Jump to content

Recommended Posts

Hello, and thanks ahead of time for your help. I first noticed this after trying to find previous episodes of Merlin online (Great show, by the way!), that I had missed from season 4. Here's what Malwarebytes says is on my PC, but I can't seem to find the files when I look for them. Wondering if this is some sort of false-positive, or if I'm infected. Either way, I'd like to get rid of it if possible.

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 254925

Time elapsed: 42 minute(s), 19 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 12

c:\documents and settings\slow\my documents\my videos\pulgfile.log (Malware.Trace) -> No action taken.

c:\documents and settings\slow\my documents\my pictures\aweks.pikz (Backdoor.Bot) -> No action taken.

c:\documents and settings\slow\my documents\my pictures\my pictures.exe (Worm.AutoRun) -> No action taken.

c:\documents and settings\slow\my documents\my pictures\my pictures.url (Trojan.Zlob) -> No action taken.

c:\documents and settings\slow\my documents\my pictures\sample pictures\blue hills.exe (Trojan.Xanib) -> No action taken.

c:\documents and settings\slow\my documents\my pictures\sample pictures\cakep.exe (Worm.Xanib) -> No action taken.

c:\documents and settings\slow\my documents\my pictures\sample pictures\cuakep.exe (Worm.Xanib) -> No action taken.

c:\documents and settings\slow\my documents\my pictures\sample pictures\sunset.exe (Trojan.Xanib) -> No action taken.

c:\documents and settings\slow\my documents\my pictures\sample pictures\water lilies.exe (Trojan.Xanib) -> No action taken.

c:\documents and settings\slow\my documents\my pictures\sample pictures\winter.exe (Trojan.Xanib) -> No action taken.

c:\documents and settings\slow\my documents\my pictures\seram.pikz (Backdoor.Bot) -> No action taken.

c:\documents and settings\slow\my documents\my videos\my video.url (Trojan.Zlob) -> No action taken.

(end)

Once again, I thank you for your help.

dds.txt

attach.txt

Link to post
Share on other sites

Hi and :welcome:

Your log shows "no action taken". Did you in fact delete these items?

Lets also do a rootkit scan.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

Link to post
Share on other sites

Hello, and thanks for the warm welcome and your help. Yes, I have run Malwarebytes several times over the past few days, each time letting it clean up the items following a reboot, as it requests. I have also previously scanned my PC using Spyware Doctor, Kapersky's Online Scanner, Trend Micro's House Call, and Hitman Pro. Each has found nothing out of the ordinary. It's only Malwarebytes that's showing anything. However, if I run my PC is safe-mode, nothing shows up for Malwarebytes either. Below is the info you requested:

11:53:50.0484 6044 TDSS rootkit removing tool 2.7.12.0 Feb 11 2012 16:58:52

11:53:50.0968 6044 ============================================================

11:53:50.0968 6044 Current date / time: 2012/02/14 11:53:50.0968

11:53:50.0968 6044 SystemInfo:

11:53:50.0968 6044

11:53:50.0968 6044 OS Version: 5.1.2600 ServicePack: 3.0

11:53:50.0968 6044 Product type: Workstation

11:53:50.0968 6044 ComputerName: SLOW-A4E03E217B

11:53:50.0968 6044 UserName: slow

11:53:50.0968 6044 Windows directory: C:\WINDOWS

11:53:50.0968 6044 System windows directory: C:\WINDOWS

11:53:50.0968 6044 Processor architecture: Intel x86

11:53:50.0968 6044 Number of processors: 2

11:53:50.0968 6044 Page size: 0x1000

11:53:50.0968 6044 Boot type: Normal boot

11:53:50.0968 6044 ============================================================

11:53:51.0328 6044 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

11:53:51.0453 6044 \Device\Harddisk0\DR0:

11:53:51.0453 6044 MBR used

11:53:51.0453 6044 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A011FC

11:53:51.0484 6044 Initialize success

11:53:51.0484 6044 ============================================================

11:54:02.0468 6120 ============================================================

11:54:02.0468 6120 Scan started

11:54:02.0468 6120 Mode: Manual;

11:54:02.0468 6120 ============================================================

11:54:02.0906 6120 Abiosdsk - ok

11:54:02.0906 6120 abp480n5 - ok

11:54:02.0984 6120 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

11:54:02.0984 6120 ACPI - ok

11:54:03.0031 6120 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

11:54:03.0031 6120 ACPIEC - ok

11:54:03.0046 6120 adpu160m - ok

11:54:03.0078 6120 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

11:54:03.0093 6120 aec - ok

11:54:03.0156 6120 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

11:54:03.0156 6120 AFD - ok

11:54:03.0171 6120 Aha154x - ok

11:54:03.0187 6120 aic78u2 - ok

11:54:03.0203 6120 aic78xx - ok

11:54:03.0281 6120 AliIde - ok

11:54:03.0296 6120 amsint - ok

11:54:03.0406 6120 ArcSoftKsUFilter (35a6a419d7526f5cf824afb23afa08d6) C:\WINDOWS\system32\DRIVERS\ArcSoftKsUFilter.sys

11:54:03.0406 6120 ArcSoftKsUFilter - ok

11:54:03.0406 6120 asc - ok

11:54:03.0421 6120 asc3350p - ok

11:54:03.0437 6120 asc3550 - ok

11:54:03.0500 6120 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

11:54:03.0500 6120 AsyncMac - ok

11:54:03.0593 6120 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\drivers\atapi.sys

