU\S-1-5-21-2056517334-3818234146-3613033903-1012\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-21-2056517334-3818234146-3613033903-1012\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555 FF - HKLM\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\ [2010/05/23 23:09:58 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\ [2010/05/22 21:58:36 | 000,000,000 | ---D | M] O1 HOSTS File: ([2002/08/29 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\4.1.0.32\coieplg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\4.1.0.32\ipsbho.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.1.0.32\coieplg.dll (Symantec Corporation) O3 - HKU\S-1-5-21-2056517334-3818234146-3613033903-1012\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O3 - HKU\S-1-5-21-2056517334-3818234146-3613033903-1012\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\S-1-5-21-2056517334-3818234146-3613033903-1012\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.1.0.32\coieplg.dll (Symantec Corporation) O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation) O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Dell Network Assistant.lnk = C:\WINDOWS\Installer\{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB3.exe () O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2056517334-3818234146-3613033903-1012\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab (MSN Games
  8. dmueller375
    Hi Elise, hope all is well with you, I uninstalled and reinstalled Norton to make it work right. Using the disk that came with Linksys I tried to reinstall, but it made me stop because I was already contected to the internet. I went to add/remove programs and removed the only linksys program, for the wireless adapter, which we don't use as this pc is cable conected to our router. I can ping and recieve pings back under user name Kate, but still cannont connect with explorer. It's not urgent as all other users connect just fine, but I would like to figure it out. All other aspects of the pc work as good or better / faster than before. Thank you again!! I will again be leaving later today and will not return to this computer until Friday. Dave
  9. dmueller375
    When I sign out of user name Kate I get the msg WUSB54Gv2.exe - application error. Click ok to terminate the program, which is what I do, or click on cancel to debug the program.
  10. dmueller375
    One other problem persists. When signed in under user name Kate, which is where the initial infection occured, a box pops up. One the top is Just in Time Debugging, then An exception 'Runtime Error' has occured. Possible debugger, and highlighted is: New instance of Microsoft Script Editor. A box is checked in front of the line, Set the currently selected debugger as the default, and then at the bottom, Do you want to debug using the selected debugger? and finally, a yes and a no button. When I click no and proceed, I am unable to access the internet through explorer. I'm nervous about debugging this issue that arrived at the same time as the infection. What shoud I do? Dave
  11. dmueller375
    Thank you sooooo much Elise!!! I've been afraid to do much, but it seems fine. I uninstalled Vuze, not sure what that was used for, I'll ask my kids. Wow, the old versions of Java took up a lot of space, thanks for that tip. My Norton AV program seems to be messed up, I'll play with that later, I wanted to run Malwarebytes before I fully reinstated Norton. Here is the log: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4131 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 5/22/2010 9:15:14 PM mbam-log-2010-05-22 (21-15-14).txt Scan type: Full scan (C:\|) Objects scanned: 501908 Time elapsed: 2 hour(s), 22 minute(s), 27 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 12 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 3 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{6c092742-10fe-4db2-988d-fc71948de70c} (Adware.180Solutions) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{7fa8976f-d00c-4e98-8729-a66569233fb5} (Adware.180Solutions) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{a16650a9-b065-40ec-bbd1-f8d370d17fb1} (Adware.180Solutions) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{bdddf1a5-51a9-4f51-b38d-4cd0ad831b31} (Adware.180Solutions) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{dd469a88-316c-441d-b712-783d9b9a6707} (Adware.180Solutions) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{e43dfaa6-8c16-4519-b022-8792408505a4} (Adware.180Solutions) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\{d28cd14c-50be-4cfa-951e-b37f25da3472} (Adware.180Solutions) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{981bda1d-c8ad-46ff-be2c-fddd859ac6f5} (Adware.180Solutions) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Documents and Settings\Dave\Application Data\Move Networks\MoveMediaPlayer_07103010.