Jump to content

poiuyt2

Members
 View Profile  See their activity

  • Posts

    7

  • Joined

  • Last visited

Reputation

0 Neutral
  1. poiuyt2
    I believe my problem has been solved by your latest suggestion. My search engine results are normal again. I am not aware of any problems on the machine related to malware. Thank you very much for your help. Here is the combofix log and, below it, the HijackThis log: ComboFix 09-01-21.02 - erik 2009-01-22 9:11:25.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1342 [GMT -5:00] Running from: c:\documents and settings\Erik.FDSI-PRIVATE\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\123.txt c:\program files\alexa toolbar c:\windows\Downloaded Program Files\Temp c:\windows\Downloaded Program Files\Temp\pmupd806.xml c:\windows\system32\drivers\fad.sys c:\windows\system32\drivers\npf.sys c:\windows\system32\packet.dll c:\windows\system32\pthreadVC.dll c:\windows\system32\wanpacket.dll c:\windows\system32\wdmaud.sys c:\windows\system32\wpcap.dll E:\Autorun.inf . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_NPF -------\Service_NPF ((((((((((((((((((((((((( Files Created from 2008-12-22 to 2009-01-22 ))))))))))))))))))))))))))))))) . 2009-01-21 14:54 . 2009-01-21 14:54 80,067 --a------ C:\sshot.GIF 2009-01-21 14:38 . 2009-01-14 15:09 410,112 --a------ C:\COMSConsumerIntake_A.rpt 2009-01-20 11:24 . 2009-01-20 11:24 <DIR> d-------- c:\program files\Trend Micro 2009-01-20 10:56 . 2009-01-20 10:56 21,580 --a------ C:\polaris.log.2009-01-16 2009-01-19 13:12 . 2009-01-19 13:12 <DIR> d-------- c:\documents and settings\Erik.FDSI-PRIVATE\Application Data\Malwarebytes 2009-01-19 13:11 . 2009-01-19 13:12 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-01-19 13:11 . 2009-01-19 13:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-01-19 13:11 . 2009-01-14 16:11 38,496 --a------ c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys 2009-01-19 13:11 . 2009-01-14 16:11 15,504 --a------ c:\windows\SYSTEM32\DRIVERS\mbam.sys 2009-01-16 15:51 . 2009-01-16 15:53 <DIR> d-------- c:\program files\Spybot - Search & Destroy 2009-01-16 15:51 . 2009-01-19 13:16 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-01-16 11:59 . 2009-01-16 12:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\SITEguard 2009-01-16 11:58 . 2009-01-16 11:58 <DIR> d-------- c:\program files\Common Files\iS3 2009-01-16 11:58 . 2009-01-16 12:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\STOPzilla! 2009-01-16 11:52 . 2009-01-16 11:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\NortonInstaller 2009-01-16 11:52 . 2009-01-16 11:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\Norton 2009-01-16 11:17 . 2009-01-16 11:49 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP 2009-01-16 09:39 . 2009-01-16 09:39 <DIR> d-------- c:\program files\ParetoLogic 2009-01-16 09:39 . 2009-01-16 09:39 <DIR> d-------- c:\program files\Common Files\ParetoLogic 2009-01-16 09:39 . 2009-01-16 09:39 <DIR> d-------- c:\documents and settings\All Users\Application Data\ParetoLogic 2009-01-16 09:38 . 2009-01-16 09:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\Cached Installations 2009-01-15 14:39 . 2009-01-15 14:39 <DIR> d-------- c:\program files\Alwil Software 2009-01-13 13:26 . 2009-01-13 10:44 3,509 --a------ C:\ServiceTokenRetriever.class 2009-01-09 08:58 . 2009-01-08 16:26 9,047 --a------ C:\edit_consumer.jsp 2009-01-08 12:50 . 2009-01-08 12:51 <DIR> d-------- C:\darssa2 2009-01-07 11:23 . 2009-01-07 11:23 <DIR> d-------- c:\program files\Polaris Auto-Print 2009-01-06 10:17 . 2009-01-06 10:17 39,424 --a------ C:\Configuring a Kiosk Member Computer.doc 2008-12-31 10:16 . 2009-01-06 10:45 <DIR> d-------- C:\dutch_mh . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-21 19:25 --------- d-----w c:\documents and settings\Erik.FDSI-PRIVATE\Application Data\AdobeUM 2009-01-20 18:17 --------- d-----w c:\program files\Symantec_Client_Security 2009-01-20 18:15 --------- d-----w c:\program files\Symantec 2009-01-20 18:14 --------- d-----w c:\program files\Common Files\Symantec Shared 2009-01-15 22:20 --------- d-----w c:\program files\KeyStore Explorer 2.3_2 2009-01-15 18:48 102,664 ----a-w c:\windows\system32\drivers\tmcomm.sys 2009-01-15 14:33 --------- d-----w c:\program files\ClamWin 2008-12-11 11:57 333,184 ----a-w c:\windows\system32\drivers\srv.sys 2008-11-20 14:29 4,523 ----a-w C:\friendshiphouse_youth.zip 2008-11-18 13:49 7,205,511 ----a-w C:\pics.zip 2008-01-04 18:09 56,912 -c--a-w c:\documents and settings\Erik.FDSI-PRIVATE\g2mdlhlpx.exe 2006-08-03 13:08 483,401 -c--a-w c:\documents and settings\Erik.FDSI-PRIVATE\gotomypc_314.exe 2006-05-01 16:09 462,919 -c--a-w c:\documents and settings\Erik.FDSI-PRIVATE\276_gotomypc.exe 2006-03-14 15:42 563,712 -c--a-w c:\documents and settings\Erik.FDSI-PRIVATE\370_gotomypc.exe 2006-01-09 20:03 3,167,744 -c--a-w c:\documents and settings\Erik.FDSI-PRIVATE\gosetup.exe 2005-11-18 18:20 0 -c--a-w c:\program files\larson.csv 2005-09-30 13:59 483,401 -c--a-w c:\documents and settings\Erik.FDSI-PRIVATE\314_gotomypc.exe 2005-08-29 20:29 483,401 -c--a-w c:\documents and settings\Erik.FDSI-PRIVATE\gotomypc.exe 2004-12-01 19:27 5,212,168 -c--a-w c:\documents and settings\Erik.FDSI-PRIVATE\web_1129.zip 2004-11-24 15:18 2,629,178 -c--a-w c:\documents and settings\Erik.FDSI-PRIVATE\new_www.zip 2004-11-23 16:14 318,793 -c--a-w c:\documents and settings\Erik.FDSI-PRIVATE\doug.zip 2004-11-17 20:30 1,352,976 -c--a-w c:\documents and settings\Erik.FDSI-PRIVATE\new_life_upgrade.zip 2004-09-30 15:52 19,445 -c--a-w c:\documents and settings\Erik.FDSI-PRIVATE\WS.ZIP 2004-09-28 19:07 2,074,662 -c--a-w c:\documents and settings\Erik.FDSI-PRIVATE\autoexport.zip 2004-08-31 19:27 29,550,025 -c--a-w c:\documents and settings\Erik.FDSI-PRIVATE\MH_SETUPEX.EXE . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\System32\igfxtray.exe" [2003-04-07 155648] "HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-04-07 114688] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741] "StorageGuard"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 155648] "PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2003-08-26 204800] "RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2004-03-24 26112] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696] "HPDJ Taskbar Utility"="c:\windows\System32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-12-11 196608] "PDFCreatorClient"="c:\program files\JawsSystems\Jaws PDF Creator\PDFClient.exe" [2003-12-09 315392] "ClamWin"="c:\program files\ClamWin\bin\ClamTray.exe" [2008-11-09 86016] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 83608] "basicsmssmenu"="c:\program files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [2007-10-09 169328] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360] WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2004-05-11 118784] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= "c:\program files\Qualcomm\Eudora\EuShlExt.dll" [2006-08-17 86016] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify] 2003-10-31 11:01 8704 c:\windows\SYSTEM32\PCANotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"= wdmaud.sys [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\SYSTEM32\\ftp.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= R3 VADriver;VADriver;c:\windows\SYSTEM32\DRIVERS\VADriver.sys [2004-06-08 3712] R4 autoprint;Polaris Auto Print;c:\program files\Polaris Auto-Print\bin\wrapper.exe [2009-01-07 135168] R4 pgsql-8.1;PostgreSQL Database Server 8.1;c:\program files\PostgreSQL\8.1\bin\pg_ctl.exe [2005-11-05 68289] R4 Polaris CVS Manager;Polaris CVS Manager;c:\program files\CVS Manager\MyService.exe [2005-06-01 57344] R4 Tomcat5;Apache Tomcat;c:\program files\Apache Software Foundation\Tomcat-5\bin\tomcat5.exe [2004-08-28 94208] R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-11 24652] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{90c3b98a-8b21-11d9-90a1-00038a000015}] \Shell\AutoRun\command - SetupWizard.exe . Contents of the 'Scheduled Tasks' folder 2009-01-22 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57] 2009-01-22 c:\windows\Tasks\backup_in.job - c:\program files\Qualcomm\Eudora\backup_in.bat [2004-09-22 15:44] 2009-01-16 c:\windows\Tasks\Disk Cleanup.job - c:\windows\SYSTEM32\CLEANMGR.EXE [2004-08-04 02:56] 2009-01-22 c:\windows\Tasks\download_websecure_BU.job - c:\shared\websecure\backup_FTP\download.bat [2007-09-27 12:36] 2009-01-22 c:\windows\Tasks\get_kpsatss_and_phdsec.job - c:\shared\encrypted_kpsatss_bu\get_kpsatss_and_phdsec.bat [2007-07-27 12:19] 2009-01-21 c:\windows\Tasks\ParetoLogic Registration.job - c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2008-02-22 12:25] 2009-01-22 c:\windows\Tasks\ParetoLogic Update Version2.job - c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2008-02-22 12:25] 2009-01-22 c:\windows\Tasks\Symantec NetDetect.job - c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2002-08-07 09:04] . - - - - ORPHANS REMOVED - - - - Toolbar-SITEguard - (no file) HKLM-Run-URLLSTCK.exe - c:\program files\Norton Internet Security\UrlLstCk.exe . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/ uSearchURL,(Default) = hxxp://www.google.com/keyword/%s Trusted Zone: polaris Trusted Zone: polarishealth.com\assessment Trusted Zone: sf12b DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab FF - ProfilePath - c:\documents and settings\Erik.FDSI-PRIVATE\Application Data\Mozilla\Firefox\Profiles\25ayg1v9.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://*.polaris O15 - Trusted Zone: http://*.sf12b O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe O16 - DPF: {CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_07) - O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = fdsi-private.fielddiagnostics.com O17 - HKLM\Software\..\Telephony: DomainName = fdsi-private.fielddiagnostics.com O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = fdsi-private.fielddiagnostics.com O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = fdsi-private.fielddiagnostics.com O17 - HKLM\System\CS4\Services\Tcpip\Parameters: Domain = fdsi-private.fielddiagnostics.com O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe O23 - Service: Polaris Auto Print (autoprint) - Unknown owner - c:\Program Files\Polaris Auto-Print\bin\wrapper.exe O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing) O23 - Service: PDFCreatorMessages - Global Graphics Software Ltd - C:\WINDOWS\SYSTEM32\PDFCreatorMessages.exe O23 - Service: PostgreSQL Database Server 8.1 (pgsql-8.1) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.1\bin\pg_ctl.exe O23 - Service: Polaris CVS Manager - Alexandria Software Consulting + Multiplan Consultants - C:\Program Files\CVS Manager\MyService.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Apache Tomcat (Tomcat5) - Apache Software Foundation - C:\Program Files\Apache Software Foundation\Tomcat-5\bin\tomcat5.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe -- End of file - 8285 bytes
  2. poiuyt2
    Here are the Avenger results. I had one false start you'll see in the logs when there was a prompt/warning I hadn't expected from your instructions. I hit cancel then did it again, dismissing the warning. ////////////////////////////////////////// Avenger Pre-Processor log ////////////////////////////////////////// Platform: Windows XP (build 2600, Service Pack 2) Wed Jan 21 16:40:08 2009 16:40:06: Warning: Skipping potentially dangerous line: "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tdssserv" (Registry key deletion mode) 16:40:08: Error: Execution aborted by user! ////////////////////////////////////////// Logfile of The Avenger Version 2.0, © by Swandog46 http://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! Error: file "C:\WINDOWS\system32\drivers\TDSSmqlt.sys" not found! Deletion of file "C:\WINDOWS\system32\drivers\TDSSmqlt.sys" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\windows\system32\drivers\tdssserv.sys" not found! Deletion of file "C:\windows\system32\drivers\tdssserv.sys" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS\system32\drivers\TDSSmact.sys" not found! Deletion of file "C:\WINDOWS\system32\drivers\TDSSmact.sys" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS\system32\drivers\TDSSrvdc.sys" not found! Deletion of file "C:\WINDOWS\system32\drivers\TDSSrvdc.sys" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS\system32\TDSSwpyd.dat" not found! Deletion of file "C:\WINDOWS\system32\TDSSwpyd.dat" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS\system32\TDSStkdv.log" not found! Deletion of file "C:\WINDOWS\system32\TDSStkdv.log" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS\system32\TDSSotxb.dll" not found! Deletion of file "C:\WINDOWS\system32\TDSSotxb.dll" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS\system32\TDSScrrn.dll" not found! Deletion of file "C:\WINDOWS\system32\TDSScrrn.dll" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS\system32\TDSSbvqh.dll" not