11:54:03.0593 6120 atapi - ok

11:54:03.0609 6120 Atdisk - ok

11:54:03.0656 6120 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

11:54:03.0656 6120 Atmarpc - ok

11:54:03.0750 6120 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

11:54:03.0750 6120 audstub - ok

11:54:03.0828 6120 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

11:54:03.0828 6120 Beep - ok

11:54:03.0906 6120 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

11:54:03.0906 6120 cbidf2k - ok

11:54:03.0984 6120 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

11:54:03.0984 6120 CCDECODE - ok

11:54:04.0031 6120 cd20xrnt - ok

11:54:04.0078 6120 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

11:54:04.0093 6120 Cdaudio - ok

11:54:04.0156 6120 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

11:54:04.0156 6120 Cdfs - ok

11:54:04.0250 6120 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys

11:54:04.0250 6120 Cdrom - ok

11:54:04.0281 6120 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys

11:54:04.0296 6120 cercsr6 - ok

11:54:04.0296 6120 Changer - ok

11:54:04.0312 6120 CmdIde - ok

11:54:04.0328 6120 Cpqarray - ok

11:54:04.0343 6120 dac2w2k - ok

11:54:04.0359 6120 dac960nt - ok

11:54:04.0453 6120 DCamUSBNovatek (ec6a07269d3762931f21f048f0a7875d) C:\WINDOWS\system32\Drivers\nvtcam.sys

11:54:04.0484 6120 DCamUSBNovatek - ok

11:54:04.0546 6120 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

11:54:04.0546 6120 Disk - ok

11:54:04.0593 6120 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

11:54:04.0593 6120 dmboot - ok

11:54:04.0656 6120 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

11:54:04.0656 6120 dmio - ok

11:54:04.0718 6120 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

11:54:04.0718 6120 dmload - ok

11:54:04.0812 6120 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

11:54:04.0828 6120 DMusic - ok

11:54:04.0859 6120 dpti2o - ok

11:54:04.0921 6120 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

11:54:04.0921 6120 drmkaud - ok

11:54:05.0031 6120 e1express (00192f0c612591d585594e9467e6ca8b) C:\WINDOWS\system32\DRIVERS\e1e5132.sys

11:54:05.0046 6120 e1express - ok

11:54:05.0140 6120 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

11:54:05.0140 6120 Fastfat - ok

11:54:05.0203 6120 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

11:54:05.0203 6120 Fdc - ok

11:54:05.0234 6120 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

11:54:05.0250 6120 Fips - ok

11:54:05.0281 6120 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

11:54:05.0281 6120 Flpydisk - ok

11:54:05.0343 6120 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

11:54:05.0359 6120 FltMgr - ok

11:54:05.0375 6120 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

11:54:05.0390 6120 Fs_Rec - ok

11:54:05.0390 6120 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

11:54:05.0390 6120 Ftdisk - ok

11:54:05.0453 6120 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

11:54:05.0453 6120 GEARAspiWDM - ok

11:54:05.0484 6120 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

11:54:05.0484 6120 Gpc - ok

11:54:05.0562 6120 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

11:54:05.0562 6120 HDAudBus - ok

11:54:05.0625 6120 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

11:54:05.0625 6120 hidusb - ok

11:54:05.0656 6120 hpn - ok

11:54:05.0687 6120 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys

11:54:05.0687 6120 HSFHWBS2 - ok

11:54:05.0718 6120 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys

11:54:05.0781 6120 HSF_DP - ok

11:54:05.0843 6120 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

11:54:05.0843 6120 HTTP - ok

11:54:05.0875 6120 i2omgmt - ok

11:54:05.0890 6120 i2omp - ok

11:54:05.0984 6120 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys

11:54:06.0000 6120 i8042prt - ok

11:54:06.0078 6120 iastor (019cf5f31c67030841233c545a0e217a) C:\WINDOWS\system32\DRIVERS\iaStor.sys

11:54:06.0078 6120 iastor - ok

11:54:06.0203 6120 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

11:54:06.0203 6120 Imapi - ok

11:54:06.0250 6120 ini910u - ok

11:54:06.0281 6120 IntelIde - ok

11:54:06.0328 6120 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

11:54:06.0328 6120 intelppm - ok

11:54:06.0421 6120 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

11:54:06.0421 6120 Ip6Fw - ok

11:54:06.0515 6120 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

11:54:06.0515 6120 IpFilterDriver - ok

11:54:06.0578 6120 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

11:54:06.0578 6120 IpInIp - ok

11:54:06.0656 6120 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

11:54:06.0671 6120 IpNat - ok

11:54:06.0750 6120 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

11:54:06.0750 6120 IPSec - ok

11:54:06.0781 6120 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

11:54:06.0781 6120 IRENUM - ok

11:54:06.0796 6120 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

11:54:06.0796 6120 isapnp - ok

11:54:06.0937 6120 ISWKL (08a811bfd207dfdec588881c18bacbaa) C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys

11:54:06.0937 6120 ISWKL - ok

11:54:06.0968 6120 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

11:54:06.0984 6120 Kbdclass - ok

11:54:07.0031 6120 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

11:54:07.0031 6120 kbdhid - ok

11:54:07.0109 6120 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

11:54:07.0109 6120 kmixer - ok

11:54:07.0218 6120 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

11:54:07.0218 6120 KSecDD - ok

11:54:07.0250 6120 lbrtfdc - ok

11:54:07.0359 6120 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

11:54:07.0359 6120 mdmxsdk - ok

11:54:07.0421 6120 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys

11:54:07.0437 6120 MHNDRV - ok

11:54:07.0531 6120 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

11:54:07.0531 6120 mnmdd - ok

11:54:07.0625 6120 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

11:54:07.0625 6120 Modem - ok

11:54:07.0687 6120 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys

11:54:07.0687 6120 MODEMCSA - ok

11:54:07.0750 6120 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

11:54:07.0750 6120 Mouclass - ok

11:54:07.0781 6120 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

11:54:07.0781 6120 mouhid - ok

11:54:07.0796 6120 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

11:54:07.0796 6120 MountMgr - ok

11:54:07.0796 6120 mraid35x - ok

11:54:07.0859 6120 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

11:54:07.0859 6120 MRxDAV - ok

11:54:07.0953 6120 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

11:54:07.0953 6120 MRxSmb - ok

11:54:08.0000 6120 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

11:54:08.0000 6120 Msfs - ok

11:54:08.0109 6120 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

11:54:08.0109 6120 MSKSSRV - ok

11:54:08.0187 6120 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

11:54:08.0187 6120 MSPCLOCK - ok

11:54:08.0218 6120 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

11:54:08.0218 6120 MSPQM - ok

11:54:08.0296 6120 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

11:54:08.0296 6120 mssmbios - ok

11:54:08.0406 6120 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

11:54:08.0406 6120 MSTEE - ok

11:54:08.0484 6120 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

11:54:08.0484 6120 Mup - ok

11:54:08.0531 6120 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

11:54:08.0546 6120 NABTSFEC - ok

11:54:08.0640 6120 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

11:54:08.0640 6120 NDIS - ok

11:54:08.0734 6120 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

11:54:08.0734 6120 NdisIP - ok

11:54:08.0812 6120 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

11:54:08.0812 6120 NdisTapi - ok

11:54:08.0890 6120 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

11:54:08.0890 6120 Ndisuio - ok

11:54:08.0953 6120 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

11:54:08.0953 6120 NdisWan - ok

11:54:09.0015 6120 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

11:54:09.0015 6120 NDProxy - ok

11:54:09.0031 6120 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

11:54:09.0031 6120 NetBIOS - ok

11:54:09.0093 6120 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

11:54:09.0093 6120 NetBT - ok

11:54:09.0125 6120 NEWDRIVER (2bd447aa9488959a76508e5f78619fe4) C:\WINDOWS\system32\WinVDEdrv6.sys

11:54:09.0140 6120 NEWDRIVER - ok

11:54:09.0156 6120 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

11:54:09.0156 6120 Npfs - ok

11:54:09.0187 6120 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

11:54:09.0203 6120 Ntfs - ok

11:54:09.0250 6120 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

11:54:09.0265 6120 Null - ok

11:54:09.0656 6120 nv (4b54dcd6adee535df80f07c59ddd8f14) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

11:54:09.0984 6120 nv - ok

11:54:10.0093 6120 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

11:54:10.0109 6120 NwlnkFlt - ok

11:54:10.0156 6120 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

11:54:10.0156 6120 NwlnkFwd - ok

11:54:10.0234 6120 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys

11:54:10.0234 6120 Parport - ok

11:54:10.0328 6120 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

11:54:10.0328 6120 PartMgr - ok

11:54:10.0421 6120 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

11:54:10.0437 6120 ParVdm - ok

11:54:10.0484 6120 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

11:54:10.0484 6120 PCI - ok

11:54:10.0531 6120 PCIDump - ok

11:54:10.0562 6120 PCIIde - ok

11:54:10.0609 6120 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

11:54:10.0609 6120 Pcmcia - ok

11:54:10.0703 6120 PCTBD (3a0262b85b5bb4d4cfc096ea00ed610b) C:\WINDOWS\system32\Drivers\PCTBD.sys

11:54:10.0703 6120 PCTBD - ok

11:54:10.0796 6120 PCTCore (0edb74bd0d52d6d94cf862322e48b94e) C:\WINDOWS\system32\drivers\PCTCore.sys

11:54:10.0796 6120 PCTCore - ok

11:54:10.0843 6120 pctDS (8734f7346b39a710491e0ddb136da2a3) C:\WINDOWS\system32\drivers\pctDS.sys

11:54:10.0843 6120 pctDS - ok

11:54:10.0890 6120 pctEFA (653d8079cc000ec454789740a07b84a8) C:\WINDOWS\system32\drivers\pctEFA.sys

11:54:10.0906 6120 pctEFA - ok

11:54:10.0953 6120 pctgntdi (00bfb1452ed8bb69fd135eb6a682303e) C:\WINDOWS\system32\drivers\pctgntdi.sys

11:54:10.0953 6120 pctgntdi - ok

11:54:11.0000 6120 pctplsg (9e68be6aadbc3d688bac161f28af0ce0) C:\WINDOWS\system32\drivers\pctplsg.sys

11:54:11.0000 6120 pctplsg - ok

11:54:11.0062 6120 PCTSD (ec49993baa9a86adf1cb6fa1cd895882) C:\WINDOWS\system32\Drivers\PCTSD.sys

