Jump to content

cucm

Members
 View Profile  See their activity

  • Posts

    13

  • Joined

  • Last visited

 Content Type 

Everything posted by cucm

  1. cucm
    Hi I have changed passwords etc. No infections reported in MBAM ,MacAfee and Spy-bot. I ran Conbofix yesterday , copying the log here ComboFix 09-12-19.03 - ati 20/12/2009 21:54:05.5.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1393 [GMT 0:00] Running from: c:\documents and settings\ati\Desktop\ComboFix.exe AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe c:\windows\system32\kWab.dll . ((((((((((((((((((((((((( Files Created from 2009-11-20 to 2009-12-20 ))))))))))))))))))))))))))))))) . 2009-12-19 11:07 . 2009-12-19 11:07 -------- d-----w- c:\documents and settings\HelpAssistant\WINDOWS 2009-12-19 11:07 . 2009-12-19 11:07 -------- d-----w- c:\documents and settings\HelpAssistant\UserData 2009-12-19 11:07 . 2009-12-19 11:07 -------- d-----w- c:\documents and settings\HelpAssistant\Tracing 2009-12-19 11:07 . 2009-12-19 11:07 -------- d-----w- c:\documents and settings\HelpAssistant\temp 2009-12-19 11:07 . 2009-12-19 11:07 -------- d-----w- c:\documents and settings\HelpAssistant\PrivacIE 2009-12-19 11:07 . 2009-12-19 11:07 -------- d-----w- c:\documents and settings\HelpAssistant\Phone Browser 2009-12-19 11:07 . 2009-12-19 11:07 -------- d-----w- c:\documents and settings\HelpAssistant\outlook express contact 2009-12-18 14:22 . 2009-12-18 14:22 -------- d-----w- c:\documents and settings\HelpAssistant\InstallAnywhere 2009-12-18 14:22 . 2009-12-18 14:22 -------- d-----w- c:\documents and settings\HelpAssistant\IECompatCache 2009-12-18 14:22 . 2009-12-18 14:22 -------- d-----w- c:\documents and settings\HelpAssistant\DoctorWeb 2009-12-18 14:22 . 2009-12-18 14:22 -------- d-----w- c:\documents and settings\HelpAssistant\Contacts 2009-12-18 14:21 . 2009-12-18 14:21 -------- d-----w- c:\documents and settings\HelpAssistant\.jrtmt 2009-12-18 14:21 . 2009-12-18 14:21 -------- d-----w- c:\documents and settings\HelpAssistant\.cisco 2009-12-18 14:21 . 2009-12-18 14:21 -------- d-----w- c:\documents and settings\HelpAssistant\.asdm 2009-12-04 10:03 . 2009-12-04 10:03 251376 ----a-w- c:\documents and settings\ati\Application Data\Mozilla\plugins\npgoogletalk.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-12-20 21:48 . 2007-07-27 09:19 -------- d-----w- c:\documents and settings\All Users\Application Data\VMware 2009-12-20 21:48 . 2007-07-27 09:20 -------- d-----w- c:\documents and settings\LocalService\Application Data\VMware 2009-12-20 13:11 . 2009-01-01 13:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater 2009-12-19 12:17 . 2007-05-19 08:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-12-17 22:18 . 2009-01-01 22:55 -------- d-----w- c:\program files\McAfee 2009-12-17 10:43 . 2007-05-09 21:17 -------- d-----w- c:\program files\Google 2009-12-09 20:23 . 2007-08-08 09:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-12-05 20:27 . 2007-05-09 21:22 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-12-04 09:08 . 2008-12-31 12:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-12-04 09:08 . 2009-01-05 22:53 4844296 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2009-12-03 16:14 . 2008-12-31 12:32 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-12-03 16:13 . 2008-12-31 12:32 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-11-26 10:59 . 2007-10-07 08:32 -------- d-----w- c:\program files\Common Files\Adobe 2009-11-26 10:47 . 2007-05-14 11:31 -------- d-----w- c:\documents and settings\ati\Application Data\OpenOffice.org2 2009-11-20 15:52 . 2009-11-20 15:52 67504 ---ha-w- c:\windows\system32\mlfcache.dat 2009-11-17 17:23 . 2007-05-19 08:55 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-11-02 20:42 . 2009-10-03 07:04 195456 ------w- c:\windows\system32\MpSigStub.exe 2009-10-29 07:45 . 2004-08-10 11:51 916480 ----a-w- c:\windows\system32\wininet.dll 2009-10-28 09:46 . 2007-07-27 09:31 -------- d-----w- c:\documents and settings\ati\Application Data\VMware 2009-10-22 10:12 . 2009-10-22 10:12 -------- d-----w- c:\program files\IPexpertVoiceQuizzer 2009-10-22 10:11 . 2009-10-22 10:11 -------- d-----w- c:\program files\Common Files\Adobe AIR 2009-10-22 10:10 . 2009-10-22 10:12 38208 ----a-w- c:\documents and settings\ati\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe 2009-10-21 05:38 . 2004-08-10 11:51 75776 ----a-w- c:\windows\system32\strmfilt.dll 2009-10-21 05:38 . 2004-08-10 11:51 25088 ----a-w- c:\windows\system32\httpapi.dll 2009-10-20 16:20 . 2008-05-15 12:51 265728 ----a-w- c:\windows\system32\drivers\http.sys 2009-10-13 10:30 . 2004-08-10 11:51 270336 ----a-w- c:\windows\system32\oakley.dll 2009-10-12 13:38 . 2004-08-10 11:51 149504 ----a-w- c:\windows\system32\rastls.dll 2009-10-12 13:38 . 2004-08-10 11:51 79872 ----a-w- c:\windows\system32\raschap.dll 2009-06-04 13:38 . 2009-06-04 13:37 2440754 ----a-w- c:\program files\Common Files\UnifiedClientInstall.log 2009-03-24 12:11 . 2009-03-24 12:12 1897 ----a-w- c:\program files\Common Files\pcc.ssl 2009-09-12 21:37 . 2007-05-19 15:00 168 --sh--r- c:\windows\system32\0ABFAD259E.sys 2009-09-12 21:37 . 2007-05-19 15:00 5954 --sha-w- c:\windows\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-10-31 1392640] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008] "PD0620 STISvc"="P0620Pin.dll" [2005-05-10 36864] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-04 198160] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096] "Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896] c:\documents and settings\ati\Start Menu\Programs\Startup\ lab route.bat [2009-3-15 51] OneNote Table Of Contents.onetoc2 [2008-7-29 3656] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mfehidk] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mfehidk.sys] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mferkdk] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mferkdk.sys] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mfetdik] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mfetdik.sys] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^ati^Start Menu^Programs^Startup^ERUNT AutoBackup.lnk] path=c:\documents and settings\ati\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk backup=c:\windows\pss\ERUNT AutoBackup.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2009-10-03 04:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DelayShred] 2009-09-25 11:22 113168 ----a-w- c:\progra~1\McAfee\MSHR\ShrCL.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2008-10-03 09:39 133104 ----atw- c:\documents and settings\ati\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 04:42 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication] 2007-03-23 11:20 227328 -c--a-w- c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2007-04-27 08:41 282624 ----a-w- c:\program files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UMonit] 2007-06-18 03:40 200704 ----a-r- c:\windows\system32\UMonit.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] 2009-05-26 20:06 4351216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection] 2009-02-23 13:05 111856 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"= "c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Belkin\\All-in-One Print Server\\MFPAgent.exe"= "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"= "c:\\Program Files\\Dynamips\\dynamips.exe"= "c:\\Program Files\\Cisco Systems\\Cisco IP Communicator\\communicatork9.exe"= "c:\\Program Files\\IP blue\\VTGO\\bin\\VTGOhttpServer.exe"= "c:\\Documents and Settings\\ati\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"= "c:\\Documents and Settings\\ati\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"= "c:\\Program Files\\NetMeeting\\conf.exe"= "c:\\Documents and Settings\\ati\\temp\\TeamViewer\\Version4\\TeamViewer.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Cisco Systems\\Cisco Unified Personal Communicator\\CUPCK9.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\3Com\\3CDaemon\\3CDaemon.EXE"= "c:\\Program Files\\Cisco Systems\\Cisco IP Communicator\\AudioTuningWizard.exe"= "c:\\Program Files\\IP blue\\VTGO\\Media\\BlueMedia.exe"= "c:\\Program Files\\RealVNC\\VNC4\\vncviewer.