Jump to content

fsdoubleflip

Members
 View Profile  See their activity

  • Posts

    5

  • Joined

  • Last visited

Reputation

0 Neutral
  1. fsdoubleflip
    could you guys please help me out? I'm basically unable to use my PC right now because of this virus. I really need to get rid of it!
  2. fsdoubleflip
    I really need some help with this one guys. This virus causes me to go on random pages when I click on links in search results from google and such. Sometimes the pages are blank, with the words "welcome to miva.dll. please enjoy your stay. Initialization errors: 0", or it goes to a page called lawyerhub, with some sort of survey on it. I've tried everything to kill the virus. MBAM won't work, and I've tried all the different solutions from the topic that is often refferred to when someone has this problem. AV360, Totalsecurity, and systemsecurity do not show up in process explorer, and last time I tried to use rootrepeal to fix the problem the computer crashed and I got the BSOD. I don't know what to do anymore. Here's the hijackthis log. Hopefully it helps. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:07:03 PM, on 7/17/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Internet Explorer\Iexplore.exe C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\D-Tools\daemon.exe C:\Program Files\Java\jre6\bin\jusched.exe E:\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe E:\Widgets\YahooWidgets.exe E:\Widgets\YahooWidgets.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\Java\jre6\bin\jucheck.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/a/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O1 - Hosts: 195.245.119.131 browser-security.microsoft.com O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - (no file) O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Scour Toolbar - {A057A204-BACC-4D26-9A9E-3AF287E2699B} - C:\PROGRA~1\SCOURT~1\SCOURT~1.DLL O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Scour Toolbar - {A057A204-BACC-4D26-9A9E-3AF287E2699B} - C:\PROGRA~1\SCOURT~1\SCOURT~1.DLL O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll O4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [EPSON Stylus C88 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE /P23 "EPSON Stylus C88 Series" /O6 "USB001" /M "Stylus C88" O4 - HKLM\..\Run: [iPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [PhilipsDM] "C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [VirusScannerPro] C:\PROGRA~1\AVANQU~1\Fix-It\MemCheck.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "E:\iTunesHelper.exe" O4 - HKCU\..\Run: [steam] "c:\program files\valve\steam\steam.exe" -silent O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user') O4 - Startup: Yahoo! Widgets.lnk = E:\Widgets\YahooWidgets.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Fix-It Task Manager - Avanquest Software USA, Inc. - C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 10918 bytes
  3. fsdoubleflip
    rootrepeal keeps crashing on me.
  4. fsdoubleflip
    MBAM Registry Values Infected: 2 Registry Data Items Infected: 0 Folders Infected: 3 Files Infected: 26 Memory Processes Infected: C:\Program Files\Antispyware\Antispyware.exe (Rogue.Antispyware) -> Unloaded process successfully. Memory Modules Infected: C:\WINDOWS\SYSTEM32\jrpfdvbq.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\SYSTEM32\irdugo.dll (Trojan.Vundo) -> Delete on reboot. C:\Program Files\Antispyware\SpyCleaner.dll (Rogue.SpyCleaner) -> Delete on reboot. Registry Keys Infected: HKEY_CLASSES_ROOT\CLSID\{85e0b171-04fa-11d1-b7da-00a0c90348a7} (Adware.SmartShopper) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Weather Services (Adware.Hotbar) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Antispyware (Rogue.Antispyware) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cpls\wxfw.dll (Adware.Hotbar) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\Documents and Settings\All Users\Start Menu\Programs\Antispyware (Rogue.Antispyware) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Starware (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Starware\Manager (Adware.Starware) -> Quarantined and deleted successfully. Files Infected: C:\WINDOWS\SYSTEM32\jrpfdvbq.