11:54:11.0062 6120 PCTSD - ok

11:54:11.0093 6120 PDCOMP - ok

11:54:11.0171 6120 PDFRAME - ok

11:54:11.0203 6120 PDRELI - ok

11:54:11.0234 6120 PDRFRAME - ok

11:54:11.0265 6120 perc2 - ok

11:54:11.0296 6120 perc2hib - ok

11:54:11.0390 6120 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

11:54:11.0390 6120 PptpMiniport - ok

11:54:11.0406 6120 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

11:54:11.0421 6120 PSched - ok

11:54:11.0437 6120 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

11:54:11.0453 6120 Ptilink - ok

11:54:11.0515 6120 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys

11:54:11.0515 6120 PxHelp20 - ok

11:54:11.0531 6120 ql1080 - ok

11:54:11.0562 6120 Ql10wnt - ok

11:54:11.0593 6120 ql12160 - ok

11:54:11.0593 6120 ql1240 - ok

11:54:11.0640 6120 ql1280 - ok

11:54:11.0703 6120 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

11:54:11.0703 6120 RasAcd - ok

11:54:11.0781 6120 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

11:54:11.0796 6120 Rasl2tp - ok

11:54:11.0828 6120 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

11:54:11.0828 6120 RasPppoe - ok

11:54:11.0859 6120 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

11:54:11.0859 6120 Raspti - ok

11:54:11.0937 6120 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

11:54:11.0953 6120 Rdbss - ok

11:54:11.0984 6120 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

11:54:11.0984 6120 RDPCDD - ok

11:54:12.0062 6120 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

11:54:12.0062 6120 rdpdr - ok

11:54:12.0156 6120 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

11:54:12.0156 6120 RDPWD - ok

11:54:12.0203 6120 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

11:54:12.0218 6120 redbook - ok

11:54:12.0296 6120 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

11:54:12.0296 6120 Secdrv - ok

11:54:12.0359 6120 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys

11:54:12.0359 6120 Serial - ok

11:54:12.0453 6120 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

11:54:12.0453 6120 Sfloppy - ok

11:54:12.0484 6120 Simbad - ok

11:54:12.0578 6120 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

11:54:12.0578 6120 SLIP - ok

11:54:12.0593 6120 Sparrow - ok

11:54:12.0656 6120 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

11:54:12.0656 6120 splitter - ok

11:54:12.0765 6120 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

11:54:12.0765 6120 sr - ok

11:54:12.0859 6120 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

11:54:12.0859 6120 Srv - ok

11:54:12.0953 6120 StarOpen (e57b778208c783d8debab320c16a1b82) C:\WINDOWS\system32\drivers\StarOpen.sys

11:54:12.0953 6120 StarOpen - ok

11:54:13.0078 6120 STHDA (797fcc1d859b203958e915bb82528da9) C:\WINDOWS\system32\drivers\sthda.sys

11:54:13.0156 6120 STHDA - ok

11:54:13.0234 6120 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

11:54:13.0234 6120 streamip - ok

11:54:13.0312 6120 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

11:54:13.0312 6120 swenum - ok

11:54:13.0375 6120 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

11:54:13.0390 6120 swmidi - ok

11:54:13.0390 6120 symc810 - ok

11:54:13.0406 6120 symc8xx - ok

11:54:13.0421 6120 sym_hi - ok

11:54:13.0421 6120 sym_u3 - ok

11:54:13.0453 6120 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

11:54:13.0453 6120 sysaudio - ok

11:54:13.0531 6120 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

11:54:13.0531 6120 Tcpip - ok

11:54:13.0578 6120 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

11:54:13.0578 6120 TDPIPE - ok

11:54:13.0625 6120 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

11:54:13.0625 6120 TDTCP - ok

11:54:13.0640 6120 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

11:54:13.0656 6120 TermDD - ok

11:54:13.0718 6120 tffsport (d9d5e4ca72270e9f3eca97da0983ab87) C:\WINDOWS\system32\DRIVERS\tffsport.sys

11:54:13.0718 6120 tffsport - ok

11:54:13.0734 6120 TosIde - ok

11:54:13.0796 6120 truecrypt (746b8cf9cededdd865472544edf626da) C:\WINDOWS\system32\drivers\truecrypt.sys

11:54:13.0796 6120 truecrypt - ok

11:54:13.0843 6120 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

11:54:13.0843 6120 Udfs - ok

11:54:13.0875 6120 ultra - ok

11:54:14.0015 6120 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

11:54:14.0031 6120 Update - ok

11:54:14.0125 6120 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

11:54:14.0125 6120 usbaudio - ok

11:54:14.0203 6120 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

11:54:14.0218 6120 usbccgp - ok

11:54:14.0265 6120 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

11:54:14.0265 6120 usbehci - ok

11:54:14.0343 6120 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

11:54:14.0359 6120 usbhub - ok

11:54:14.0359 6120 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

11:54:14.0375 6120 usbprint - ok

11:54:14.0375 6120 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

11:54:14.0375 6120 usbscan - ok

11:54:14.0421 6120 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

11:54:14.0421 6120 USBSTOR - ok

11:54:14.0484 6120 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

11:54:14.0484 6120 usbuhci - ok

11:54:14.0515 6120 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys

11:54:14.0531 6120 usbvideo - ok

11:54:14.0562 6120 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

11:54:14.0562 6120 VgaSave - ok

11:54:14.0578 6120 ViaIde - ok

11:54:14.0593 6120 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

11:54:14.0593 6120 VolSnap - ok

11:54:14.0671 6120 Vsdatant (558cee3d9c470651f1843d51b42d761b) C:\WINDOWS\system32\vsdatant.sys