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:Remote Desktop "65533:TCP"= 65533:TCP:Services "52344:TCP"= 52344:TCP:Services "3246:TCP"= 3246:TCP:Services "2479:TCP"= 2479:TCP:Services R1 RapportKELL;RapportKELL;c:\program files\Trusteer\Rapport\bin\RapportKELL.sys [18/08/2009 20:39 58728] R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [18/08/2009 20:39 333928] R2 CdpPacket;Cisco Discovery Protocol Packet Driver;c:\windows\system32\drivers\CdpPacket.sys [24/01/2008 18:47 35692] R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [28/10/2008 16:42 156968] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [01/01/2009 22:59 93320] R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [18/08/2009 20:39 955624] R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 19:19 13592] R3 WUSBVBus;MFP Server Detector;c:\windows\system32\drivers\mfpvbus.sys [24/06/2007 11:18 9472] S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [13/11/2008 14:13 639224] S2 ALIWEHCD;Belkin All-In-One Print Server Enhanced Controller;c:\windows\system32\drivers\mfpec.sys [24/06/2007 11:18 53152] S2 gupdate1c994fa5f5c1598;Google Update Service (gupdate1c994fa5f5c1598);c:\program files\Google\Update\GoogleUpdate.exe [22/02/2009 14:32 133104] S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [06/11/2007 20:22 42000] S3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [01/10/2006 12:37 26624] S3 urvpndrv;F5 Networks VPN Adapter;c:\windows\system32\DRIVERS\covpndrv.sys --> c:\windows\system32\DRIVERS\covpndrv.sys [?] . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.co.uk/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uDefault_Search_URL = hxxp://www.google.com/ie mStart Page = hxxp://uk.yahoo.com uInternet Connection Wizard,ShellNext = hxxp://www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=5070509 uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Dial with VT&GO - file:///c:\program files\IP blue\VTGO\Scripts\dialer.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\ati\Application Data\Mozilla\Firefox\Profiles\7fqay5vh.default\ FF - prefs.js: browser.search.defaulturl - hxxp://uk.search.yahoo.com/search?fr=ffsp1&p= FF - prefs.js: browser.search.selectedEngine - Secure Search FF - prefs.js: browser.startup.homepage - www.google.co.uk FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=mcafee&p= FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll FF - plugin: c:\documents and settings\ati\Application Data\Mozilla\plugins\npgoogletalk.dll FF - plugin: c:\documents and settings\ati\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa2.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - true. ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url] Rootkit scan 2009-12-20 21:58 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\ . Completion time: 2009-12-20 22:01:09 ComboFix-quarantined-files.txt 2009-12-20 22:01 Pre-Run: 48,402,468,864 bytes free Post-Run: 48,363,266,048 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Home Edition" /Fastdetect - - End Of File - - B3E8ABEE9643C7A35694EE20FA80E046
  2. cucm
    Thanks. I had a strong feeling that it was a MBR related issue. After ruling out HW and doing some research I ran the program RootRepeal which found the rootkit and removed it. After this I had missing ntldr message which was resolved after running xp recovery mode. Original problem was resolved Today I found that lot of messages were sent from facebook account. I ran MBAM which found switch.dialer and removed it I am worried and would appreciate some advice by experts cucm
  3. cucm
    Hi I have a laptop running Windows XP home edition. Since yesterday it has developed some problem. It boots OK but after few minutes it freezes completely giving continuous annoying beep. Only way to recover is to power off and on. So far I have ran MBAM,Spy-bot and McAfee in safe mode and it was clean. HW diagnostics was clean so no memory issues. I would really appreciate if someone can help me here cheers cucm
  4. cucm
    Hi Sorry I have been away for a while. I did as suggested plus McAfee and MS Online Scanner. They found couple of viruses and got rid of them. Since then it has been working fine. Many thanks for youe help. Do I need to carry out any furtehr scan to be 100% sure about this? Thanks Atul
  5. cucm
    Thanks. I ran Combofix yesterday which deleted a few files , I am attaching latest log from Combofix ComboFix 09-08-10.06 - ati 13/08/2009 10:03.4.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1396 [GMT 1:00] Running from: c:\documents and settings\ati\Desktop\ComboFix.exe AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} . ((((((((((((((((((((((((( Files Created from 2009-07-13 to 2009-08-13 ))))))))))))))))))))))))))))))) . 2009-08-12 17:24 . 2009-08-12 17:24 -------- d-----w- c:\program files\ImgBurn 2009-08-12 17:11 . 2009-08-12 17:16 -------- d-----w- C:\pebuilder3110a 2009-08-12 08:56 . 2009-08-12 08:56 -------- d-----w- c:\program files\Trend Micro 2009-08-12 07:02 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll 2009-08-05 09:01 . 2009-08-05 09:01 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll 2009-07-31 12:09 . 2009-07-31 12:09 -------- d-----w- c:\program files\Microsoft Silverlight 2009-07-27 09:45 . 2009-07-27 09:45 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE 2009-07-24 07:12 . 2009-07-24 07:12 1878984 ----a-w- c:\documents and settings\ati\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe 2009-07-17 19:01 . 2009-07-17 19:01 58880 ------w- c:\windows\system32\dllcache\atl.dll 2009-07-14 09:29 . 2008-09-04 19:53 10744 ----a-w- c:\windows\system32\drivers\urfltw2k.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-13 06:10 . 2007-05-19 08:55 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-08-13 05:50 . 2007-07-27 09:20 -------- d-----w- c:\documents and settings\LocalService\Application Data\VMware 2009-08-13 05:50 . 2007-07-27 09:19 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\VMware 2009-08-12 15:32 . 2007-05-19 08:55 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy 2009-08-12 15:25 . 2007-08-08 09:06 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Microsoft Help 2009-08-12 07:56 . 2008-12-31 12:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-08-12 07:41 . 2008-12-06 10:46 -------- d-----w- c:\program files\Windows Live Safety Center 2009-08-09 09:40 . 2008-11-23 22:36 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore 2009-08-09 09:35 . 2009-01-01 22:55 -------- d-----w- c:\program files\McAfee 2009-08-08 09:57 . 2009-01-01 13:25 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Google Updater 2009-08-05 15:07 . 2007-05-19 15:00 5954 --sha-w- c:\windows\system32\KGyGaAvL.sys 2009-08-05 15:07 . 2007-05-19 15:00 168 --sh--r- c:\windows\system32\0ABFAD259E.sys 2009-08-05 09:01 . 2004-08-10 11:51 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-08-03 12:36 . 2008-12-31 12:32 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-03 12:36 . 2008-12-31 12:32 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-07-27 09:41 . 2007-05-09 21:09 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-07-17 19:01 . 2004-08-10 11:50 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-16 11:32 . 2009-01-01 22:56 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys 2009-07-15 10:31 . 2008-06-12 11:28 -------- d-----w- c:\program files\NCH Swift Sound 2009-07-15 10:31 . 2008-06-12 11:31 -------- d-----w- c:\documents and settings\ati\Application Data\NCH Swift Sound 2009-07-15 10:30 . 2007-06-03 14:32 -------- d-----w- c:\program files\DivX 2009-07-12 11:21 . 2004-08-10 11:51 233472 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-10 07:24 . 2009-01-01 22:47 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\McAfee 2009-07-08 12:44 . 2009-01-01 22:56 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2009-07-08 12:44 . 2009-01-01 22:56 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys 2009-07-08 12:44 . 2009-01-01 22:56 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys 2009-07-08 12:44 . 