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\SYSTEM32\irdugo.dll (Trojan.Vundo) -> Delete on reboot. C:\Program Files\Antispyware\SpyCleaner.dll (Rogue.SpyCleaner) -> Delete on reboot. C:\Documents and Settings\Devin\Local Settings\Application Data\Mozilla\Firefox\Profiles\05jty80b.default\Cache\96490AAAd01 (Rogue.Installer) -> Quarantined and deleted successfully. C:\Documents and Settings\Devin\Local Settings\Temporary Internet Files\Content.IE5\JXRNFXHZ\index[1] (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Documents and Settings\Devin\Local Settings\Temporary Internet Files\Content.IE5\R96MMDRL\apstpldr.dll[1].htm (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Documents and Settings\Devin\Local Settings\Temporary Internet Files\Content.IE5\R96MMDRL\CATSU91R (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Documents and Settings\Devin\Local Settings\Temporary Internet Files\Content.IE5\R96MMDRL\upd105320[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\My Documents\Downloads\Sony DVD Architect Studio 4.5c build 91\keygen.exe (Backdoor.SDBot) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-18\Dc3744.exe (Adware.SmartShopper) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-2985862323-1253851296-254320386-1006\Dc2110.exe (Rogue.Installer) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-2985862323-1253851296-254320386-1006\Dc2111.exe (Rogue.Installer) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-2985862323-1253851296-254320386-1006\Dc2214.exe (Adware.Agent) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP394\A0185501.dll (Adware.SmartShopper) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP394\A0185502.exe (Adware.SmartShopper) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP427\A0190731.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\ggbyxxms.dll (Trojan.Vundo) -> Quarantined and deleted successfully. E:\setupxv.exe (Rogue.Installer) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Start Menu\Programs\Antispyware\Antispyware on the Web.lnk (Rogue.Antispyware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Start Menu\Programs\Antispyware\Antispyware.lnk (Rogue.Antispyware) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Starware\Manager\ManagerOptions.xml (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Starware\Manager\ManagerOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully. C:\Program Files\Antispyware\Antispyware.exe (Rogue.Antispyware) -> Delete on reboot. C:\WINDOWS\Tasks\Antispyware Scheduled Scan.job (Rogue.Antispyware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Desktop\Antispyware.lnk (Rogue.Antispyware) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\ijjistarter2.exe (Trojan.Agent) -> Quarantined and deleted successfully. HJT: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:29:22 PM, on 2/1/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe E:\iTunes\iTunesHelper.exe C:\Program Files\D-Tools\daemon.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\iPod\bin\iPodService.exe E:\Widgets\YahooWidgets.exe C:\WINDOWS\system32\ctfmon.exe E:\Widgets\YahooWidgets.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\Mozilla Firefox\firefox.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/a/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll O4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [EPSON Stylus C88 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE /P23 "EPSON Stylus C88 Series" /O6 "USB001" /M "Stylus C88" O4 - HKLM\..\Run: [iPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [PhilipsDM] "C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [VirusScannerPro] C:\PROGRA~1\AVANQU~1\Fix-It\MemCheck.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [iTunesHelper] "E:\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [steam] "c:\program files\valve\steam\steam.exe" -silent O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user') O4 - Startup: Yahoo! Widgets.lnk = E:\Widgets\YahooWidgets.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Fix-It Task Manager - Avanquest Software USA, Inc. - C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 9321 bytes ComboFix: ComboFix 09-02-01.01 - Devin 2009-02-01 13:47:16.