11:54:14.0687 6120 Vsdatant - ok

11:54:14.0796 6120 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

11:54:14.0812 6120 Wanarp - ok

11:54:14.0890 6120 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys

11:54:14.0890 6120 Wdf01000 - ok

11:54:14.0937 6120 WDICA - ok

11:54:15.0015 6120 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

11:54:15.0031 6120 wdmaud - ok

11:54:15.0125 6120 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

11:54:15.0140 6120 winachsf - ok

11:54:15.0250 6120 WinFLAdrv (c356f8dd63fc2e95216a184e6ef16800) C:\WINDOWS\system32\WinFLAdrv.sys

11:54:15.0250 6120 WinFLAdrv - ok

11:54:15.0328 6120 WinVDEDrv (8a81839d1dddd19a5f450c754f00c0a6) C:\WINDOWS\system32\WinVDEdrv.sys

11:54:15.0343 6120 WinVDEDrv - ok

11:54:15.0468 6120 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

11:54:15.0468 6120 WS2IFSL - ok

11:54:15.0531 6120 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

11:54:15.0531 6120 WSTCODEC - ok

11:54:15.0625 6120 xusb21 (a640c90b007762939507c28a021be3b3) C:\WINDOWS\system32\DRIVERS\xusb21.sys

11:54:15.0625 6120 xusb21 - ok

11:54:15.0656 6120 MBR (0x1B8) (6b439cd231be7dac2bc4cb4031ea89b8) \Device\Harddisk0\DR0

11:54:15.0843 6120 \Device\Harddisk0\DR0 - ok

11:54:15.0843 6120 Boot (0x1200) (44832122e200528c36a99cf075b8e059) \Device\Harddisk0\DR0\Partition0

11:54:15.0843 6120 \Device\Harddisk0\DR0\Partition0 - ok

11:54:15.0843 6120 ============================================================

11:54:15.0843 6120 Scan finished

11:54:15.0843 6120 ============================================================

11:54:15.0859 6112 Detected object count: 0

11:54:15.0859 6112 Actual detected object count: 0

11:54:32.0296 6032 Deinitialize success

In addition, I'm including the RogueKiller report I ran after seeing that it is sometimes requested here.

RogueKiller V7.0.4 [02/08/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User: slow [Admin rights]

Mode: Scan -- Date : 02/14/2012 09:41:59

¤¤¤ Bad processes: 1 ¤¤¤

[RANDOMNAME] WinFLTray.exe -- C:\WINDOWS\system32\WinFLTray.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 4 ¤¤¤

[RANDOMNAME] HKCU\[...]\Run : WinFLTray (C:\WINDOWS\system32\WinFLTray.exe) -> FOUND

[RANDOMNAME] HKUS\S-1-5-21-606747145-152049171-725345543-1003[...]\Run : WinFLTray (C:\WINDOWS\system32\WinFLTray.exe) -> FOUND

[HJ] HKLM\[...]\SystemRestore : DisableSR (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3160812AS +++++

--- User ---

[MBR] 96d58796bb338c1af035b092feb6d5bd

[bSP] bff7eaa5450f5f9bbd73f8b9c38d08b1 : Windows XP MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152578 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

On a side note: The FL program that Rogue is mentioning is called Folder Lock http://www.newsoftwares.net/folderlock/ and I use that on purpose.

Link to post
Share on other sites

Hi, please do not run any tools unless requested, some of them can have unwanted side-effects and even worsen the state of your computer.

COMBOFIX

---------------

Please download ComboFix from one of these locations:


Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

Link to post
Share on other sites

Hello again,

I updated and ran Malwarebytes twice last night before I went to bed, and each time it found the items, and told me to reboot to continue removing them. However, it doesn't seem like they were actually removed, since they show up again on the next immediate scan. I won't be able to get back to the infected PC until later this afternoon, but I'll be sure to return with updated logs as requested.

Link to post
Share on other sites

Please be sure to run also the following scan.

ESET ONLINE SCANNER

----------------------------

I'd like us to scan your machine with ESET OnlineScan

  1. Hold down Control and click on this link to open ESET OnlineScan in a new window.
  2. Click the esetonlinebtn.png button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    1. Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the esetsmartinstaller_enu.png
      icon on your desktop.

    3. Check "YES, I accept the Terms of Use."
    4. Click the Start button.
    5. Accept any security warnings from your browser.
    6. Under scan settings, check "Scan Archives" and "Remove found threats"
    7. Click Advanced settings and select the following:
      • Scan potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth technology

[*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

[*]When the scan completes, click List Threats

[*]Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

[*]Click the Back button.

[*]Click the Finish button.

Link to post
Share on other sites

I ran the ESET Online Scanner as requested, and it said there were no threats to remove. At first, I didn't think it created a log, then I found it under program files for ESET itself.

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=1c72764a454b454cb4687712709e8c85

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-02-15 10:02:22

# local_time=2012-02-15 05:02:22 (-0500, Eastern Standard Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=2560 16777191 100 0 0 0 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# compatibility_mode=9217 16777214 75 4 7316923 7316923 0 0

# scanned=53234

# found=0

# cleaned=0

# scan_time=2588

I will say that Spyware Doctor found 22 items after running the other programs you requested. I'm guessing they are false positives caused by the programs, but figured I'd include it for you to look over just in case.