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\HelpAsst_backup\C\DOCUME~1\HELPAS~1\Application Data\Move Networks\MoveMediaPlayer_07103010.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP3\A0001920.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
  12. dmueller375
    ComboFix 10-05-21.06 - Karen 05/22/2010 9:39.2.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2559.2082 [GMT -5:00] Running from: c:\documents and settings\Karen\Desktop\ComboFix.exe AV: Norton Security Suite *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton Security Suite *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2010-04-22 to 2010-05-22 ))))))))))))))))))))))))))))))) . 2010-05-22 11:32 . 2010-05-22 11:32 -------- d-----w- C:\HelpAsst_backup 2010-05-16 12:51 . 2010-05-16 12:51 -------- d-----w- c:\documents and settings\Karen\Local Settings\Application Data\Symantec 2010-05-15 13:45 . 2010-05-15 13:45 -------- d-sh--w- c:\documents and settings\Administrator.FAMILY\PrivacIE 2010-05-15 04:55 . 2010-05-15 04:55 -------- d-----w- c:\documents and settings\Administrator.FAMILY\Local Settings\Application Data\Symantec 2010-05-13 17:55 . 2010-05-13 17:58 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe 2010-05-12 20:27 . 2010-05-13 17:55 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-05-12 20:27 . 2010-05-12 20:27 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer 2010-05-11 23:35 . 2010-05-11 23:35 -------- d-----w- c:\documents and settings\Kate\Local Settings\Application Data\ukoahkbnu 2010-05-11 23:35 . 2010-05-11 23:35 -------- d-----w- c:\documents and settings\Kate\Local Settings\Application Data\olyxhvdag 2010-05-11 23:26 . 2010-05-11 23:26 -------- d-sh--w- c:\documents and settings\Administrator.FAMILY\IETldCache 2010-05-04 23:38 . 2010-05-04 23:38 -------- d---a-w- c:\program files\Norton Support 2010-05-04 23:37 . 2010-05-04 23:37 -------- d-----w- c:\documents and settings\Kate\Local Settings\Application Data\Symantec 2010-04-29 21:21 . 2010-04-29 21:21 -------- d-----w- c:\program files\iPod 2010-04-29 21:12 . 2010-04-29 21:12 -------- d-----w- c:\program files\Bonjour 2010-04-29 21:10 . 2010-04-29 21:10 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe 2010-04-29 15:46 . 2010-04-29 15:47 -------- d-----w- c:\program files\Masquerade Mysteries - The Case of the Copycat Curator . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-22 14:21 . 2007-01-17 18:20 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-05-13 14:21 . 2004-05-05 13:50 -------- d-----w- c:\program files\Symantec 2010-04-30 04:23 . 2010-04-09 20:08 -------- d-----w- c:\program files\iTunes 2010-04-29 21:27 . 2010-04-07 02:22 -------- d-----w- c:\documents and settings\Kate\Application Data\Azureus 2010-04-29 21:21 . 2007-12-27 17:48 -------- d-----w- c:\program files\Common Files\Apple 2010-04-29 21:14 . 2007-04-15 21:03 -------- d-----w- c:\documents and settings\Kate\Application Data\Apple Computer 2010-04-10 18:48 . 2010-04-10 18:48 -------- d-----w- c:\documents and settings\Karen\Application Data\Apple Computer 2010-04-09 20:09 . 2010-04-09 20:08 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} 2010-04-08 18:20 . 2010-04-08 18:20 91424 ----a-w- c:\windows\system32\dnssd.dll 2010-04-08 18:20 . 2010-04-08 18:20 107808 ----a-w- c:\windows\system32\dns-sd.exe 2010-04-07 02:42 . 2010-04-07 02:41 -------- d-----w- c:\program files\QuickTime 2010-04-07 02:31 . 2010-04-07 02:31 4141117 ----a-w- c:\documents and settings\Kate\Application Data\Azureus\plugins\vuzexcode\mediainfo.exe 2010-04-07 02:31 . 2010-04-07 02:30 7282688 ----a-w- c:\documents and settings\Kate\Application Data\Azureus\plugins\vuzexcode\ffmpeg.exe 2010-04-07 02:22 . 2010-04-07 02:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Azureus 2010-04-07 02:21 . 2010-04-07 02:21 -------- d-----w- c:\program files\Vuze 2010-04-04 13:44 . 