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.204 [GMT -5:00] Running from: c:\documents and settings\Devin\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Devin\Desktop\CFscript.txt * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Owner\Local Settings\Temporary Internet Files\ijjistarter_verinfo.dat c:\documents and settings\Owner\Local Settings\Temporary Internet Files\temp.dmf c:\program files\Antispyware c:\program files\Antispyware\Antispyware.url c:\program files\Antispyware\DataBase.ref c:\program files\Antispyware\TCL.dll c:\program files\Antispyware\vistaCPtasks.xml c:\program files\Antispyware\zlib.dll c:\program files\winupdates c:\program files\winupdates\a.zip c:\windows\a3kebook.ini c:\windows\akebook.ini c:\windows\ANS2000.INI c:\windows\system32\AutoRun.inf c:\windows\system32\fo-remove.exe c:\windows\system32\irdugo.dll c:\windows\system32\jrpfdvbq.dll c:\windows\system32\qbvdfprj.ini c:\windows\system32\tlfjofrm.ini c:\windows\system32\UCMSuFii.ini c:\windows\SYSTEM32\UCMSuFii.ini2 c:\windows\Tasks\rsjjvitp.job . ((((((((((((((((((((((((( Files Created from 2009-01-01 to 2009-02-01 ))))))))))))))))))))))))))))))) . 2009-02-01 13:09 . 2009-02-01 13:09 <DIR> d-------- c:\program files\CCleaner 2009-01-31 10:20 . 2009-01-31 10:20 <DIR> d-------- c:\program files\Trend Micro 2009-01-30 22:26 . 2009-01-30 22:26 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-01-30 22:26 . 2009-01-30 22:26 <DIR> d-------- c:\documents and settings\Devin\Application Data\Malwarebytes 2009-01-30 22:26 . 2009-01-30 22:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-01-30 22:26 . 2009-01-14 16:11 38,496 --a------ c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys 2009-01-30 22:26 . 2009-01-14 16:11 15,504 --a------ c:\windows\SYSTEM32\DRIVERS\mbam.sys 2009-01-30 22:15 . 2009-01-30 22:22 <DIR> d-------- c:\documents and settings\Devin\Application Data\Antispyware 2009-01-29 21:42 . 2009-01-29 21:42 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2009-01-29 21:41 . 2009-01-29 21:41 <DIR> d-------- c:\program files\SUPERAntiSpyware 2009-01-29 21:41 . 2009-01-29 21:41 <DIR> d-------- c:\documents and settings\Devin\Application Data\SUPERAntiSpyware.com 2009-01-29 21:10 . 2009-01-29 21:16 <DIR> d-------- c:\documents and settings\Devin\eee 2009-01-29 21:07 . 2009-01-29 21:07 45,984 --a------ c:\windows\SYSTEM32\ins2.exe 2009-01-23 01:19 . 2009-01-23 01:26 <DIR> d-------- c:\documents and settings\Devin\Application Data\U3 2009-01-15 01:52 . 2009-01-15 01:52 <DIR> d-------- c:\documents and settings\Devin\Application Data\vlc 2009-01-15 00:34 . 2009-01-15 00:37 <DIR> d-------- c:\program files\DivX 2009-01-15 00:28 . 2009-01-15 00:28 <DIR> d-------- c:\program files\D-Tools 2009-01-15 00:28 . 2004-08-22 16:31 155,136 --a------ c:\windows\SYSTEM32\DRIVERS\d347bus.sys 2009-01-15 00:28 . 2004-08-22 16:31 5,248 --a------ c:\windows\SYSTEM32\DRIVERS\d347prt.sys 2009-01-13 09:53 . 2006-06-14 03:47 172,416 -----c--- c:\windows\SYSTEM32\DLLCACHE\kmixer.sys 2009-01-13 09:53 . 2006-06-01 13:47 163,840 -----c--- c:\windows\SYSTEM32\DLLCACHE\jgdw400.dll 2009-01-13 09:53 . 2006-06-14 04:00 82,944 -----c--- c:\windows\SYSTEM32\DLLCACHE\wdmaud.sys 2009-01-13 09:53 . 2006-06-01 13:47 27,648 -----c--- c:\windows\SYSTEM32\DLLCACHE\jgpl400.dll 2009-01-13 09:53 . 2006-06-14 03:47 6,400 -----c--- c:\windows\SYSTEM32\DLLCACHE\splitter.sys 2009-01-11 14:40 . 2009-01-11 14:40 <DIR> d-------- c:\program files\tamasoftware 2009-01-01 01:56 . 2009-01-01 01:56 <DIR> d-------- c:\program files\Magic Morph 2009-01-01 01:51 . 2009-01-01 01:53 <DIR> d-------- c:\program files\Total Video Converter . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-01 18:24 --------- d-----w c:\program files\GoogleAFE 2009-02-01 18:24 --------- d-----w c:\program files\Google 2009-02-01 17:59 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint 2009-02-01 17:56 --------- d-----w c:\program files\BearShare Test 2009-02-01 13:55 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater 2009-01-30 02:40 --------- d-----w c:\program files\Common Files\Wise Installation Wizard 2009-01-28 21:25 --------- d-----w c:\documents and settings\Devin\Application Data\LimeWire 2009-01-15 05:32 --------- d-----w c:\program files\VideoLAN 2008-12-31 20:56 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-12-31 04:59 --------- d-----w c:\program files\iPod 2008-12-31 04:58 --------- d-----w c:\program files\Bonjour 2008-12-31 04:57 --------- d-----w c:\program files\QuickTime 2008-12-30 23:20 --------- d-----w c:\documents and settings\Devin\Application Data\My Sam's Club Digital Photo Center 2008-12-29 19:39 --------- d-----w c:\program files\Guitar Pro 5 2008-12-11 11:57 333,184 ----a-w c:\windows\system32\drivers\srv.sys 2008-12-11 02:17 384 -c--a-w c:\documents and settings\Owner\Application