2/14/2012 6:02:33 PM:812 Infection was detected on this computer

Threat Name - Trojan-Downloader.Murlo

Type - Registry Value

Risk Level - High

Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME, NextInstance

2/14/2012 6:02:34 PM:0 Infection was detected on this computer

Threat Name - Trojan-Downloader.Murlo

Type - Registry Value

Risk Level - High

Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000, Service

2/14/2012 6:02:34 PM:0 Infection was detected on this computer

Threat Name - Trojan-Downloader.Murlo

Type - Registry Value

Risk Level - High

Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000, Legacy

2/14/2012 6:02:34 PM:15 Infection was detected on this computer

Threat Name - Trojan-Downloader.Murlo

Type - Registry Value

Risk Level - High

Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000, ConfigFlags

2/14/2012 6:02:34 PM:15 Infection was detected on this computer

Threat Name - Trojan-Downloader.Murlo

Type - Registry Value

Risk Level - High

Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000, Class

2/14/2012 6:02:34 PM:15 Infection was detected on this computer

Threat Name - Trojan-Downloader.Murlo

Type - Registry Value

Risk Level - High

Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000, ClassGUID

2/14/2012 6:02:34 PM:31 Infection was detected on this computer

Threat Name - Trojan-Downloader.Murlo

Type - Registry Value

Risk Level - High

Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000, DeviceDesc

2/14/2012 6:02:34 PM:31 Infection was detected on this computer

Threat Name - Trojan-Downloader.Murlo

Type - Registry Value

Risk Level - High

Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000, Capabilities

2/14/2012 6:02:34 PM:78 Infection was detected on this computer

Threat Name - Trojan-Downloader.Murlo

Type - Registry Value

Risk Level - High

Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000\Control, ActiveService

2/14/2012 6:02:34 PM:312 Infection was detected on this computer

Threat Name - Trojan-Downloader.Murlo

Type - Registry Key

Risk Level - High

Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000\Control

2/14/2012 6:02:34 PM:312 Infection was detected on this computer

Threat Name - Trojan-Downloader.Murlo

Type - Registry Key

Risk Level - High

Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000

2/14/2012 6:02:34 PM:312 Infection was detected on this computer

Threat Name - Trojan-Downloader.Murlo

Type - Registry Key

Risk Level - High

Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME

2/14/2012 6:02:34 PM:484 Infection was detected on this computer

Threat Name - Trojan-Downloader.Murlo

Type - Registry Value

Risk Level - High

Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme, Type

2/14/2012 6:02:34 PM:500 Infection was detected on this computer

Threat Name - Trojan-Downloader.Murlo

Type - Registry Value

Risk Level - High

Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme, ErrorControl

2/14/2012 6:02:34 PM:515 Infection was detected on this computer

Threat Name - Trojan-Downloader.Murlo

Type - Registry Value

Risk Level - High

Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme, Start

2/14/2012 6:02:34 PM:515 Infection was detected on this computer

Threat Name - Trojan-Downloader.Murlo

Type - Registry Value

Risk Level - High

Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme, ImagePath

2/14/2012 6:02:34 PM:515 Infection was detected on this computer

Threat Name - Trojan-Downloader.Murlo

Type - Registry Value

Risk Level - High

Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme, Group

2/14/2012 6:02:34 PM:546 Infection was detected on this computer

Threat Name - Trojan-Downloader.Murlo

Type - Registry Value

Risk Level - High

Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme\Enum, 0

2/14/2012 6:02:34 PM:546 Infection was detected on this computer

Threat Name - Trojan-Downloader.Murlo

Type - Registry Value

Risk Level - High

Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme\Enum, Count

2/14/2012 6:02:34 PM:546 Infection was detected on this computer

Threat Name - Trojan-Downloader.Murlo

Type - Registry Value

Risk Level - High

Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme\Enum, NextInstance

2/14/2012 6:02:34 PM:546 Infection was detected on this computer

Threat Name - Trojan-Downloader.Murlo

Type - Registry Key

Risk Level - High

Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme\Enum

2/14/2012 6:02:34 PM:546 Infection was detected on this computer

Threat Name - Trojan-Downloader.Murlo

Type - Registry Key

Risk Level - High

Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme

2/14/2012 6:08:51 PM:0 Scan Finished

Scan Type - Intelli-Scan

Items Processed - 509188

Threats Detected - 1

Infections Detected - 22

2/14/2012 6:09:06 PM:531 Infection quarantined

Threat Name - Trojan-Downloader.Murlo

Type - Registry Key

Risk Level - High

Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme

2/14/2012 6:09:06 PM:546 Infection quarantined

Threat Name - Trojan-Downloader.Murlo

Type - Registry Key

Risk Level - High

Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme\Enum

2/14/2012 6:09:06 PM:546 Infection quarantined

Threat Name - Trojan-Downloader.Murlo

Type - Registry Value

Risk Level - High

Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme\Enum, NextInstance

2/14/2012 6:09:06 PM:546 Infection quarantined

Threat Name - Trojan-Downloader.Murlo

Type - Registry Value

Risk Level - High

Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme\Enum, Count

2/14/2012 6:09:06 PM:546 Infection quarantined

Threat Name - Trojan-Downloader.Murlo

Type - Registry Value

Risk Level - High

Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme\Enum, 0

2/14/2012 6:09:06 PM:562 Infection quarantined

Threat Name - Trojan-Downloader.Murlo

Type - Registry Value

Risk Level - High

Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme, Group

2/14/2012 6:09:06 PM:562 Infection quarantined

Threat Name - Trojan-Downloader.Murlo

Type - Registry Value

Risk Level - High

Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme, ImagePath

2/14/2012 6:09:06 PM:562 Infection quarantined

Threat Name - Trojan-Downloader.Murlo