2010-04-04 13:44 61440 ----a-w- c:\documents and settings\Kate\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2bb0ba81-n\decora-sse.dll 2010-04-04 13:44 . 2010-04-04 13:44 503808 ----a-w- c:\documents and settings\Kate\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-1a6fb00a-n\msvcp71.dll 2010-04-04 13:44 . 2010-04-04 13:44 499712 ----a-w- c:\documents and settings\Kate\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-1a6fb00a-n\jmc.dll 2010-04-04 13:44 . 2010-04-04 13:44 348160 ----a-w- c:\documents and settings\Kate\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-1a6fb00a-n\msvcr71.dll 2010-04-04 13:44 . 2010-04-04 13:44 12800 ----a-w- c:\documents and settings\Kate\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2bb0ba81-n\decora-d3d.dll 2010-04-03 23:38 . 2004-07-14 18:55 -------- d-----w- c:\program files\Common Files\Java 2010-04-03 23:32 . 2010-04-03 23:32 503808 ----a-w- c:\documents and settings\Dave\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6debc0d6-n\msvcp71.dll 2010-04-03 23:32 . 2010-04-03 23:32 499712 ----a-w- c:\documents and settings\Dave\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6debc0d6-n\jmc.dll 2010-04-03 23:32 . 2010-04-03 23:32 348160 ----a-w- c:\documents and settings\Dave\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6debc0d6-n\msvcr71.dll 2010-04-03 23:32 . 2010-04-03 23:32 12800 ----a-w- c:\documents and settings\Dave\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-14fe8ed0-n\decora-d3d.dll 2010-04-03 23:32 . 2010-04-03 23:32 61440 ----a-w- c:\documents and settings\Dave\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-14fe8ed0-n\decora-sse.dll 2010-04-03 23:32 . 2004-05-05 13:28 -------- d-----w- c:\program files\Java 2010-03-30 17:13 . 2010-03-30 17:12 -------- d-----w- c:\program files\Zuma Deluxe 2010-03-30 16:09 . 2010-03-30 16:09 -------- d-----w- c:\documents and settings\Kate\Application Data\QB9 2010-03-30 16:09 . 2010-03-30 16:07 -------- d-----w- c:\program files\Doors of the Mind - Inner Mysteries 2010-03-30 15:55 . 2010-03-30 15:55 -------- d-----w- c:\documents and settings\Kate\Application Data\Merscom 2010-03-30 15:55 . 2009-11-11 04:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Merscom 2010-03-30 15:54 . 2010-03-30 15:53 -------- d-----w- c:\program files\Alice in Wonderland 2010-03-30 15:51 . 2008-09-16 20:02 -------- d-----w- c:\program files\bfgclient 2010-03-30 15:51 . 2010-03-30 15:50 3085800 ----a-w- c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\Unpack\bfgsetup_s1_l1.exe 2010-03-26 19:46 . 2010-02-02 23:26 -------- d-----w- c:\program files\Safari 2010-03-26 19:03 . 2010-03-26 19:03 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.22.7\SetupAdmin.exe 2010-03-16 00:36 . 2004-05-08 04:17 85584 -c--a-w- c:\documents and settings\Dave\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-03-14 19:44 . 2004-05-08 14:23 85584 -c--a-w- c:\documents and settings\Kate\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-03-12 19:58 . 2010-03-12 19:58 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL 2010-03-12 19:58 . 2010-03-12 19:58 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2010-03-12 19:58 . 2010-03-13 21:53 217136 ----a-w- c:\windows\system32\drivers\symtdi.sys 2010-03-12 19:58 . 2010-03-13 21:53 43696 ----a-w- c:\windows\system32\drivers\srtspx.sys 2010-03-12 19:58 . 2010-03-13 21:53 310320 ----a-w- c:\windows\system32\drivers\SymEFA.sys 2010-03-12 19:58 . 2010-03-13 21:53 308272 ----a-w- c:\windows\system32\drivers\srtsp.sys 2010-03-12 19:58 . 2010-03-12 19:58 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys 2010-03-12 19:58 . 2010-03-13 21:53 482432 ----a-w- c:\windows\system32\drivers\cchpx86.sys 2010-03-12 19:58 . 2010-03-13 21:53 259632 ----a-w- c:\windows\system32\drivers\BHDrvx86.sys 2010-03-12 19:58 . 2008-01-29 17:01 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys 2010-03-12 19:58 . 2008-01-29 17:02 107368 ----a-r- c:\windows\system32\GEARAspi.dll 2010-03-10 06:15 . 2002-08-29 10:00 420352 ----a-w- c:\windows\system32\vbscript.dll 2010-03-09 09:28 . 2008-12-04 18:46 411368 ----a-w- c:\windows\system32\deploytk.dll 2010-03-01 01:51 . 2009-09-24 19:23 65028 ---ha-w- c:\windows\system32\mlfcache.dat 2010-02-25 06:24 . 2004-02-06 23:05 916480 ----a-w- c:\windows\system32\wininet.dll 2010-02-24 13:11 . 