found! Deletion of file "C:\WINDOWS\system32\TDSSbvqh.dll" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS\system32\TDSSjnmx.dll" not found! Deletion of file "C:\WINDOWS\system32\TDSSjnmx.dll" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "c:\windows\system32\TDSShrxr.dll" not found! Deletion of file "c:\windows\system32\TDSShrxr.dll" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "c:\windows\system32\TDSSkkbi.log" not found! Deletion of file "c:\windows\system32\TDSSkkbi.log" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "c:\windows\system32\TDSSlrvd.dat" not found! Deletion of file "c:\windows\system32\TDSSlrvd.dat" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "c:\windows\system32\TDSSlxwp.dll" not found! Deletion of file "c:\windows\system32\TDSSlxwp.dll" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "c:\windows\system32\TDSSnmxh.log" not found! Deletion of file "c:\windows\system32\TDSSnmxh.log" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "c:\windows\system32\TDSSoiqt.dll" not found! Deletion of file "c:\windows\system32\TDSSoiqt.dll" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "c:\windows\system32\TDSSrhyp.log" not found! Deletion of file "c:\windows\system32\TDSSrhyp.log" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "c:\windows\system32\TDSSrtqp.dll" not found! Deletion of file "c:\windows\system32\TDSSrtqp.dll" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "c:\windows\system32\TDSSsihc.dll" not found! Deletion of file "c:\windows\system32\TDSSsihc.dll" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "c:\windows\system32\TDSSxfum.dll" not found! Deletion of file "c:\windows\system32\TDSSxfum.dll" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS\SYSTEM32\qoMfefde.dll" not found! Deletion of file "C:\WINDOWS\SYSTEM32\qoMfefde.dll" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\tdssserv" not found! Deletion of driver "tdssserv" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TDSSserv.sys" not found! Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TDSSserv.sys" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TDSSserv.sys" not found! Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TDSSserv.sys" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\tdssserv" not found! Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\tdssserv" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tdssserv" not found! Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tdssserv" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\tdssserv.sys" not found! Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\tdssserv.sys" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\tdssserv.sys" not found! Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\tdssserv.sys" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tdssserv" not found! Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tdssserv" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TDSSSERV" not found! Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TDSSSERV" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TDSSSERV" not found! Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TDSSSERV" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata" not found! Deletion of registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "HKEY_LOCAL_MACHINE\SOFTWARE\tdss" not found! Deletion of registry key "HKEY_LOCAL_MACHINE\SOFTWARE\tdss" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Completed script processing. ******************* Finished! Terminate.
  3. poiuyt2
    I still have a problem with search engine results. If I clear my cache/history/temporary files and go to Google and do a search for "dogs", for example, I have attached the results of the screen shot. In the screen shot example, the second result is "Dogs & Puppies -- Next Day Pets" but the green text under the result indicates a different site. Clicking on the link directs to the spam site in green text. This happens in both IE and Netscape and at search engines other than Google. Also, I don't have a C:\OtScanIT\ directory. I have C:\_OTScanIt and C:\Program Files\Mozilla Firefox\OTScanIt2 directories. Just wanted to make sure I understood what you were suggesting I delete. Thanks.