Type - Registry Value

Risk Level - High

Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme, Start

2/14/2012 6:09:06 PM:562 Infection quarantined

Threat Name - Trojan-Downloader.Murlo

Type - Registry Value

Risk Level - High

Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme, ErrorControl

2/14/2012 6:09:06 PM:578 Infection quarantined

Threat Name - Trojan-Downloader.Murlo

Type - Registry Value

Risk Level - High

Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme, Type

2/14/2012 6:09:06 PM:578 Infection quarantined

Threat Name - Trojan-Downloader.Murlo

Type - Registry Key

Risk Level - High

Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME

2/14/2012 6:09:06 PM:578 Infection quarantined

Threat Name - Trojan-Downloader.Murlo

Type - Registry Key

Risk Level - High

Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000

2/14/2012 6:09:06 PM:593 Infection quarantined

Threat Name - Trojan-Downloader.Murlo

Type - Registry Key

Risk Level - High

Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000\Control

2/14/2012 6:09:06 PM:593 Infection quarantined

Threat Name - Trojan-Downloader.Murlo

Type - Registry Value

Risk Level - High

Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000\Control, ActiveService

2/14/2012 6:09:06 PM:593 Infection quarantined

Threat Name - Trojan-Downloader.Murlo

Type - Registry Value

Risk Level - High

Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000, Capabilities

2/14/2012 6:09:06 PM:593 Infection quarantined

Threat Name - Trojan-Downloader.Murlo

Type - Registry Value

Risk Level - High

Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000, DeviceDesc

2/14/2012 6:09:06 PM:593 Infection quarantined

Threat Name - Trojan-Downloader.Murlo

Type - Registry Value

Risk Level - High

Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000, ClassGUID

2/14/2012 6:09:06 PM:609 Infection quarantined

Threat Name - Trojan-Downloader.Murlo

Type - Registry Value

Risk Level - High

Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000, Class

2/14/2012 6:09:06 PM:609 Infection quarantined

Threat Name - Trojan-Downloader.Murlo

Type - Registry Value

Risk Level - High

Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000, ConfigFlags

2/14/2012 6:09:06 PM:609 Infection quarantined

Threat Name - Trojan-Downloader.Murlo

Type - Registry Value

Risk Level - High

Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000, Legacy

2/14/2012 6:09:06 PM:609 Infection quarantined

Threat Name - Trojan-Downloader.Murlo

Type - Registry Value

Risk Level - High

Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000, Service

2/14/2012 6:09:06 PM:703 Infection quarantined

Threat Name - Trojan-Downloader.Murlo

Type - Registry Value

Risk Level - High

Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME, NextInstance

2/14/2012 6:09:06 PM:859 Infection cleaned

Threat Name - Trojan-Downloader.Murlo

Type - Registry Key

Risk Level - High

Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme

2/14/2012 6:09:06 PM:875 Infection cleaned

Threat Name - Trojan-Downloader.Murlo

Type - Registry Key

Risk Level - High

Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme\Enum

2/14/2012 6:09:06 PM:875 Infection cleaned

Threat Name - Trojan-Downloader.Murlo

Type - Registry Value

Risk Level - High

Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme\Enum, NextInstance

2/14/2012 6:09:06 PM:875 Infection cleaned

Threat Name - Trojan-Downloader.Murlo

Type - Registry Value

Risk Level - High

Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme\Enum, Count

2/14/2012 6:09:06 PM:875 Infection cleaned

Threat Name - Trojan-Downloader.Murlo

Type - Registry Value

Risk Level - High

Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme\Enum, 0

2/14/2012 6:09:06 PM:875 Infection cleaned

Threat Name - Trojan-Downloader.Murlo

Type - Registry Value

Risk Level - High

Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme, Group

2/14/2012 6:09:06 PM:875 Infection cleaned

Threat Name - Trojan-Downloader.Murlo

Type - Registry Value

Risk Level - High

Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme, ImagePath

2/14/2012 6:09:06 PM:875 Infection cleaned

Threat Name - Trojan-Downloader.Murlo

Type - Registry Value

Risk Level - High

Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme, Start

2/14/2012 6:09:06 PM:875 Infection cleaned

Threat Name - Trojan-Downloader.Murlo

Type - Registry Value

Risk Level - High

Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme, ErrorControl

2/14/2012 6:09:06 PM:875 Infection cleaned

Threat Name - Trojan-Downloader.Murlo

Type - Registry Value

Risk Level - High

Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme, Type

2/14/2012 6:09:06 PM:875 Infection cleaned

Threat Name - Trojan-Downloader.Murlo

Type - Registry Key

Risk Level - High

Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME

2/14/2012 6:09:06 PM:875 Infection cleaned

Threat Name - Trojan-Downloader.Murlo

Type - Registry Key

Risk Level - High

Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000

2/14/2012 6:09:06 PM:875 Infection cleaned

Threat Name - Trojan-Downloader.Murlo

Type - Registry Key

Risk Level - High

Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000\Control

2/14/2012 6:09:06 PM:875 Infection cleaned

Threat Name - Trojan-Downloader.Murlo

Type - Registry Value

Risk Level - High

Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000\Control, ActiveService

2/14/2012 6:09:06 PM:875 Infection cleaned

Threat Name - Trojan-Downloader.Murlo

Type - Registry Value

Risk Level - High

Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000, Capabilities

2/14/2012 6:09:06 PM:875 Infection cleaned

Threat Name - Trojan-Downloader.Murlo

Type - Registry Value

Risk Level - High

Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000, DeviceDesc

2/14/2012 6:09:06 PM:875 Infection cleaned

Threat Name - Trojan-Downloader.Murlo

Type - Registry Value

Risk Level - High

Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000, ClassGUID

2/14/2012 6:09:06 PM:875 Infection cleaned

Threat Name - Trojan-Downloader.Murlo

Type - Registry Value

Risk Level - High

Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000, Class