2009-01-01 22:56 214024 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2009-07-08 12:43 . 2009-01-01 22:52 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys 2009-07-03 17:09 . 2004-08-10 11:51 915456 ----a-w- c:\windows\system32\wininet.dll 2009-07-03 13:55 . 2007-07-27 09:31 -------- d-----w- c:\documents and settings\ati\Application Data\VMware 2009-07-02 13:01 . 2009-07-02 13:01 1398 ----a-r- c:\documents and settings\ati\Application Data\Microsoft\Installer\{8288E6AA-CEB4-43F0-8E67-A794AD92B912}\_497f23e.exe 2009-07-02 13:01 . 2009-07-02 13:01 -------- d-----w- c:\program files\Cisco CDR Time Converter 2009-06-30 07:10 . 2007-05-09 21:17 -------- d-----w- c:\program files\Google 2009-06-26 12:26 . 2007-11-06 20:22 42000 ----a-w- c:\windows\system32\drivers\npf.sys 2009-06-25 09:19 . 2007-05-14 11:05 90112 -c--a-w- c:\documents and settings\ati\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-06-25 08:31 . 2009-06-25 08:31 79812 ----a-w- c:\windows\Fonts\SP77N.ttf 2009-06-22 14:23 . 2009-06-22 14:23 239088 ----a-w- c:\documents and settings\ati\Application Data\Mozilla\plugins\npgoogletalk.dll 2009-06-22 12:57 . 2009-05-13 13:47 -------- d-----w- c:\program files\freeFTPd 2009-06-16 14:36 . 2004-08-10 11:51 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-16 14:36 . 2004-08-10 11:51 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-06-16 13:54 . 2007-10-11 15:58 -------- d-----w- c:\program files\Cisco Systems 2009-06-16 13:51 . 2008-02-14 22:14 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Cisco 2009-06-14 21:02 . 2009-06-14 20:50 -------- d-----w- c:\documents and settings\ati\Application Data\PC Suite 2009-06-14 20:58 . 2009-06-14 20:58 -------- d-----w- c:\documents and settings\ati\Application Data\Nokia Multimedia Player 2009-06-14 20:54 . 2009-06-14 20:53 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\PC Suite 2009-06-14 20:52 . 2009-06-14 20:52 -------- d-----w- c:\documents and settings\ati\Application Data\Nokia 2009-06-14 20:51 . 2009-06-14 20:51 -------- d-----w- c:\program files\DIFX 2009-06-14 20:51 . 2009-06-14 20:51 -------- d-----w- c:\program files\Common Files\PCSuite 2009-06-14 20:51 . 2009-06-14 20:51 -------- d-----w- c:\program files\Common Files\Nokia 2009-06-14 20:51 . 2009-06-14 20:50 -------- d-----w- c:\program files\Nokia 2009-06-14 20:50 . 2009-06-14 20:50 -------- d-----w- c:\program files\PC Connectivity Solution 2009-06-14 20:49 . 2009-06-14 20:49 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Installations 2009-06-14 11:46 . 2009-06-14 11:46 390664 ----a-w- c:\documents and settings\ati\Application Data\Real\RealPlayer\Update\realplayer11gold.exe 2009-06-12 12:31 . 2004-08-10 11:51 76288 ----a-w- c:\windows\system32\telnet.exe 2009-06-10 14:13 . 2004-08-10 11:50 84992 ----a-w- c:\windows\system32\avifil32.dll 2009-06-10 08:19 . 2004-08-10 12:01 2066432 ----a-w- c:\windows\system32\mstscax.dll 2009-06-10 06:14 . 2008-05-15 12:50 132096 ----a-w- c:\windows\system32\wkssvc.dll 2009-06-04 13:38 . 2009-06-04 13:37 2440754 ----a-w- c:\program files\Common Files\UnifiedClientInstall.log 2009-06-03 19:09 . 2004-08-10 11:51 1291264 ----a-w- c:\windows\system32\quartz.dll 2009-03-24 12:11 . 2009-03-24 12:12 1897 ----a-w- c:\program files\Common Files\pcc.ssl . ((((((((((((((((((((((((((((( SnapShot@2009-08-12_18.45.55 ))))))))))))))))))))))))))))))))))))))))) . + 2009-08-13 05:50 . 2009-08-13 05:50 16384 c:\windows\Temp\Perflib_Perfdata_f8.dat + 2009-08-13 05:50 . 2009-08-13 05:50 16384 c:\windows\Temp\Perflib_Perfdata_3c4.dat + 2004-08-10 11:51 . 2009-08-13 05:55 74188 c:\windows\system32\perfc009.dat - 2004-08-10 11:51 . 2009-08-12 18:41 74188 c:\windows\system32\perfc009.dat + 2007-05-14 11:01 . 2009-08-13 05:48 49152 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat - 2007-05-14 11:01 . 2009-08-12 17:01 49152 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2007-05-14 11:01 . 2009-08-13 05:48 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat - 2007-05-14 11:01 . 2009-08-12 17:01 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat - 2007-05-14 11:01 . 2009-08-12 17:01 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat + 2007-05-14 11:01 . 2009-08-13 05:48 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat - 2009-08-12 17:06 . 2008-07-08 13:02 26488 c:\windows\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\update\spcustom.dll - 2009-08-12 17:06 . 2008-07-08 13:02 17272 c:\windows\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\spmsg.dll - 2009-06-25 08:41 . 2009-06-25 08:41 54272 c:\windows\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\sp3qfe\wdigest.dll - 2009-06-25 08:41 . 2009-06-25 08:41 56832 c:\windows\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\sp3qfe\secur32.dll - 2009-06-24 10:28 . 2009-06-24 10:28 92928 c:\windows\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\sp3qfe\ksecdd.sys - 2009-06-25 08:25 . 2009-06-25 08:25 54272 c:\windows\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\sp3gdr\wdigest.dll - 2009-06-25 08:25 . 2009-06-25 08:25 56832 c:\windows\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\sp3gdr\secur32.dll - 2009-06-24 11:18 . 2009-06-24 11:18 92928 c:\windows\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\sp3gdr\ksecdd.sys + 2004-08-10 11:51 . 2009-08-13 05:55 448622 c:\windows\system32\perfh009.dat - 2004-08-10 11:51 . 2009-08-12 18:41 448622 c:\windows\system32\perfh009.dat + 2009-05-16 11:29 . 2009-08-13 05:48 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat - 2009-05-16 11:29 . 2009-08-12 17:01 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat - 2009-08-12 17:06 . 2009-05-26 11:40 382840 c:\windows\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\update\updspapi.dll - 2009-08-12 17:06 . 2009-05-26 11:40 755576 c:\windows\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\update\update.exe - 2009-08-12 17:06 . 2008-07-08 13:02 231288 c:\windows\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\spuninst.exe - 2009-06-25 08:41 . 2009-06-25 08:41 147456 c:\windows\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\sp3qfe\schannel.dll - 2009-06-25 08:41 . 2009-06-25 08:41 136704 c:\windows\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\sp3qfe\msv1_0.dll - 2009-06-26 09:41 . 2009-06-26 09:41 730112 c:\windows\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\sp3qfe\lsasrv.dll - 2009-06-25 08:41 . 2009-06-25 08:41 301568 c:\windows\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\sp3qfe\kerberos.dll - 2009-06-25 08:25 . 2009-06-25 08:25 147456 c:\windows\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\sp3gdr\schannel.dll - 2009-06-25 08:25 . 2009-06-25 08:25 136192 c:\windows\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\sp3gdr\msv1_0.dll - 2009-06-25 08:25 . 2009-06-25 08:25 730112 c:\windows\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\sp3gdr\lsasrv.dll - 2009-06-25 08:25 . 2009-06-25 08:25 301568 c:\windows\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\sp3gdr\kerberos.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] "Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-10-31 1392640] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-07-09 645328] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-28 198160] "SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-24 282624] "PD0620 STISvc"="P0620Pin.dll" - c:\windows\system32\P0620Pin.dll [2005-05-10 36864] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160] "Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896] c:\documents and settings\ati\Start Menu\Programs\Startup\ lab route.bat [2009-3-15 51] OneNote Table Of Contents.onetoc2 [2008-7-29 3656] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mfehidk] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mfehidk.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mferkdk] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mferkdk.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mfetdik] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mfetdik.sys] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^ati^Start Menu^Programs^Startup^ERUNT AutoBackup.lnk] path=c:\documents and settings\ati\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk backup=c:\windows\pss\ERUNT AutoBackup.