  4. poiuyt2
    Here is my new HijackThis log file: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:33:11 AM, on 1/21/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\Program Files\Polaris Auto-Print\bin\wrapper.exe C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe C:\WINDOWS\SYSTEM32\PDFCreatorMessages.exe C:\WINDOWS\system32\java.exe C:\Program Files\CVS Manager\MyService.exe C:\Program Files\Apache Software Foundation\Tomcat-5\bin\tomcat5.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\hkcmd.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\JawsSystems\Jaws PDF Creator\PDFClient.exe C:\Program Files\ClamWin\bin\ClamTray.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\winpt-0.7.96-exe\WinPT.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://*.polaris O15 - Trusted Zone: http://*.sf12b O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe O16 - DPF: {CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_07) - O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = fdsi-private.fielddiagnostics.com O17 - HKLM\Software\..\Telephony: DomainName = fdsi-private.fielddiagnostics.com O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = fdsi-private.fielddiagnostics.com O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = fdsi-private.fielddiagnostics.com O17 - HKLM\System\CS4\Services\Tcpip\Parameters: Domain = fdsi-private.fielddiagnostics.com O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe O23 - Service: Polaris Auto Print (autoprint) - Unknown owner - c:\Program Files\Polaris Auto-Print\bin\wrapper.exe O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing) O23 - Service: PDFCreatorMessages - Global Graphics Software Ltd - C:\WINDOWS\SYSTEM32\PDFCreatorMessages.exe O23 - Service: PostgreSQL Database Server 8.1 (pgsql-8.1) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.1\bin\pg_ctl.exe O23 - Service: Polaris CVS Manager - Alexandria Software Consulting + Multiplan Consultants - C:\Program Files\CVS Manager\MyService.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Apache Tomcat (Tomcat5) - Apache Software Foundation - C:\Program Files\Apache Software Foundation\Tomcat-5\bin\tomcat5.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe -- End of file - 8810 bytes
  5. poiuyt2
    Here is the log produced by running the fix: Process Explorer.EXE killed successfully! [Registry - Safe List] Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Sonic RecordNow! deleted successfully. Starting removal of ActiveX control {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}\Contains\Files\ not found. not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}\ deleted successfully. [Files/Folders - Created Within 30 Days] C:\WINDOWS\System32\9B13A86D.plf moved successfully. [Files/Folders - Modified Within 30 Days] [Alternate Data Streams] ADS C:\Documents and Settings\Erik.FDSI-PRIVATE\Desktop\Thumbs.db:encryptable deleted successfully. [Purity] Purity scan complete. [Empty Temp Folders] File delete failed. C:\Documents and Settings\Erik.FDSI-PRIVATE\Local Settings\Temp\ClamWin1.log scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Erik.FDSI-PRIVATE\Local Settings\Temp\Perflib_Perfdata_f98.dat scheduled to be deleted on reboot. User's Temp folder emptied. User's Temporary Internet Files folder emptied. User's Internet Explorer cache folder emptied. Local Service Temp folder emptied. File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT scheduled to be deleted on reboot. Local Service Temporary Internet Files folder emptied. File delete failed. C:\WINDOWS\temp\hsperfdata_SYSTEM\1860 scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\hsperfdata_SYSTEM\292 scheduled to be deleted on reboot. Windows Temp folder emptied. Java cache emptied. File delete failed. C:\Documents and Settings\Erik.FDSI-PRIVATE\Local Settings\Application Data\Mozilla\Firefox\Profiles\25ayg1v9.default\Cache\_CACHE_001_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Erik.FDSI-PRIVATE\Local Settings\Application Data\Mozilla\Firefox\Profiles\25ayg1v9.default\Cache\_CACHE_002_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Erik.FDSI-PRIVATE\Local Settings\Application Data\Mozilla\Firefox\Profiles\25ayg1v9.default\Cache\_CACHE_003_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Erik.FDSI-PRIVATE\Local Settings\Application Data\Mozilla\Firefox\Profiles\25ayg1v9.