2002-08-29 10:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2008-09-29 19:18 . 2006-11-08 23:30 328 ----a-w- c:\program files\LRHA.QBW.ND 2008-09-29 19:18 . 2006-11-08 23:30 196608 ----a-r- c:\program files\LRHA.QBW.TLG 2008-09-29 19:18 . 2006-11-08 23:29 16916480 ----a-r- c:\program files\LRHA.QBW 2001-09-28 23:00 . 2007-06-14 22:08 164864 ----a-w- c:\program files\UNWISE.EXE . ((((((((((((((((((((((((((((( SnapShot@2010-05-16_13.05.38 ))))))))))))))))))))))))))))))))))))))))) . + 2010-05-22 14:11 . 2010-05-22 14:11 16384 c:\windows\Temp\Perflib_Perfdata_768.dat + 2010-05-22 14:10 . 2010-05-22 14:10 16384 c:\windows\Temp\Perflib_Perfdata_70c.dat + 2004-05-05 13:44 . 2010-05-18 08:44 23040 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe - 2004-05-05 13:44 . 2010-04-14 15:42 23040 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe + 2004-05-05 13:44 . 2010-05-18 08:44 61440 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\pubs.exe - 2004-05-05 13:44 . 2010-04-14 15:42 61440 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\pubs.exe + 2004-05-05 13:44 . 2010-05-18 08:44 27136 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe - 2004-05-05 13:44 . 2010-04-14 15:42 27136 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe - 2004-05-05 13:44 . 2010-04-14 15:42 11264 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe + 2004-05-05 13:44 . 2010-05-18 08:44 11264 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe + 2004-05-05 13:44 . 2010-05-18 08:44 12288 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe - 2004-05-05 13:44 . 2010-04-14 15:42 12288 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe - 2004-05-05 13:44 . 2010-04-14 15:42 4096 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe + 2004-05-05 13:44 . 2010-05-18 08:44 4096 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe - 2004-06-07 19:19 . 2008-04-11 19:04 691712 c:\windows\SYSTEM32\inetcomm.dll + 2004-06-07 19:19 . 2010-01-29 15:01 691712 c:\windows\SYSTEM32\inetcomm.dll + 2008-08-12 18:28 . 2010-01-29 15:01 691712 c:\windows\SYSTEM32\DLLCACHE\inetcomm.dll - 2008-08-12 18:28 . 2008-04-11 19:04 691712 c:\windows\SYSTEM32\DLLCACHE\inetcomm.dll + 2004-05-05 13:44 . 2010-05-18 08:44 409600 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe - 2004-05-05 13:44 . 2010-04-14 15:42 409600 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe + 2004-05-05 13:44 . 2010-05-18 08:44 286720 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe - 2004-05-05 13:44 . 2010-04-14 15:42 286720 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe + 2004-05-05 13:44 . 2010-05-18 08:44 249856 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\pptico.exe - 2004-05-05 13:44 . 2010-04-14 15:42 249856 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\pptico.exe - 2004-05-05 13:44 . 2010-04-14 15:42 794624 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\outicon.exe + 2004-05-05 13:44 . 2010-05-18 08:44 794624 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\outicon.exe + 2004-05-05 13:44 . 2010-05-18 08:44 135168 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\misc.exe - 2004-05-05 13:44 . 2010-04-14 15:42 135168 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\misc.exe + 2004-05-05 13:44 . 2010-05-18 08:44 593920 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\accicons.exe - 2004-05-05 13:44 . 2010-04-14 15:42 593920 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\accicons.exe - 2009-08-12 01:36 . 2009-07-10 13:27 1315328 c:\windows\SYSTEM32\DLLCACHE\msoe.dll + 2009-08-12 01:36 . 2010-01-29 15:01 1315328 c:\windows\SYSTEM32\DLLCACHE\msoe.dll + 2009-10-16 23:07 . 2009-10-16 23:07 6115328 c:\windows\Installer\1534bb0.msp + 2010-04-21 22:46 . 2010-04-21 22:46 5522432 c:\windows\Installer\13193ca.msp + 2005-05-11 12:43 . 2010-04-30 18:51 32058312 c:\windows\SYSTEM32\MRT.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-12 7630848] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" [2008-04-14 53760] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Dell Network Assistant.lnk - c:\windows\Installer\{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB3.exe [2007-4-23 7168] Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2004-5-5 24576] Image Transfer.lnk - c:\program files\Sony Corporation\Image Transfer\SonyTray.exe [2007-3-18 73728] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys] @="FSFilter Activity Monitor" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate] 2007-10-10 00:57 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW4] 2007-03-16 12:51 715888 ----a-w- c:\program files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealPlayer] 2006-05-24 00:53 208941 ----a-w- c:\program files\Real\RealPlayer\realplay.