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Belkin\\All-in-One Print Server\\MFPAgent.exe"= "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"= "c:\\Program Files\\Dynamips\\dynamips.exe"= "c:\\Program Files\\Cisco Systems\\Cisco IP Communicator\\communicatork9.exe"= "c:\\Program Files\\IP blue\\VTGO\\bin\\VTGOhttpServer.exe"= "c:\\Program Files\\IP blue\\VTGO\\Media\\BlueMedia.exe"= "c:\\Program Files\\Cisco Systems\\Cisco IP Communicator\\AudioTuningWizard.exe"= "c:\\Documents and Settings\\ati\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"= "c:\\Documents and Settings\\ati\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"= "c:\\Program Files\\NetMeeting\\conf.exe"= "c:\\Program Files\\RealVNC\\VNC4\\vncviewer.exe"= "c:\\Program Files\\3Com\\3CDaemon\\3CDaemon.EXE"= "c:\\Documents and Settings\\ati\\temp\\TeamViewer\\Version4\\TeamViewer.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Cisco Systems\\Cisco Unified Personal Communicator\\CUPCK9.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009 R2 CdpPacket;Cisco Discovery Protocol Packet Driver;c:\windows\system32\drivers\CdpPacket.sys [24/01/2008 19:47 35692] R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [28/10/2008 17:42 156968] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [01/01/2009 23:59 210216] R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 20:19 13592] R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [06/11/2007 21:22 42000] R3 urvpndrv;F5 Networks VPN Adapter;c:\windows\system32\drivers\covpndrv.sys [04/09/2008 20:53 33400] R3 WUSBVBus;MFP Server Detector;c:\windows\system32\drivers\mfpvbus.sys [24/06/2007 12:18 9472] S2 ALIWEHCD;Belkin All-In-One Print Server Enhanced Controller;c:\windows\system32\drivers\mfpec.sys [24/06/2007 12:18 53152] S2 gupdate1c994fa5f5c1598;Google Update Service (gupdate1c994fa5f5c1598);c:\program files\Google\Update\GoogleUpdate.exe [22/02/2009 15:32 133104] S2 kbxauq;kbxauq;c:\windows\system32\drivers\wmbbn.sys --> c:\windows\system32\drivers\wmbbn.sys [?] S3 f5ipfw;F5 Networks StoneWall Filter;c:\windows\system32\drivers\urfltw2k.sys [14/07/2009 10:29 10744] S3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [01/10/2006 13:37 26624] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . . ------- Supplementary Scan ------- . uStart Page = www.google.co.uk/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = hxxp://www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=5070509 uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Dial with VT&GO - file:///c:\program files\IP blue\VTGO\Scripts\dialer.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 DPF: {50F851B0-0BBE-11D2-A237-00C04FBBD1CD} - hxxp://172.16.11.104/ciscopca/controls/MediaMasENU.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-13 10:11 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(3336) c:\windows\system32\WININET.dll c:\program files\McAfee\SiteAdvisor\saHook.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll c:\windows\system32\ieframe.dll c:\windows\system32\mshtml.dll c:\windows\system32\msls31.dll c:\windows\system32\webcheck.dll . Completion time: 2009-08-13 10:13 ComboFix-quarantined-files.txt 2009-08-13 09:13 ComboFix2.txt 2009-08-12 18:48 ComboFix3.txt 2009-01-03 09:51 Pre-Run: 9,789,427,712 bytes free Post-Run: 9,745,068,032 bytes free 261 --- E O F --- 2009-08-12 15:26
  6. cucm
    Hi , Last night my computer got infected and I was able to remove few infections using MBAM but can't get rid of this one. I am attaching MBAM and hijackthis log. Any help will be greatly appreciated as it is driving me crazy Malwarebytes' Anti-Malware 1.40 Database version: 2610 Windows 5.1.2600 Service Pack 3 12/08/2009 09:54:16 mbam-log-2009-08-12 (09-54-16).txt Scan type: Quick Scan Objects scanned: 119510 Time elapsed: 7 minute(s), 3 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> Delete on reboot. >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 09:57:28, on 12/08/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\Juniper Networks\Common Files\dsNcService.exe C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe C:\Program Files\Dell Network Assistant\hnm_svc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\VMware\VMware Workstation\vmware-authd.exe C:\WINDOWS\system32\vmnat.exe C:\Program Files\RealVNC\VNC4\WinVNC4.exe C:\WINDOWS\system32\vmnetdhcp.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\WINDOWS\stsystra.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\WLTRAY.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\RunDLL32.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\WINDOWS\system32\cmd.exe c:\PROGRA~1\mcafee\msc\mcshell.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.co.uk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=5070509 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.search.yahoo.com/search?fr=mcafee&p=%s R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.co.uk/ig/dell?hl=en&...amp;ibd=5070509 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513 O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\winlogon.exe" /runcleanupscript O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: lab route.bat O4 - Startup: OneNote Table Of Contents.onetoc2 O4 - Startup: Show VQManager.lnk = C:\ManageEngine\VQManager\bin\VQManager.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: Dial with VT&GO - file:///C:\Program Files\IP blue\VTGO\Scripts\dialer.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} (F5 Networks VPN Manager) - https://remote.harrow.gov.uk/vdesk/terminal...0,2008,904,1951 O16 - DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} (F5 Networks Dynamic Application Tunnel Control) - https://remote.harrow.gov.uk/vdesk/terminal...0,2008,904,1947 O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - O16 - DPF: {50F851B0-0BBE-11D2-A237-00C04FBBD1CD} (AvMediaMasterCtrl Class) - http://172.16.11.104/ciscopca/controls/MediaMasENU.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase1140.cab O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} (F5 Networks SuperHost Class) - https://remote.harrow.gov.uk/vdesk/terminal...0,2008,904,1945 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://ciscosales.webex.com/client/T26L10N...bex/ieatgpc.cab O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} (F5 Networks Host Control) - https://remote.harrow.gov.uk/vdesk/terminal...0,2008,904,1940 O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupControlXP Class) - https://secure.peterborough.gov.uk/dana-cac...perSetupSP1.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe O23 - Service: Google Update Service (gupdate1c994fa5f5c1598) (gupdate1c994fa5f5c1598) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE -- End of file - 12879 bytes
  7. cucm
    Hi There, Its all looking good .great start of 2009 . Many thanks for your kind help cucm
  8. cucm
    Hello Mate..... yes things are looking better.....nothing reported in latest MBAM scan. I still have spy-bot disabled ........pls let me know what you think. Your help over WE is highly appreciated .... >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Malwarebytes' Anti-Malware 1.31 Database version: 1603 Windows 5.1.2600 Service Pack 3 03/01/2009 20:04:07 mbam-log-2009-01-03 (20-04-07).txt Scan type: Quick Scan Objects scanned: 68798 Time elapsed: 6 minute(s), 25 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  9. cucm
    Hi Posting the last log from Kas......took a while cheers cucm -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7 REPORT Saturday, January 3, 2009 Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Saturday, January 03, 2009 10:03:19 Records in database: 1553339 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: C:\ D:\ Scan statistics: Files scanned: 111511 Threat name: 0 Infected objects: 0 Suspicious objects: 0 Duration of the scan: 03:19:26 No malware has been detected. The scan area is clean. The selected area was scanned.