Data\internaldb6334.dat 2008-12-11 00:33 86,016 ----a-w c:\windows\SYSTEM32\dpl100.dll 2008-12-11 00:33 200,704 ----a-w c:\windows\SYSTEM32\dtu100.dll 2008-12-10 21:30 555 -c--a-w c:\documents and settings\Owner\Application Data\internaldb8467.dat 2008-12-10 21:30 18,432 -c--a-w c:\documents and settings\Owner\Application Data\internaldb41.dat 2008-12-09 02:28 593,920 ----a-w c:\windows\SYSTEM32\dpuGUI11.dll 2008-12-09 02:28 57,344 ----a-w c:\windows\SYSTEM32\dpv11.dll 2008-12-09 02:28 344,064 ----a-w c:\windows\SYSTEM32\dpus11.dll 2008-12-09 02:28 294,912 ----a-w c:\windows\SYSTEM32\dpu11.dll 2008-11-06 16:37 524,288 ----a-w c:\windows\SYSTEM32\DivXsm.exe 2008-11-06 16:37 3,596,288 ----a-w c:\windows\SYSTEM32\qt-dx331.dll 2008-11-06 16:37 129,784 ------w c:\windows\SYSTEM32\pxafs.dll 2008-11-06 16:37 120,056 -c----w c:\windows\SYSTEM32\pxcpyi64.exe 2008-11-06 16:37 118,520 -c----w c:\windows\SYSTEM32\pxinsi64.exe 2008-11-06 16:35 200,704 ----a-w c:\windows\SYSTEM32\ssldivx.dll 2008-11-06 16:35 1,044,480 ----a-w c:\windows\SYSTEM32\libdivx.dll 2008-11-06 16:33 823,296 ----a-w c:\windows\SYSTEM32\divx_xx0c.dll 2008-11-06 16:33 823,296 ----a-w c:\windows\SYSTEM32\divx_xx07.dll 2008-11-06 16:33 815,104 ----a-w c:\windows\SYSTEM32\divx_xx0a.dll 2008-11-06 16:33 802,816 ----a-w c:\windows\SYSTEM32\divx_xx11.dll 2008-11-06 16:33 684,032 ----a-w c:\windows\SYSTEM32\DivX.dll 2008-11-06 16:33 12,288 -c--a-w c:\windows\SYSTEM32\DivXWMPExtType.dll 2006-08-22 03:29 31,514 -c--a-w c:\program files\startup.8xk 2006-08-22 03:02 710,374 -c--a-w c:\program files\TI84Plus_OS.8Xu 2006-08-22 03:01 552,604 -c--a-w c:\program files\TI83Plus_OS.8Xu 2006-08-14 23:55 3,455,625 -c--a-w c:\program files\APD.zip 2006-07-12 15:15 10,245,279 -c--a-w c:\program files\XBOXAR_USsetup1_31.zip 2006-06-07 03:50 19,968 -c--a-w c:\program files\adresses.doc 2006-02-03 16:37 710,374 -c--a-w c:\program files\TI84Plus_OS240.8xu 2006-01-07 14:14 688,128 -c--a-w c:\program files\autostitch.exe 2005-12-05 23:28 916,806 -c--a-w c:\program files\Dec2005_MDX1_x86.cab 2005-12-05 23:28 86,925 -c--a-w c:\program files\Oct2005_xinput_x64.cab 2005-12-05 23:28 46,247 -c--a-w c:\program files\Oct2005_xinput_x86.cab 2005-12-05 23:28 41,888 -c--a-w c:\program files\dxdllreg_x86.cab 2005-12-05 23:28 3,673,932 -c--a-w c:\program files\Dec2005_MDX1_x86_Archive.cab 2005-12-05 23:28 1,358,864 -c--a-w c:\program files\Dec2005_d3dx9_28_x64.cab 2005-12-05 23:27 1,080,344 -c--a-w c:\program files\Dec2005_d3dx9_28_x86.cab 2005-04-04 18:11 3,218 -c--a-w c:\program files\README.TXT 2005-04-04 18:10 636 -c--a-w c:\program files\LICENSE.TXT 2002-10-04 19:09 204,800 -c--a-w c:\windows\INF\FXPlugin.dll 2007-11-15 20:05 89,088 ----a-w c:\program files\mozilla firefox\plugins\atl71.dll 2007-11-15 20:05 53,248 ----a-w c:\program files\mozilla firefox\plugins\boost_filesystem-vc71-mt-1_33_1.dll 2007-11-15 20:05 499,712 ----a-w c:\program files\mozilla firefox\plugins\msvcp71.dll 2007-11-15 20:05 348,160 ----a-w c:\program files\mozilla firefox\plugins\msvcr71.dll 2007-11-15 20:05 110,592 ----a-w c:\program files\mozilla firefox\plugins\v22_base.dll 2007-11-15 20:05 114,688 ----a-w c:\program files\mozilla firefox\plugins\v22_compression.dll 2007-11-15 20:05 106,496 ----a-w c:\program files\mozilla firefox\plugins\v22_connect.dll 2007-11-15 20:05 229,376 ----a-w c:\program files\mozilla firefox\plugins\v22_update.dll 2007-11-15 20:05 196,608 ----a-w c:\program files\mozilla firefox\plugins\v22_utility.dll 2007-11-15 20:05 159,744 ----a-w c:\program files\mozilla firefox\plugins\v22_winapplib.dll 2008-12-16 01:41 122,880 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll . ------- Sigcheck ------- 2008-04-13 19:12 14336 27c6d03bcdb8cfeb96b716f3d8be3e18 c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\svchost.exe 2004-08-04 07:00 14336 8f078ae4ed187aaabc0a305146de6716 c:\windows\SYSTEM32\svchost.exe 2004-08-04 07:00 14336 8f078ae4ed187aaabc0a305146de6716 c:\windows\SYSTEM32\DLLCACHE\svchost.exe 2008-04-13 19:12 82432 2ccc474eb85ceaa3e1fa1726580a3e5a c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ws2_32.dll 2004-08-04 07:00 82944 2ed0b7f12a60f90092081c50fa0ec2b2 c:\windows\SYSTEM32\ws2_32.dll 2004-08-04 07:00 82944 2ed0b7f12a60f90092081c50fa0ec2b2 c:\windows\SYSTEM32\DLLCACHE\ws2_32.dll 2008-04-13 19:12 507904 ed0ef0a136dec83df69f04118870003e c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\winlogon.exe 