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Erik.FDSI-PRIVATE\Local Settings\Application Data\Mozilla\Firefox\Profiles\25ayg1v9.default\XUL.mfl scheduled to be deleted on reboot. FireFox cache emptied. RecycleBin -> emptied. Explorer started successfully < End of fix log > OTScanIt2 by OldTimer - Version 1.0.6.2 fix logfile created on 01212009_090358 Files moved on Reboot... C:\Documents and Settings\Erik.FDSI-PRIVATE\Local Settings\Temp\ClamWin1.log moved successfully. File C:\Documents and Settings\Erik.FDSI-PRIVATE\Local Settings\Temp\Perflib_Perfdata_f98.dat not found! File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT scheduled to be moved on reboot. File C:\WINDOWS\temp\hsperfdata_SYSTEM\1860 not found! File C:\WINDOWS\temp\hsperfdata_SYSTEM\292 not found! C:\Documents and Settings\Erik.FDSI-PRIVATE\Local Settings\Application Data\Mozilla\Firefox\Profiles\25ayg1v9.default\Cache\_CACHE_001_ moved successfully. C:\Documents and Settings\Erik.FDSI-PRIVATE\Local Settings\Application Data\Mozilla\Firefox\Profiles\25ayg1v9.default\Cache\_CACHE_002_ moved successfully. C:\Documents and Settings\Erik.FDSI-PRIVATE\Local Settings\Application Data\Mozilla\Firefox\Profiles\25ayg1v9.default\Cache\_CACHE_003_ moved successfully. C:\Documents and Settings\Erik.FDSI-PRIVATE\Local Settings\Application Data\Mozilla\Firefox\Profiles\25ayg1v9.default\Cache\_CACHE_MAP_ moved successfully. C:\Documents and Settings\Erik.FDSI-PRIVATE\Local Settings\Application Data\Mozilla\Firefox\Profiles\25ayg1v9.default\XUL.mfl moved successfully. Registry entries deleted on Reboot...
  6. poiuyt2
    Thank you. I have attached the scan results from OTScanit2. OTScanIt.Txt OTScanIt.Txt
  7. poiuyt2
    I appear to be infected with malware that alters search engine results. For major search engines, searches reveal results, but clicking on the links direct to spam sites. When I open Malwarebytes and run a QUICK SCAN with ALWAYS SCAN MEMORY OBJECTS unchecked under settings, the scan runs for a few seconds (always less than ten in about eight attempts) and Malwarebytes freezes. This freeze occurs on different files in the WINDOWS/SYSTEM32 directory. After Malwarebytes freezes, I open TASK MANAGER to kill the application and two instances of Malwarebytes are running (and not responding). Similarly, if I select START then RUN and type in IEXPLORE.EXE I am unable to start Internet Explorer. Again, the program does not respond, I open Task Manager and Task Manager shows two non-responding instances of IE. Firefox runs fine. This is my Hijack This log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:25:22 AM, on 1/20/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\Program Files\Polaris Auto-Print\bin\wrapper.exe C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\system32\java.exe C:\WINDOWS\SYSTEM32\PDFCreatorMessages.exe C:\Program Files\CVS Manager\MyService.exe C:\Program Files\Apache Software Foundation\Tomcat-5\bin\tomcat5.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\hkcmd.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\JawsSystems\Jaws PDF Creator\PDFClient.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe C:\Program Files\ClamWin\bin\ClamTray.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\Qualcomm\Eudora\Eudora.exe C:\WINDOWS\SYSTEM32\notepad.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://*.polaris O15 - Trusted Zone: http://*.sf12b O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe O16 - DPF: {CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_07) - O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = fdsi-private.fielddiagnostics.com O17 - HKLM\Software\..\Telephony: DomainName = fdsi-private.fielddiagnostics.com O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = fdsi-private.fielddiagnostics.com O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = fdsi-private.fielddiagnostics.com O17 - HKLM\System\CS4\Services\Tcpip\Parameters: Domain = fdsi-private.fielddiagnostics.com O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe O23 - Service: Polaris Auto Print (autoprint) - Unknown owner - c:\Program Files\Polaris Auto-Print\bin\wrapper.exe O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing) O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe O23 - Service: PDFCreatorMessages - Global Graphics Software Ltd - C:\WINDOWS\SYSTEM32\PDFCreatorMessages.exe O23 - Service: PostgreSQL Database Server 8.1 (pgsql-8.1) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.1\bin\pg_ctl.exe O23 - Service: Polaris CVS Manager - Alexandria Software Consulting + Multiplan Consultants - C:\Program Files\CVS Manager\MyService.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Apache Tomcat (Tomcat5) - Apache Software Foundation - C:\Program Files\Apache Software Foundation\Tomcat-5\bin\tomcat5.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe -- End of file - 9621 bytes Thank you.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.