  10. cucm
    Hi, Posting Gmer.txt...will post Kaspersky once completed. It seems it is going to take a while to finish cheers GMER 1.0.14.14536 - http://www.gmer.net Rootkit scan 2009-01-03 10:17:59 Windows 5.1.2600 Service Pack 3 ---- System - GMER 1.0.14 ---- SSDT sptd.sys ZwCreateKey [0xB9ED10B0] SSDT sptd.sys ZwEnumerateKey [0xB9ED684C] SSDT sptd.sys ZwEnumerateValueKey [0xB9ED6BEC] SSDT sptd.sys ZwOpenKey [0xB9ED1090] SSDT sptd.sys ZwQueryKey [0xB9ED6CC4] SSDT sptd.sys ZwQueryValueKey [0xB9ED6B44] SSDT sptd.sys ZwSetValueKey [0xB9ED6D56] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xA92039CA] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xA9203978] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xA920398C] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xA9203A7B] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xA9203AA7] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xA9203A0A] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xA9203B41] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xA9203950] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xA9203964] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xA92039DE] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xA9203AE9] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xA9203A91] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xA9203B69] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xA9203B55] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xA92039B6] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xA92039A2] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xA9203A39] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xA9203B2B] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xA9203A20] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xA92039F4] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess ---- Devices - GMER 1.0.14 ---- Device \FileSystem\Ntfs \Ntfs 8A88B1D8 AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) Device \Driver\usbuhci \Device\USBPDO-0 8A82A5A0 Device \Driver\usbuhci \Device\USBPDO-1 8A82A5A0 Device \Driver\usbuhci \Device\USBPDO-2 8A82A5A0 Device \Driver\usbehci \Device\USBPDO-3 8A7671D8 Device \Driver\usbuhci \Device\USBPDO-4 8A82A5A0 AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.) Device \Driver\Ftdisk \Device\HarddiskVolume1 8A8FE1D8 Device \Driver\Ftdisk \Device\HarddiskVolume2 8A8FE1D8 Device \Driver\Cdrom \Device\CdRom0 8A728708 Device \Driver\Ftdisk \Device\HarddiskVolume3 8A8FE1D8 Device \Driver\Ftdisk \Device\HarddiskVolume4 8A8FE1D8 Device \Driver\NetBT \Device\NetBt_Wins_Export 8A02E1D8 Device \Driver\usbhub \Device\00000090 hcmon.sys (VMware USB monitor/VMware, Inc.) Device \Driver\NetBT \Device\NetbiosSmb 8A02E1D8 Device \Driver\usbhub \Device\00000092 hcmon.sys (VMware USB monitor/VMware, Inc.) Device \Driver\usbhub \Device\00000094 hcmon.sys (VMware USB monitor/VMware, Inc.) Device \Driver\NetBT \Device\NetBT_Tcpip_{A930F8A5-06FF-401D-B4D9-B90BE5F818DD} 8A02E1D8 AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.) Device \Driver\usbhub \Device\00000096 hcmon.sys (VMware USB monitor/VMware, Inc.) AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.) Device \Driver\usbhub \Device\00000098 hcmon.sys (VMware USB monitor/VMware, Inc.) Device \Driver\usbuhci \Device\USBFDO-0 8A82A5A0 Device \Driver\usbuhci \Device\USBFDO-0 hcmon.sys (VMware USB monitor/VMware, Inc.) Device \Driver\usbuhci \Device\USBFDO-1 8A82A5A0 Device \Driver\usbuhci \Device\USBFDO-1 hcmon.sys (VMware USB monitor/VMware, Inc.) Device \Driver\usbuhci \Device\USBFDO-2 8A82A5A0 Device \Driver\usbuhci \Device\USBFDO-2 hcmon.sys (VMware USB monitor/VMware, Inc.) Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A02B1D8 Device \Driver\usbuhci \Device\USBFDO-3 8A82A5A0 Device \Driver\usbuhci \Device\USBFDO-3 hcmon.sys (VMware USB monitor/VMware, Inc.) Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A02B1D8 Device \Driver\usbehci \Device\USBFDO-4 8A7671D8 Device \Driver\usbehci \Device\USBFDO-4 hcmon.sys (VMware USB monitor/VMware, Inc.) Device \Driver\Ftdisk \Device\FtControl 8A8FE1D8 Device \Driver\NetBT \Device\NetBT_Tcpip_{97356776-AC10-4A3C-B1B7-7E501BFC9CC0} 8A02E1D8 Device \Driver\usbuhci \Device\USBPDO-0 hcmon.sys (VMware USB monitor/VMware, Inc.) Device \Driver\usbuhci \Device\USBPDO-1 hcmon.sys (VMware USB monitor/VMware, Inc.) Device \Driver\usbuhci \Device\USBPDO-2 hcmon.sys (VMware USB monitor/VMware, Inc.) Device \Driver\usbehci \Device\USBPDO-3 hcmon.sys (VMware USB monitor/VMware, Inc.) Device \Driver\usbuhci \Device\USBPDO-4 hcmon.sys (VMware USB monitor/VMware, Inc.) Device \FileSystem\Fastfat \Fat 89B9D1D8 Device \FileSystem\Fastfat \Fat A79F6297 AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) Device \FileSystem\Cdfs \Cdfs 8A0231D8 Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions) ---- Registry - GMER 1.0.14 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 1021613300 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 2042680831 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x5F 0xFF 0x27 0x67 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x5F 0xFF 0x27 0x67 ... ---- EOF - GMER 1.0.14 ----
  11. cucm
    Good Morning, Copying the log as suggested......many thanks for continued support ComboFix 09-01-01.02 - ati 2009-01-03 9:46:51.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1560 [GMT 0:00] Running from: c:\documents and settings\ati\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\ati\Desktop\CFScript.txt AV: McAfee VirusScan *On-access scanning disabled* (Updated) FW: McAfee Personal Firewall *disabled* * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\26ef3f82c3a146be4dfd0de24c50ee c:\26ef3f82c3a146be4dfd0de24c50ee\atl80.dll c:\26ef3f82c3a146be4dfd0de24c50ee\cert.dll c:\26ef3f82c3a146be4dfd0de24c50ee\conflictingappmodule.dll c:\26ef3f82c3a146be4dfd0de24c50ee\de-at\eula.rtf c:\26ef3f82c3a146be4dfd0de24c50ee\de-at\ocsetupro.dll c:\26ef3f82c3a146be4dfd0de24c50ee\de-ch\eula.rtf c:\26ef3f82c3a146be4dfd0de24c50ee\de-ch\ocsetupro.dll c:\26ef3f82c3a146be4dfd0de24c50ee\de-de\eula.rtf c:\26ef3f82c3a146be4dfd0de24c50ee\de-de\ocsetupro.dll c:\26ef3f82c3a146be4dfd0de24c50ee\en-au\eula.rtf c:\26ef3f82c3a146be4dfd0de24c50ee\en-au\ocsetupro.dll c:\26ef3f82c3a146be4dfd0de24c50ee\en-ca\eula.rtf c:\26ef3f82c3a146be4dfd0de24c50ee\en-ca\ocsetupro.dll c:\26ef3f82c3a146be4dfd0de24c50ee\en-gb\eula.rtf c:\26ef3f82c3a146be4dfd0de24c50ee\en-gb\ocsetupro.dll c:\26ef3f82c3a146be4dfd0de24c50ee\en-hk\eula.rtf c:\26ef3f82c3a146be4dfd0de24c50ee\en-hk\ocsetupro.dll c:\26ef3f82c3a146be4dfd0de24c50ee\en-ie\eula.rtf c:\26ef3f82c3a146be4dfd0de24c50ee\en-ie\ocsetupro.dll c:\26ef3f82c3a146be4dfd0de24c50ee\en-in\eula.rtf c:\26ef3f82c3a146be4dfd0de24c50ee\en-in\ocsetupro.dll c:\26ef3f82c3a146be4dfd0de24c50ee\en-nz\eula.rtf c:\26ef3f82c3a146be4dfd0de24c50ee\en-nz\ocsetupro.dll c:\26ef3f82c3a146be4dfd0de24c50ee\en-sg\eula.rtf c:\26ef3f82c3a146be4dfd0de24c50ee\en-sg\ocsetupro.dll c:\26ef3f82c3a146be4dfd0de24c50ee\es-es\eula.rtf c:\26ef3f82c3a146be4dfd0de24c50ee\es-es\ocsetupro.dll c:\26ef3f82c3a146be4dfd0de24c50ee\es-mx\eula.rtf c:\26ef3f82c3a146be4dfd0de24c50ee\es-mx\ocsetupro.dll