2/14/2012 6:09:06 PM:875 Infection cleaned

Threat Name - Trojan-Downloader.Murlo

Type - Registry Value

Risk Level - High

Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000, ConfigFlags

2/14/2012 6:09:06 PM:875 Infection cleaned

Threat Name - Trojan-Downloader.Murlo

Type - Registry Value

Risk Level - High

Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000, Legacy

2/14/2012 6:09:06 PM:875 Infection cleaned

Threat Name - Trojan-Downloader.Murlo

Type - Registry Value

Risk Level - High

Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000, Service

2/14/2012 6:09:06 PM:875 Infection cleaned

Threat Name - Trojan-Downloader.Murlo

Type - Registry Value

Risk Level - High

Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME, NextInstance

2/14/2012 6:09:09 PM:93 Infections Quarantined/Removed Summary

Quarantined - 22

Quarantine Failed - 0

Removed - 22

Remove Failed - 0

Link to post
Share on other sites

That's just it: other than the MBAM detections, the PC seems to be running as normal as can be -- which is why I'm so puzzled over it. Still, with MBAM telling me that it keeps finding backdoor bots and trojans on each scan, and then not actually removing them seems odd. It's as if the don't actually exist. I can go to the folders where they supposedly reside, and there's nothing there. Not sure if it would help, but I thought about removing the files I have listed there (temporarily putting them somewhere else), and using something to scrub/overwrite the free space created and see what happens.

Do any security programs that you know of use this (listing malware that isn't there) as a trick to hide legitimate stuff in plain sight? It would seem to be brilliant and effective way to deter snooping eyes, I would think. Just tossing ideas out there for you to mull over.

I'm using Trucrypt (currently turned off), Malwarebytes, SpywareDoctor, Zone Alarm, and Folder Lock. I've searched the Internet and found nothing of the sort related to these programs so far, but I'm no expert.

Link to post
Share on other sites

Lets do a test. Please press Windows key + R, type notepad and press enter.

Put some text in the file (the word "test" or so) and click File > Save As.

Save the file in the following folder: c:\documents and settings\slow\my documents\my videos\

And name it: pulgfile.log (make sure to select All Files).

Let me know if you can save this file.

Link to post
Share on other sites

That proves indeed that the detected items are not there (which is a good thing). :)

Lets see if we can cause the items no longer to show up in a scan.

Click Start > Run, type chkdsk /r and press enter. When asked to schedule the disk check for next reboot, type Y and pres enter.

Restart your computer and let the disk check run unhindered (note, depending upon the size of your harddisk this may take a while).

When done, restart the computer and run a new MBAM scan. Let me know if the items still show up.

Link to post
Share on other sites

I'll do that now, but I wanted to show you this first: My suspicion led me to think Folder Lock was the culprit, so I removed the program, and ran MBAM again. Guess what? Nothing showed up in the scan this time. See below:

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

Database version: v2012.02.16.01

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

slow :: SLOW-A4E03E217B [administrator]

2/16/2012 10:32:16 AM

mbam-log-2012-02-16 (10-32-16).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 203457

Time elapsed: 5 minute(s), 26 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Guess the culprit has been found. I'm logging off for a while now to run that scan you requested. I'll be back with the results in a few.

Link to post
Share on other sites

I think everything is ok at this point, and I thank you once again for helping me work through this. Having said that, I would recommend the programmers at Malwarebytes examine the Folder Lock program more closely, and get in touch with the makers of it, to better understand what's going on. This way, they can decide either to ignore the results for it, or remove it if they deem it unsafe. After running every scan known to man (with your help, of course), I am feeling pretty confident that its safe to use, and added it back. I'll just ignore that set of results in the future.

Consider this ticket closed. Thanks!

Link to post
Share on other sites

I asked someone from MBAMs staff and they could indeed confirm this. I do not think it is someone that can be helped, aside from a recommendation to shut similar programs down before running the scan though.

ALL CLEAN

--------------

Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :)

Please do the following to remove the remaining programs from your PC:

  • Delete the tools used during the disinfection:
    • Click start > run and type combofix /uninstall, press enter. This will remove Combofix from your computer.

Please read these advices, in order to prevent reinfecting your PC:

  1. Install and update the following programs regularly:
    • an outbound firewall. If you are connected to the internet through a router, you are already behind a hardware firewall and as such you do not need an extra software firewall.
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    • an Anti-Spyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
      SUPERAntiSpyware is another good scanner with high detection and removal rates.
      Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    • Spyware Blaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.

[*]Keep Windows (and your other Microsoft software) up to date!

I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

[*]Keep your other software up to date as well

Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.

[*]Stay up to date!

The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.

Some more links you might find of interest:

Please reply to this topic if you have read the above information. If your computer is working fine, this topic will be closed afterwards.

Link to post
Share on other sites

  • 1 month later...
  • Staff

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.