2004-08-04 07:00 502272 01c3346c241652f43aed8e2149881bfe c:\windows\SYSTEM32\winlogon.exe 2004-08-04 07:00 502272 01c3346c241652f43aed8e2149881bfe c:\windows\SYSTEM32\DLLCACHE\winlogon.exe 2008-04-13 14:20 182656 1df7f42665c94b825322fae71721130d c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ndis.sys 2004-08-04 07:00 182912 558635d3af1c7546d26067d5d9b6959e c:\windows\SYSTEM32\DLLCACHE\ndis.sys 2004-08-04 07:00 182912 558635d3af1c7546d26067d5d9b6959e c:\windows\SYSTEM32\DRIVERS\ndis.sys 2008-04-13 13:53 36608 3bb22519a194418d5fec05d800a19ad0 c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ip6fw.sys 2004-08-04 07:00 29056 4448006b6bc60e6c027932cfc38d6855 c:\windows\SYSTEM32\DLLCACHE\ip6fw.sys 2004-08-04 07:00 29056 4448006b6bc60e6c027932cfc38d6855 c:\windows\SYSTEM32\DRIVERS\ip6fw.sys 2008-04-13 19:12 108544 0e776ed5f7cc9f94299e70461b7b8185 c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\services.exe 2004-08-04 07:00 108032 c6ce6eec82f187615d1002bb3bb50ed4 c:\windows\SYSTEM32\services.exe 2004-08-04 07:00 108032 c6ce6eec82f187615d1002bb3bb50ed4 c:\windows\SYSTEM32\DLLCACHE\services.exe 2008-04-13 19:12 13312 bf2466b3e18e970d8a976fb95fc1ca85 c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\lsass.exe 2004-08-04 07:00 13312 84885f9b82f4d55c6146ebf6065d75d2 c:\windows\SYSTEM32\lsass.exe 2004-08-04 07:00 13312 84885f9b82f4d55c6146ebf6065d75d2 c:\windows\SYSTEM32\DLLCACHE\lsass.exe 2008-04-13 19:12 15360 5f1d5f88303d4a4dbc8e5f97ba967cc3 c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ctfmon.exe 2004-08-04 07:00 15360 24232996a38c0b0cf151c2140ae29fc8 c:\windows\SYSTEM32\ctfmon.exe 2004-08-04 07:00 15360 24232996a38c0b0cf151c2140ae29fc8 c:\windows\SYSTEM32\DLLCACHE\ctfmon.exe 2008-04-13 19:12 26112 a93aee1928a9d7ce3e16d24ec7380f89 c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\userinit.exe 2004-08-04 07:00 24576 39b1ffb03c2296323832acbae50d2aff c:\windows\SYSTEM32\userinit.exe 2004-08-04 07:00 24576 39b1ffb03c2296323832acbae50d2aff c:\windows\SYSTEM32\DLLCACHE\userinit.exe 2008-04-13 19:12 295424 ff3477c03be7201c294c35f684b3479f c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\termsrv.dll 2004-08-04 06:00 295424 b60c877d16d9c880b952fda04adf16e6 c:\windows\SYSTEM32\TERMSRV.DLL 2004-08-04 06:00 295424 b60c877d16d9c880b952fda04adf16e6 c:\windows\SYSTEM32\DLLCACHE\termsrv.dll 2008-04-13 19:12 17408 50a166237a0fa771261275a405646cc0 c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\powrprof.dll 2004-08-04 07:00 17408 1b5f6923abb450692e9fe0672c897aed c:\windows\SYSTEM32\powrprof.dll 2004-08-04 07:00 17408 1b5f6923abb450692e9fe0672c897aed c:\windows\SYSTEM32\DLLCACHE\powrprof.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\program files\valve\steam\steam.exe" [2008-10-13 1410296] "DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2008-06-10 785520] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-01-15 1830128] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 221184] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-12-15 29744] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035] "DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928] "EPSON Stylus C88 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE" [2005-01-27 98304] "IPHSend"="c:\program files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 124520] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480] "PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2004-03-10 406016] "PhilipsDM"="c:\program files\Philips\Philips Device Manager\Bin\DeviceManager.exe" [2005-09-14 520192] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152] "VirusScannerPro"="c:\progra~1\AVANQU~1\Fix-It\MemCheck.exe" [2007-09-01 173312] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-05-25 185896] "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712] "iTunesHelper"="e:\itunes\iTunesHelper.exe" [2008-11-20 290088] "DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920] "nwiz"="nwiz.exe" [2006-10-22 c:\windows\SYSTEM32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "ALUAlert"="c:\program files\Symantec\LiveUpdate\ALUNotify.exe" [2006-05-15 67264] c:\documents and settings\Owner\Start Menu\Programs\Startup\ Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-08-19 110592] Rainlendar.lnk - c:\program files\Rainlendar\Rainlendar.exe [2006-01-21 118784] Registration Myst V [2006-02-07 0] c:\documents and settings\Devin\Start Menu\Programs\Startup\ Yahoo! Widgets.lnk - e:\widgets\YahooWidgets.exe [2007-12-11 3746856] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-08-19 110592] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.I420"= vdrcodec.dll "VIDC.MJPG"= Pvmjpg21.dll "VIDC.PIM1"= pclepim1.