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\SYSTEM32\\mmc.exe"= "c:\\WINDOWS\\system32"= "c:\\Program Files\\AIM\\aim.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe"= "c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"= "c:\\Program Files\\Vuze\\Azureus.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "10421:UDP"= 10421:UDP:SingleClick Discovery Protocol "10426:UDP"= 10426:UDP:SingleClick ICC R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe [3/13/2010 4:51 PM 117640] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/10/2007 2:06 PM 24652] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [3/13/2010 4:54 PM 102448] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0308000.029\SYMEFA.SYS --> c:\windows\system32\drivers\N360\0308000.029\SYMEFA.SYS [?] S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\Drivers\N360\0308000.029\BHDrvx86.sys --> c:\windows\system32\Drivers\N360\0308000.029\BHDrvx86.sys [?] S1 ccHP;Symantec Hash Provider;c:\windows\system32\Drivers\N360\0308000.029\ccHPx86.sys --> c:\windows\system32\Drivers\N360\0308000.029\ccHPx86.sys [?] S1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100513.002\IDSXpx86.sys [5/21/2010 6:05 PM 329592] S3 cdiskdun;cdiskdun;\??\c:\docume~1\Celia\LOCALS~1\Temp\cdiskdun.sys --> c:\docume~1\Celia\LOCALS~1\Temp\cdiskdun.sys [?] . Contents of the 'Scheduled Tasks' folder 2010-04-30 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34] 2010-05-22 c:\windows\Tasks\User_Feed_Synchronization-{C44E6475-8385-4B3B-9338-BB2EDA7DD622}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 09:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mSearch Bar = uInternet Settings,ProxyOverride = localhost;*.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 DPF: ppctlcab - hxxp://www.pestscan.com/scanner/ppctlcab.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-05-22 09:57 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\N360] "ImagePath"="\"c:\program files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\3.8.0.41\diMaster.dll\" /prefetch:1" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(1228) c:\windows\system32\WININET.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2010-05-22 10:01:10 ComboFix-quarantined-files.txt 2010-05-22 15:01 ComboFix2.txt 2010-05-16 13:09 Pre-Run: 35,614,257,152 bytes free Post-Run: 35,570,520,064 bytes free - - End Of File - - CE3C2185B435433952DC874F140B2C78
  13. dmueller375
    C:\Documents and Settings\Karen\Desktop\HelpAsst_mebroot_fix.exe Sat 05/22/2010 at 6:32:47.25 HelpAssistant account is Active ~ attempting to de-activate Account active Yes Local Group Memberships *Administrators HelpAssistant successfully set Inactive ~~ Checking for termsrv32.dll ~~ termsrv32.dll present! ~ attempting to remove termsrv32.dll successfully removed ~~ Checking firewall ports ~~ backing up DomainProfile\GloballyOpenPorts\List registry key closing rogue ports HKLM\~\services\sharedaccess\parameters\firewallpolicy\domainprofile\globallyopenports\list "65533:TCP"=- "52344:TCP"=- "5878:TCP"=- "5879:TCP"=- "3389:TCP"=- "5421:TCP"=- "9342:TCP"=- "9993:TCP"=- "9994:TCP"=- "9665:TCP"=- "9666:TCP"=- "3881:TCP"=- "6262:TCP"=- backing up StandardProfile\GloballyOpenPorts\List registry key closing rogue ports HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\globallyopenports\list "65533:TCP"=- "52344:TCP"=- "5878:TCP"=- "5879:TCP"=- "3389:TCP"=- "5421:TCP"=- "9342:TCP"=- "9993:TCP"=- "9994:TCP"=- "9665:TCP"=- "9666:TCP"=- "3881:TCP"=- "6262:TCP"=- ~~ Checking profile list ~~ HelpAssistant profile found in registry ~ backing up and removing S-1-5-21-2056517334-3818234146-3613033903-1008 HelpAssistant profile directory exists at C:\Documents and Settings\HelpAssistant ~ attempting to remove ~ All C:\Documents and Settings\HelpAssistant files successfully removed ~ ~~ Checking mbr ~~ mbr infection detected! ~ running mbr -f Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully kernel: MBR read successfully detected MBR rootkit hooks: \Driver\atapi -> 0x8a8126a8 NDIS: Intel® PRO/100 VE Network Connection -> SendCompleteHandler -> 0x8a4975c0 Warning: possible MBR rootkit infection ! copy of MBR has been found in sector 0x0DF83CBD malicious code @ sector 0x0DF83CC0 ! PE file found in sector at 0x0DF83CD6 ! MBR rootkit infection detected ! Use: "mbr.exe -f" to fix. original MBR restored successfully ! Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully kernel: MBR read successfully detected MBR rootkit hooks: \Driver\atapi -> 0x8a8126a8 NDIS: Intel® PRO/100 VE Network Connection -> SendCompleteHandler -> 0x8a4975c0 Warning: possible MBR rootkit infection ! user & kernel MBR OK copy of MBR has been found in sector 0x0DF83CBD malicious code @ sector 0x0DF83CC0 ! PE file found in sector at 0x0DF83CD6 ! Use "Recovery Console" command "fixmbr" to clear infection ! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Status check on Sat 05/22/2010 at 7:25:45.60 Account active No Local Group Memberships ~~ Checking mbr ~~ Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS kernel: MBR read successfully user & kernel MBR OK copy of MBR has been found in sector 0x0DF83CBD malicious code @ sector 0x0DF83CC0 ! PE file found in sector at 0x0DF83CD6 ! ~~ Checking for termsrv32.dll ~~ termsrv32.dll not found HKEY_LOCAL_MACHINE\system\currentcontrolset\services\termservice\parameters ServiceDll REG_EXPAND_SZ %systemroot%\System32\termsrv.dll ~~ Checking profile list ~~ No HelpAssistant profile in registry ~~ Checking for HelpAssistant directories ~~ none found ~~ Checking firewall ports ~~ [HKLM\~\services\sharedaccess\parameters\firewallpolicy\domainprofile\GloballyOpenPorts\List] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] ~~ EOF ~~
  14. dmueller375
    OTL Extras logfile created on: 5/18/2010 6:11:36 AM - Run 4 OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Karen\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 89.00% Memory free 3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 111.72 Gb Total Space | 36.20 Gb Free Space | 32.40% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: FAMILY Current User Name: Karen Logged in as Administrator. Current Boot Mode: SafeMode Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 1 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 "65533:TCP" = 65533:TCP:*:Enabled:Services "52344:TCP" = 52344:TCP:*:Enabled:Services "5878:TCP" = 5878:TCP:*:Enabled:Services "5879:TCP" = 5879:TCP:*:Enabled:Services "3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop "5421:TCP" = 5421:TCP:*:Enabled:Services "9342:TCP" = 9342:TCP:*:Enabled:Services "9993:TCP" = 9993:TCP:*:Enabled:Services "9994:TCP" = 9994:TCP:*:Enabled:Services "9665:TCP" = 9665:TCP:*:Enabled:Services "9666:TCP" = 9666:TCP:*:Enabled:Services "3881:TCP" = 3881:TCP:*:Enabled:Services "6262:TCP" = 6262:TCP:*:Enabled:Services [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 "10421:UDP" = 10421:UDP:*:Enabled:SingleClick Discovery Protocol "10426:UDP" = 10426:UDP:*:Enabled:SingleClick ICC "65533:TCP" = 65533:TCP:*:Enabled:Services "52344:TCP" = 52344:TCP:*:Enabled:Services "5878:TCP" = 5878:TCP:*:Enabled:Services "5879:TCP" = 5879:TCP:*:Enabled:Services "3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop "5421:TCP" = 5421:TCP:*:Enabled:Services "9342:TCP" = 9342:TCP:*:Enabled:Services "9993:TCP" = 9993:TCP:*:Enabled:Services "9994:TCP" = 9994:TCP:*:Enabled:Services "9665:TCP" = 9665:TCP:*:Enabled:Services "9666:TCP" = 9666:TCP:*:Enabled:Services "3881:TCP" = 3881:TCP:*:Enabled:Services "6262:TCP" = 6262:TCP:*:Enabled:Services ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\WINDOWS\SYSTEM32\mmc.exe" = C:\WINDOWS\SYSTEM32\mmc.exe:*:Disabled:Microsoft Management Console -- (Microsoft Corporation) "C:\WINDOWS\system32" = C:\WINDOWS\system32:*:Enabled:lockx -- [2010/05/18 03:06:17 | 000,000,000 | ---D | M] "C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.) "C:\Program Files\Intuit\QuickBooks 2007\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2007\QBDBMgrN.exe:*:Enabled:QuickBooks 2007 Data Manager -- (iAnywhere Solutions, Inc.) "C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe" = C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.) "C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.) "C:\Program Files\Dell Network Assistant\ezi_hnm2.exe" = C:\Program Files\Dell