c:\26ef3f82c3a146be4dfd0de24c50ee\es-us\eula.rtf c:\26ef3f82c3a146be4dfd0de24c50ee\es-us\ocsetupro.dll c:\26ef3f82c3a146be4dfd0de24c50ee\eula.rtf c:\26ef3f82c3a146be4dfd0de24c50ee\fr-be\eula.rtf c:\26ef3f82c3a146be4dfd0de24c50ee\fr-be\ocsetupro.dll c:\26ef3f82c3a146be4dfd0de24c50ee\fr-ca\eula.rtf c:\26ef3f82c3a146be4dfd0de24c50ee\fr-ca\ocsetupro.dll c:\26ef3f82c3a146be4dfd0de24c50ee\fr-ch\eula.rtf c:\26ef3f82c3a146be4dfd0de24c50ee\fr-ch\ocsetupro.dll c:\26ef3f82c3a146be4dfd0de24c50ee\fr-fr\eula.rtf c:\26ef3f82c3a146be4dfd0de24c50ee\fr-fr\ocsetupro.dll c:\26ef3f82c3a146be4dfd0de24c50ee\it-it\eula.rtf c:\26ef3f82c3a146be4dfd0de24c50ee\it-it\ocsetupro.dll c:\26ef3f82c3a146be4dfd0de24c50ee\ja-jp-psloc\eula.rtf c:\26ef3f82c3a146be4dfd0de24c50ee\ja-jp-psloc\ocsetupro.dll c:\26ef3f82c3a146be4dfd0de24c50ee\ja-jp\eula.rtf c:\26ef3f82c3a146be4dfd0de24c50ee\ja-jp\ocsetupro.dll c:\26ef3f82c3a146be4dfd0de24c50ee\ko-kr\eula.rtf c:\26ef3f82c3a146be4dfd0de24c50ee\ko-kr\ocsetupro.dll c:\26ef3f82c3a146be4dfd0de24c50ee\microsoft.vc80.atl.manifest c:\26ef3f82c3a146be4dfd0de24c50ee\microsoft.vc80.crt.manifest c:\26ef3f82c3a146be4dfd0de24c50ee\msvcp80.dll c:\26ef3f82c3a146be4dfd0de24c50ee\msvcr80.dll c:\26ef3f82c3a146be4dfd0de24c50ee\nl-be\eula.rtf c:\26ef3f82c3a146be4dfd0de24c50ee\nl-be\ocsetupro.dll c:\26ef3f82c3a146be4dfd0de24c50ee\nl-nl\eula.rtf c:\26ef3f82c3a146be4dfd0de24c50ee\nl-nl\ocsetupro.dll c:\26ef3f82c3a146be4dfd0de24c50ee\ochelpagent.dll c:\26ef3f82c3a146be4dfd0de24c50ee\ocsetup.exe c:\26ef3f82c3a146be4dfd0de24c50ee\ocsetupro.dll c:\26ef3f82c3a146be4dfd0de24c50ee\pt-br\eula.rtf c:\26ef3f82c3a146be4dfd0de24c50ee\pt-br\ocsetupro.dll c:\26ef3f82c3a146be4dfd0de24c50ee\service.xml c:\26ef3f82c3a146be4dfd0de24c50ee\winsscommon.dll c:\26ef3f82c3a146be4dfd0de24c50ee\winssplatform.dll c:\windows\system32\ltvoypej.exe . ---- Previous Run ------- . c:\windows\system32\_003284_.tmp.dll c:\windows\system32\_003285_.tmp.dll c:\windows\system32\_003286_.tmp.dll c:\windows\system32\_003287_.tmp.dll c:\windows\system32\_003292_.tmp.dll c:\windows\system32\_003293_.tmp.dll c:\windows\system32\_003294_.tmp.dll c:\windows\system32\_003295_.tmp.dll c:\windows\system32\_003296_.tmp.dll c:\windows\system32\_003297_.tmp.dll c:\windows\system32\_003298_.tmp.dll c:\windows\system32\_003299_.tmp.dll c:\windows\system32\_003300_.tmp.dll c:\windows\system32\_003301_.tmp.dll c:\windows\system32\_003302_.tmp.dll c:\windows\system32\_003303_.tmp.dll c:\windows\system32\_003304_.tmp.dll c:\windows\system32\_003305_.tmp.dll c:\windows\system32\_003306_.tmp.dll c:\windows\system32\_003307_.tmp.dll c:\windows\system32\_003308_.tmp.dll c:\windows\system32\_003309_.tmp.dll c:\windows\system32\_003310_.tmp.dll c:\windows\system32\_003311_.tmp.dll c:\windows\system32\_003313_.tmp.dll c:\windows\system32\_003314_.tmp.dll c:\windows\system32\_003316_.tmp.dll c:\windows\system32\_003317_.tmp.dll c:\windows\system32\_003318_.tmp.dll c:\windows\system32\_003319_.tmp.dll c:\windows\system32\_003320_.tmp.dll c:\windows\system32\_003321_.tmp.dll c:\windows\system32\_003323_.tmp.dll c:\windows\system32\_003324_.tmp.dll c:\windows\system32\_003325_.tmp.dll c:\windows\system32\_003326_.tmp.dll c:\windows\system32\_003327_.tmp.dll c:\windows\system32\_003328_.tmp.dll c:\windows\system32\_003329_.tmp.dll c:\windows\system32\_003330_.tmp.dll c:\windows\system32\_003333_.tmp.dll c:\windows\system32\_003334_.tmp.dll c:\windows\system32\_003335_.tmp.dll c:\windows\system32\_003336_.tmp.dll c:\windows\system32\_003337_.tmp.dll c:\windows\system32\_003338_.tmp.dll c:\windows\system32\_003339_.tmp.dll c:\windows\system32\_003341_.tmp.dll c:\windows\system32\_003342_.tmp.dll c:\windows\system32\_003343_.tmp.dll c:\windows\system32\_003344_.tmp.dll c:\windows\system32\_003345_.tmp.dll c:\windows\system32\_003346_.tmp.dll c:\windows\system32\_003347_.tmp.dll c:\windows\system32\_003348_.tmp.dll c:\windows\system32\_003349_.tmp.dll c:\windows\system32\_003350_.tmp.dll c:\windows\system32\_003351_.tmp.dll c:\windows\system32\_003352_.tmp.dll c:\windows\system32\_003354_.tmp.dll c:\windows\system32\_003355_.tmp.dll c:\windows\system32\_003356_.tmp.dll c:\windows\system32\_003357_.tmp.dll c:\windows\system32\_003359_.tmp.dll c:\windows\system32\_003361_.tmp.dll c:\windows\system32\_003362_.tmp.dll c:\windows\system32\_003363_.tmp.dll c:\windows\system32\_003364_.tmp.dll c:\windows\system32\_003365_.tmp.dll c:\windows\system32\_003366_.tmp.dll c:\windows\system32\_003367_.tmp.dll c:\windows\system32\_003369_.tmp.dll c:\windows\system32\_003370_.tmp.dll c:\windows\system32\_003371_.tmp.dll c:\windows\system32\_003372_.tmp.dll c:\windows\system32\_003373_.tmp.dll c:\windows\system32\_003374_.tmp.dll c:\windows\system32\_003375_.tmp.dll c:\windows\system32\_003376_.tmp.dll c:\windows\system32\_003378_.tmp.dll c:\windows\system32\_003379_.tmp.dll c:\windows\system32\_003381_.tmp.dll c:\windows\system32\_003382_.tmp.dll c:\windows\system32\_003384_.tmp.dll c:\windows\system32\_003385_.tmp.dll c:\windows\system32\_003389_.tmp.dll c:\windows\system32\_003390_.tmp.dll c:\windows\system32\_003392_.tmp.dll c:\windows\system32\_003395_.tmp.dll c:\windows\system32\_003397_.tmp.dll c:\windows\system32\_003398_.tmp.dll c:\windows\system32\_003399_.tmp.dll c:\windows\system32\_003400_.tmp.dll c:\windows\system32\_003403_.tmp.dll c:\windows\system32\_003404_.tmp.dll c:\windows\system32\_003405_.tmp.dll c:\windows\system32\_003406_.tmp.dll c:\windows\system32\_003407_.tmp.dll c:\windows\system32\_003412_.tmp.dll c:\windows\system32\_003414_.tmp.dll c:\windows\system32\_003415_.tmp.dll c:\windows\system32\Config.ini . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_PACKET -------\Service_Packet ((((((((((((((((((((((((( Files Created from 2008-12-03 to 2009-01-03 ))))))))))))))))))))))))))))))) . 2009-01-02 15:09 . 2009-01-02 16:15 <DIR> d-------- c:\program files\Enigma Software Group 2009-01-02 11:13 . 2009-01-02 11:25 <DIR> d-------- c:\documents and settings\ati\DoctorWeb 2009-01-02 10:17 . 2009-01-02 10:17 250 --a------ c:\windows\gmer.ini 2009-01-02 09:35 . 2009-01-02 09:35 <DIR> d-------- c:\program files\ERUNT 2009-01-02 09:02 . 2004-06-11 15:33 290,304 --a------ c:\windows\system32\subinacl.exe 2009-01-01 23:01 . 2009-01-03 09:43 8,677 --a------ c:\windows\system32\Config.MPF 2009-01-01 22:59 . 2009-01-01 22:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\SiteAdvisor 2009-01-01 22:56 . 2008-06-02 14:55 120,136 --a------ c:\windows\system32\drivers\Mpfp.sys 2009-01-01 22:56 . 2008-06-27 06:08 79,240 --a------ c:\windows\system32\drivers\mfeavfk.sys 2009-01-01 22:56 . 2008-06-27 06:08 40,488 --a------ c:\windows\system32\drivers\mfesmfk.sys 2009-01-01 22:56 . 2008-06-27 06:08 35,240 --a------ c:\windows\system32\drivers\mfebopk.sys 2009-01-01 22:55 . 2009-01-01 22:55 <DIR> d-------- c:\program files\McAfee.com 2009-01-01 22:55 . 2009-01-02 23:07 <DIR> d-------- c:\program files\McAfee 2009-01-01 22:55 . 2009-01-01 22:56 <DIR> d-------- c:\program files\Common Files\McAfee 2009-01-01 22:52 . 2008-06-20 05:41 34,152 --a------ c:\windows\system32\drivers\mferkdk.sys 2009-01-01 22:47 . 