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\Common Files\\AOL\\1153170047\\ee\\aolsoftware.exe"= "c:\\Program Files\\Common Files\\AOL\\1153170047\\ee\\aim6.exe"= "c:\\Program Files\\utorrent\\utorrent.exe"= "c:\\Program Files\\Shareaza\\Shareaza.exe"= "c:\\Program Files\\Valve\\Steam\\SteamApps\\rustyn90\\garrysmod\\hl2.exe"= "c:\\Program Files\\Valve\\Steam\\SteamApps\\rustyn90\\source sdk base\\hl2.exe"= "c:\\Program Files\\Valve\\Steam\\Steam.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= "c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"= "c:\\Program Files\\Valve\\Steam\\SteamApps\\rustyn90\\counter-strike source\\hl2.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\ijji\\ENGLISH\\u_gunz.exe"= "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "e:\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 "5353:TCP"= 5353:TCP:Adobe CSI CS4 R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-01-15 8944] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-01-15 55024] R2 tmpreflt;tmpreflt;c:\progra~1\AVANQU~1\Fix-It\tmpreflt.sys [2007-08-31 32528] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-11 24652] R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408] R3 USBNET_XP;Instant Wireless XP USB Network Adapter ver.2.6 Driver;c:\windows\SYSTEM32\DRIVERS\netusbxp.sys [2006-01-03 72576] S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2005-12-28 29744] S3 idmc1aud;Intel® Play USB Audio Filter (WDM);c:\windows\SYSTEM32\DRIVERS\idmc1aud.sys [2006-07-27 15188] S3 IDMC1Blk;Intel Play DMC Download Driver;c:\windows\SYSTEM32\DRIVERS\IDMC1Blk.sys [2006-07-27 14628] S3 IDMC1Vxp;Intel® Play DMC Camera;c:\windows\SYSTEM32\DRIVERS\idmc1vme.sys [2006-07-27 416564] S3 MailScan;MailScan;c:\progra~1\AVANQU~1\Fix-It\MailScan.sys [2007-09-01 20496] S3 xbreader;MaxDrive XBox Driver (xbreader.sys);c:\windows\SYSTEM32\DRIVERS\xbreader.sys [2001-01-02 19677] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H] \Shell\AutoRun\command - H:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6db20963-bbcd-11dd-966f-000625271ce6}] \Shell\AutoRun\command - H:\LaunchU3.exe -a . Contents of the 'Scheduled Tasks' folder 2009-01-26 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [] 2009-01-27 c:\windows\Tasks\Scheduled Checkpoint.job - c:\program files\VCOM\Recovery Commander\RCSCHED.EXE [] . - - - - ORPHANS REMOVED - - - - WebBrowser-{08FCF7E3-5F7D-444E-8554-76A516EB3C6C} - (no file) HKCU-Run-Aim6 - (no file) . ------- Supplementary Scan ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Devin\Application Data\Mozilla\Firefox\Profiles\05jty80b.default\ FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npampx3.0.84.2.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPView22.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll FF - plugin: c:\program files\Picasa2\npPicasa2.dll FF - plugin: c:\program files\view22\version_4\NPView22.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll FF - plugin: e:\itunes\Mozilla Plugins\npitunes.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-01 13:52:09 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-2985862323-1253851296-254320386-1006\Software\SecuROM\License information*] "datasecu"=hex:7b,51,6f,97,5a,13,79,92,2e,fb,31,fc,6f,9e,81,e5,d7,66,b1,06,8e, 57,b0,3e,dd,c6,2f,2f,08,94,68,dd,f3,96,95,15,0b,7a,cd,83,22,a7,22,e6,e4,ca,\ "rkeysecu"=hex:54,2e,7f,23,dd,68,8d,01,71,68,9d,e4,cc,86,f1,18 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,4f,e4,22,01,5e, 8a,09,22,c8,28,51,af,b0,29,a3,98,01,96,8c,ba,2b,73,a0,3f,e2,63,26,f1,3f,c8,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,b9,70,46,4b,44, 29,96,ed,71,3b,04,66,8b,46,0d,96,98,ac,d5,06,fa,b5,bb,b0,6a,9c,d6,61,af,45,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,1b,eb,f5,49,87, e7,43,6b,25,da,ec,7e,55,20,c9,26,bd,7c,5b,6a,77,03,4b,a0,ff,7c,85,e0,43,d4,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "2582ae41fb52324423be06337561aa48"=hex:6b,65,49,6a,7e,99,74,f7,f8,b1,21,99,b9, 02,fa,cf,3e,1e,9e,e0,57,5a,93,61,03,3d,46,42,b1,3c,52,8b,86,8c,21,01,be,91,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,bb,7c,9d,5a,8f, 