Network Assistant\ezi_hnm2.exe:*:Enabled:Dell Network Assistant -- (SingleClick Systems) "C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe" = C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.) "C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.) "C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze -- (Vuze Inc.) "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier "{015E4B8A-29B5-4AE3-BD08-38220FADFF4C}" = aspi "{0240BDFB-2995-4A3F-8C96-18D41282B716}" = Dell Network Assistant "{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager "{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center "{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA "{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD "{1526D87C-A955-4FAB-BF18-697BA457E352}" = Norton WMI Update "{1B4AA674-F5CA-4BB5-831A-CD37B4021959}" = ImageMixer for Sony "{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 19 "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime "{2E7595EC-4FB1-4E29-93D4-9083C8A9B107}" = TurboTax ItsDeductible 2005 "{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4 "{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6 "{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9 "{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10 "{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11 "{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java SE Runtime Environment 6 Update 1 "{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java 6 Update 2 "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java 6 Update 3 "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5 "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting "{40C03514-89C3-41BA-0090-3B440256DB87}" = The Sims 2 "{410438A3-B591-4028-B70A-3CC0B33FBCD1}" = "{432C3720-37BF-4BD7-8E49-F38E090246D0}" = CR2 "{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows Journal Viewer "{469730CC-78DF-4CD3-B286-562D459EA619}" = ESSCAM "{4817189D-1785-4627-A33C-39FD90919300}" = The Sims 2 Pets "{48C82F7A-F100-4DAB-A310-8E18BF2159E1}" = ESSvpot "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement "{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Photo Story 3 for Windows "{51F96AEC-D902-4434-A0DC-B9692A21AE7C}" = MobileMe Control Panel "{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support "{55584E16-4D70-44EE-93DD-F144E8B7D4B7}" = QuickBooks Product Listing Service "{564A8DD3-70BC-4018-A5C3-7CEB10BBB6E9}" = Image Transfer "{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3 "{58D92B58-1BE9-4DE4-AE88-ACB205D75B63}" = PDFlib 4.0.1 "{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service "{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver "{5E835305-63BB-4E55-BBB7-EEBBE67774DB}" = Sonic MyDVD "{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes "{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0 "{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{68D60342-7686-45C9-B8EB-40EF843D0460}" = Dell Networking Guide "{68E1BAC6-F79F-43C4-AF03-A89F53F748D3}" = Microsoft XML Parser "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{69BD6399-3D8F-45B7-81D9-819361F5101D}" = PCDLNCH "{6BDD9CE6-D0A6-478A-BAD3-BA6945E89EB0}" = The Sims 2 Family Fun Stuff "{7148F0A8-6813-11D6-A77B-00B0D0142040}" = Java 2 Runtime Environment, SE v1.4.2_04 "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}" = The Sims 2 Open For Business "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{7BF68B83-5057-4D4B-0093-28285EEB9EE3}" = Harry Potter II "{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English "{7E545666-F422-45FD-B3DF-C0B99A1A579F}" = QuickBooks Pro 2007 "{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport "{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper "{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8 Dell Edition "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11318463}" = Secrets of Great Art "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113606753}" = Monopoly "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115056617}" = Eye for Design "{84DDE556-43EF-43ed-B2DF-37AF9E5DDD75}" = The Sims
  15. dmueller375
    OTL runs ok with the extra text. Once the GMER scan is complete I can't save GMER results due to low system resources. I am away from the infected pc until Friday.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.