2009-01-01 23:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\McAfee 2009-01-01 22:19 . 2009-01-01 22:19 <DIR> d-------- C:\VundoFix Backups 2009-01-01 13:25 . 2009-01-01 14:25 <DIR> d-------- c:\documents and settings\All Users\Application Data\Google Updater 2008-12-31 12:32 . 2008-12-31 12:32 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2008-12-31 12:32 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2008-12-31 12:32 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-12-30 12:20 . 2008-12-30 12:20 <DIR> d-------- c:\windows\system32\IOSUBSYS 2008-12-18 15:28 . 2008-12-18 15:28 754 --a------ c:\windows\WORDPAD.INI 2008-12-17 18:33 . 2008-12-17 18:33 0 --ah----- c:\windows\SwSys2.bmp 2008-12-17 18:33 . 2008-12-17 18:33 0 --ah----- c:\windows\SwSys1.bmp 2008-12-17 01:20 . 2008-12-17 01:20 <DIR> d-------- c:\program files\Common Files\xing shared 2008-12-16 10:26 . 2008-12-16 10:26 <DIR> d-------- c:\program files\RealVNC 2008-12-15 01:11 . 2008-12-15 01:11 <DIR> d-------- c:\program files\VoIP Integration Tools 2008-12-14 21:38 . 2008-12-14 21:38 <DIR> d-------- c:\program files\Windows Defender 2008-12-08 19:37 . 2008-12-08 19:37 <DIR> d-------- c:\program files\Windows Installer Clean Up 2008-12-08 17:36 . 2009-01-01 18:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft 2008-12-07 11:05 . 2008-12-07 12:34 <DIR> d-------- C:\AVG 2008-12-06 23:11 . 2008-12-06 23:11 <DIR> d-------- c:\documents and settings\ati\Application Data\Malwarebytes 2008-12-06 23:11 . 2008-12-06 23:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2008-12-06 21:45 . 2008-12-06 21:45 <DIR> d-------- c:\documents and settings\ati\Application Data\InfraRecorder 2008-12-06 21:44 . 2008-12-06 21:44 <DIR> d-------- c:\program files\InfraRecorder 2008-12-06 10:46 . 2008-12-31 18:11 <DIR> d-------- c:\program files\Windows Live Safety Center . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-03 09:39 --------- d-----w c:\documents and settings\LocalService\Application Data\VMware 2009-01-03 09:39 --------- d-----w c:\documents and settings\All Users\Application Data\VMware 2009-01-01 22:45 --------- d-----w c:\program files\Common Files\Symantec Shared 2009-01-01 22:15 --------- d-----w c:\program files\SUPERAntiSpyware 2009-01-01 22:15 --------- d-----w c:\program files\Common Files\Wise Installation Wizard 2009-01-01 22:15 --------- d-----w c:\documents and settings\ati\Application Data\SUPERAntiSpyware.com 2009-01-01 18:42 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2009-01-01 13:25 --------- d-----w c:\program files\Google 2008-12-31 16:56 --------- d-----w c:\program files\MSECache 2008-12-31 09:20 --------- d-----w c:\documents and settings\ati\Application Data\VMware 2008-12-17 12:19 --------- d-----w c:\documents and settings\LocalService\Application Data\SACore 2008-12-17 01:20 --------- d-----w c:\program files\Common Files\Real 2008-12-16 23:44 5,642 --sha-w c:\windows\system32\KGyGaAvL.sys 2008-12-13 06:40 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll 2008-12-10 09:30 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help 2008-11-27 08:20 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2008-11-27 07:02 --------- d-----w c:\program files\Spybot - Search & Destroy 2008-11-23 21:46 --------- d-----w c:\program files\Network Associates 2008-11-22 11:25 --------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2008-11-17 20:04 2,306,113 ----a-w c:\windows\system32\GPhotos.scr 2008-11-16 20:33 --------- d-----w c:\program files\wfavvid 2008-11-13 15:22 --------- d-----w c:\documents and settings\ati\Application Data\Corel 2008-11-13 14:20 --------- d-----w c:\program files\Alcohol Soft 2008-11-13 14:13 639,224 ----a-w c:\windows\system32\drivers\sptd.sys 2008-11-12 10:13 --------- d-----w c:\documents and settings\ati\Application Data\OpenOffice.org2 2008-11-07 16:45 2,174,976 ----a-w c:\windows\system32\dllcache\WMVCore.dll 2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys 2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll 2008-10-23 12:36 286,720 ------w c:\windows\system32\dllcache\gdi32.dll 2008-10-16 14:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 14:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll 2008-10-16 14:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 14:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll 2008-10-16 14:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 14:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll 2008-10-16 14:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 14:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll 2008-10-16 14:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll 2008-10-16 14:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 14:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 14:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe 2008-10-16 14:09 43,544 ----a-w c:\windows\system32\wups2.dll 2008-10-16 14:08 34,328 ----a-w c:\windows\system32\wups.dll 2008-10-16 14:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll 2008-10-16 14:06 268,648 ----a-w c:\windows\system32\mucltui.dll 2008-10-16 14:06 208,744 ----a-w c:\windows\system32\muweb.dll 2008-10-16 13:11 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe 2008-10-16 13:11 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe 2008-10-15 16:34 337,408 ------w c:\windows\system32\dllcache\netapi32.dll 2008-10-15 07:06 633,632 ------w c:\windows\system32\dllcache\iexplore.exe 2008-10-15 07:04 161,792 ------w c:\windows\system32\dllcache\ieakui.dll 2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll 2008-10-03 10:02 247,326 ----a-w c:\windows\system32\dllcache\strmdll.dll 2008-04-12 22:06 290 -c--a-w c:\documents and settings\ati\Application Data\wklnhst.dat . ((((((((((((((((((((((((((((( snapshot@2009-01-03_ 0.11.48.37 ))))))))))))))))))))))))))))))))))))))))) . + 2005-10-20 12:02:28 163,328 ----a-w c:\windows\ERDNT\AutoBackup\2009-01-03\ERDNT.EXE + 2009-01-03 00:08:59 12,435,456 ----a-w c:\windows\ERDNT\AutoBackup\2009-01-03\Users\00000001\NTUSER.DAT + 2009-01-03 00:09:00 364,544 ----a-w c:\windows\ERDNT\AutoBackup\2009-01-03\Users\00000002\UsrClass.dat - 2009-01-02 23:04:37 32,768 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat + 2009-01-03 09:31:16 32,768 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat - 2009-01-02 23:04:37 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2009-01-03 09:31:16 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat - 2009-01-02 23:04:37 49,152 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2009-01-03 09:31:16 49,152 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2009-01-03 09:38:55 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_740.dat + 2009-01-03 09:38:23 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_784.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "Google Update"="c:\documents and settings\ati\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-10-03 133104] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-10-31 1392640] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-12-17 185896] "Claritel-i750"="c:\program files\Clarisys\Claritel-i750\Ipnappgw.exe" [2003-09-25 471040] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2008-07-11 641208] "SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 c:\windows\stsystra.