9e,0a,d8,cd,44,cd,b9,a6,33,6c,cd,d3,ca,c0,75,3c,2a,fd,e9,f5,1d,4d,73,a8,13,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{85E0B171-04FA-11D1-B7DA-00A0C90348A7}\Implemented Categories] @DACL=(02 0000) [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{85E0B171-04FA-11D1-B7DA-00A0C90348A7}\InprocServer32] @DACL=(02 0000) @="c:\\WINDOWS\\system32\\UpMedia\\SearchTool.dll" "ThreadingModel"="Apartment" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,47,c2,80,c1,fb, ee,79,79,b0,18,ed,a7,3f,8d,37,a4,80,9d,0d,96,f1,d8,95,51,df,20,58,62,78,6b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,94,14,b7,a3,b9, 28,f3,f4,31,77,e1,ba,b1,f8,68,02,af,56,62,a4,6d,84,f0,89,fb,a7,78,e6,12,2f,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,b7,2f,19,0a,9f, 16,23,97,83,6c,56,8b,a0,85,96,ab,65,82,da,14,bd,28,e5,ee,01,3a,48,fc,e8,04,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,58,e7,86,65,3a, 32,e6,7b,51,fa,6e,91,28,9e,14,cc,b8,d3,85,ff,37,b3,90,f3,f6,0f,4e,58,98,5b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,19,ad,20,22,10, fb,15,90,b1,cd,45,5a,a8,c4,f8,b9,57,6f,e1,5d,cc,36,d2,5c,3d,ce,ea,26,2d,45,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,f2,1a,46,d0,34, 2c,f9,91,e3,0e,66,d5,eb,bc,2f,6b,9d,5d,48,e0,59,cd,4b,bd,2a,b7,cc,b5,b9,7f,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,1c,7c,f6,e8,87, 3c,b3,7f,fa,ea,66,7f,d4,3b,6b,70,6e,2d,70,3a,59,c1,2e,e9,6c,43,2d,1e,aa,22,\ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(912) c:\program files\SUPERAntiSpyware\SASWINLO.dll c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe c:\program files\Bonjour\mDNSResponder.exe c:\progra~1\AVANQU~1\Fix-It\mxtask.exe c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe c:\windows\SYSTEM32\nvsvc32.exe c:\progra~1\AVANQU~1\Fix-It\mxtask.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Completion time: 2009-02-01 14:03:09 - machine was rebooted ComboFix-quarantined-files.txt 2009-02-01 19:03:05 Pre-Run: 7,013,859,328 bytes free Post-Run: 6,968,066,048 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect 403 --- E O F --- 2009-01-15 08:02:03
  5. fsdoubleflip
    I have unfortunately succumbed to the Superjuan/ msjuan virus. I'm sure you guys are familiar with it by now, as I've seen a lot of users asking for help with it. Please forgive me if I post incorrectly, as I'm not used to having to ask for help in removing viruses - the programs usually do it for me. But this one is tricky. I dunno if it is part of the msjuan virus, but I get popups from time to time, even though i have popupblocker turned on. Ironically, one of them is for an anti-spyware program . okay so here's the HijackThis log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:21:06 AM, on 1/31/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe E:\iTunes\iTunesHelper.exe C:\Program Files\D-Tools\daemon.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\iPod\bin\iPodService.exe E:\Widgets\YahooWidgets.exe E:\Widgets\YahooWidgets.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/a/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: (no name) - - (no file) O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {140A896B-B87C-4482-BCB1-FD2BAC5B2409} - C:\WINDOWS\system32\iiFuSMCU.dll (file missing) O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Weather Studio - {849CC480-5983-4D30-A12C-774E8E8D8291} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll O2 - BHO: GoogleAFE - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll O3 - Toolbar: Weather Studio - {C6139A57-16FB-4FA4-8045-A847FBFFD695} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [EPSON Stylus C88 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE /P23 "EPSON Stylus C88 Series" /O6 "USB001" /M "Stylus C88" O4 - HKLM\..\Run: [iPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [PhilipsDM] "C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [VirusScannerPro] C:\PROGRA~1\AVANQU~1\Fix-It\MemCheck.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [bearShare] "E:\Program Files\BearShare Test\BearShare.exe" /pause O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [iTunesHelper] "E:\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [steam] "c:\program files\valve\steam\steam.exe" -silent O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user') O4 - Startup: Yahoo! Widgets.lnk = E:\Widgets\YahooWidgets.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Devin\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL kpdcol.dll irdugo.