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160] c:\documents and settings\ati\Start Menu\Programs\Startup\ ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912] OneNote Table Of Contents.onetoc2 [2008-07-29 3656] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.PIM1"= pclepim1.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mfehidk] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mfehidk.sys] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mferkdk] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mferkdk.sys] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mfetdik] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mfetdik.sys] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP] @="" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Cisco Systems\\ASDM\\asdm-launcher.exe"= "c:\\Program Files\\Belkin\\All-in-One Print Server\\MFPAgent.exe"= "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"= "c:\\Program Files\\Dynamips\\dynamips.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\Cisco Systems\\Cisco IP Communicator\\communicatork9.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\IP blue\\VTGO\\bin\\VTGOhttpServer.exe"= "c:\\Program Files\\IP blue\\VTGO\\Media\\BlueMedia.exe"= "c:\\Program Files\\Cisco Systems\\Cisco IP Communicator\\AudioTuningWizard.exe"= "c:\\Documents and Settings\\ati\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"= "c:\\Documents and Settings\\ati\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"= "c:\\Program Files\\NetMeeting\\conf.exe"= "c:\\Program Files\\RealVNC\\VNC4\\vncviewer.exe"= "c:\\Program Files\\3Com\\3CDaemon\\3CDaemon.EXE"= "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009 R2 CdpPacket;Cisco Discovery Protocol Packet Driver;c:\windows\system32\DRIVERS\CdpPacket.sys [2008-01-24 35692] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\McAfee\SiteAdvisor\McSACore.exe" [2009-01-01 206096] R2 WinDefend;Windows Defender;"c:\program files\Windows Defender\MsMpEng.exe" [2006-11-03 13592] R3 WUSBVBus;MFP Server Detector;c:\windows\system32\DRIVERS\mfpvbus.sys [2007-06-24 9472] S2 0085111230937697mcinstcleanup;McAfee Application Installer Cleanup (0085111230937697);c:\windows\TEMP\008511~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [] S2 ALIWEHCD;Belkin All-In-One Print Server Enhanced Controller;c:\windows\system32\Drivers\mfpec.sys [2007-06-24 53152] S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064] S3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\DRIVERS\tap0801.sys [2006-10-01 26624] . Contents of the 'Scheduled Tasks' folder 2009-01-02 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 14:42] 2009-01-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2751221988-1012368364-2767497333-1006.job - c:\documents and settings\ati\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-10-03 09:39] 2009-01-01 c:\windows\Tasks\McDefragTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2008-07-09 18:10] 2009-01-01 c:\windows\Tasks\McQcTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2008-07-09 18:10] 2009-01-03 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20] 2008-12-28 c:\windows\Tasks\Uniblue SpeedUpMyPC Nag.job - c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [] 2007-07-27 c:\windows\Tasks\Uniblue SpeedUpMyPC.job - c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [] . - - - - ORPHANS REMOVED - - - - BHO-{1787b124-49fa-442f-84cf-e66ec75db118} - (no file) . ------- Supplementary Scan ------- . uStart Page = www.google.co.uk/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = hxxp://www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=5070509 uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Dial with VT&GO - file:///c:\program files\IP blue\VTGO\Scripts\dialer.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\ati\Application Data\Mozilla\Firefox\Profiles\48ll4z22.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/ FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll FF - plugin: c:\documents and settings\ati\Application Data\Mozilla\plugins\npgoogletalk.dll FF - plugin: c:\documents and settings\ati\Local Settings\Application Data\Google\Update\1.2.133.33\npGoogleOneClick7.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1439.6872\npCIDetect13.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa2.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll FF - plugin: c:\program files\Yahoo!\Shared\npYState.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-03 09:49:51 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2009-01-03 9:51:49 ComboFix-quarantined-files.txt 2009-01-03 09:50:47 Pre-Run: 12,429,676,544 bytes free Post-Run: 12,406,583,296 bytes free 438 --- E O F --- 2009-01-03 00:13:52
  12. cucm
    Hi there I followed the instructions but the PC showed me Blue Screen while Combi was dumping the log. I am copying both files as requested.. Your help is much appreciated 1) Add-Remove Programs.txt--------------> ********************************************************************** 2007 Microsoft Office Suite Service Pack 1 (SP1) 3CDaemon Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) Adobe Flash Player ActiveX Adobe Flash Player Plugin Adobe Reader 8.1.2 Adobe Reader 8.1.2 Security Update 1 (KB403742) Adobe Shockwave Player 11 Apple Mobile Device Support Apple Software Update AutoUpdate Belkin All-in-One Print Server Boson Utilities\Calc Boson Utilities\SubnetCalc Broadcom Management Programs ChmDecompiler v 3.40 Build 535 Cisco ASDM Launcher Cisco CallManager Serviceability Real-Time Monitoring Tool Cisco CRS Editor Cisco IP Communicator Cisco Systems VPN Client 5.0.01.0600 Cisco Unified Communications Manager Attendant Console Collaboration Data Objects 1.2.1 Conexant HDA D110 MDC V.92 Modem Corel Paint Shop Pro Photo XI Corel Snapfire Plus Creative Photo Manager Creative WebCam Center Creative WebCam Instant Driver (1.03.02.0425) Creative WebCam Instant User's Guide (English) Dell Driver Reset Tool Dell Network Assistant Dell Support 3.2.1 Dell System Restore Dell Wireless WLAN Card Desktop Publisher Digital Line Detect DivX Codec DivX Content Uploader DivX Converter DivX Player DivX Web Player DIY DataRecovery iRecover 3 Dynagen 0.11.0 EPSON Printer Software ERUNT 1.1j Ethereal 0.99.0 Express Burn Express Rip FileOpen Plug-in for Adobe Acrobat
  13. cucm
    Hi All, It seems my PC is infected with this Virus. Spy-bot, McAfee does not detect it but everytime I run Malware Bytes it detects it. If removes it but bang it comes back again. I tried deleting the entry manually without any luck I have attached the log . Any help will be greatly appreciated Malwarebytes' Anti-Malware 1.31 Database version: 1594 Windows 5.1.2600 Service Pack 3 02/01/2009 09:31:22 mbam-log-2009-01-02 (09-31-22).txt Scan type: Full Scan (C:\|) Objects scanned: 37286 Time elapsed: 16 minute(s), 44 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.BHO) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.