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: mLeDTnlJ - mLeDTnlJ.dll (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Fix-It Task Manager - Avanquest Software USA, Inc. - C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 11040 bytes and, if needed, malwarebytes: Registry Values Infected: 2 Registry Data Items Infected: 0 Folders Infected: 3 Files Infected: 26 Memory Processes Infected: C:\Program Files\Antispyware\Antispyware.exe (Rogue.Antispyware) -> Unloaded process successfully. Memory Modules Infected: C:\WINDOWS\SYSTEM32\jrpfdvbq.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\SYSTEM32\irdugo.dll (Trojan.Vundo) -> Delete on reboot. C:\Program Files\Antispyware\SpyCleaner.dll (Rogue.SpyCleaner) -> Delete on reboot. Registry Keys Infected: HKEY_CLASSES_ROOT\CLSID\{85e0b171-04fa-11d1-b7da-00a0c90348a7} (Adware.SmartShopper) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Weather Services (Adware.Hotbar) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Antispyware (Rogue.Antispyware) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cpls\wxfw.dll (Adware.Hotbar) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\Documents and Settings\All Users\Start Menu\Programs\Antispyware (Rogue.Antispyware) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Starware (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Starware\Manager (Adware.Starware) -> Quarantined and deleted successfully. Files Infected: C:\WINDOWS\SYSTEM32\jrpfdvbq.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\SYSTEM32\irdugo.dll (Trojan.Vundo) -> Delete on reboot. C:\Program Files\Antispyware\SpyCleaner.dll (Rogue.SpyCleaner) -> Delete on reboot. C:\Documents and Settings\Devin\Local Settings\Application Data\Mozilla\Firefox\Profiles\05jty80b.default\Cache\96490AAAd01 (Rogue.Installer) -> Quarantined and deleted successfully. C:\Documents and Settings\Devin\Local Settings\Temporary Internet Files\Content.IE5\JXRNFXHZ\index[1] (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Documents and Settings\Devin\Local Settings\Temporary Internet Files\Content.IE5\R96MMDRL\apstpldr.dll[1].htm (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Documents and Settings\Devin\Local Settings\Temporary Internet Files\Content.IE5\R96MMDRL\CATSU91R (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Documents and Settings\Devin\Local Settings\Temporary Internet Files\Content.IE5\R96MMDRL\upd105320[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\My Documents\Downloads\Sony DVD Architect Studio 4.5c build 91\keygen.exe (Backdoor.SDBot) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-18\Dc3744.exe (Adware.SmartShopper) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-2985862323-1253851296-254320386-1006\Dc2110.exe (Rogue.Installer) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-2985862323-1253851296-254320386-1006\Dc2111.exe (Rogue.Installer) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-2985862323-1253851296-254320386-1006\Dc2214.exe (Adware.Agent) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP394\A0185501.dll (Adware.SmartShopper) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP394\A0185502.exe (Adware.SmartShopper) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP427\A0190731.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\ggbyxxms.dll (Trojan.Vundo) -> Quarantined and deleted successfully. E:\setupxv.exe (Rogue.Installer) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Start Menu\Programs\Antispyware\Antispyware on the Web.lnk (Rogue.Antispyware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Start Menu\Programs\Antispyware\Antispyware.lnk (Rogue.Antispyware) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Starware\Manager\ManagerOptions.xml (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\Starware\Manager\ManagerOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully. C:\Program Files\Antispyware\Antispyware.exe (Rogue.Antispyware) -> Delete on reboot. C:\WINDOWS\Tasks\Antispyware Scheduled Scan.job (Rogue.Antispyware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Desktop\Antispyware.lnk (Rogue.Antispyware) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\ijjistarter2.exe (Trojan.Agent) -> Quarantined and deleted successfully. once again, I apologize if i posted incorrectly. Any help at all would be appreciated!!!
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.