mustangbubba44 Posted November 6, 2012 ID:610156 Share Posted November 6, 2012 I've got this problem, FBI MoneyPak. Says I downloaded pirated material and owe a fine. I ran ComboFix. My log is attached. Any suggestions? Link to post Share on other sites More sharing options...
Maniac Posted November 6, 2012 ID:610167 Share Posted November 6, 2012 Hello mustangbubba44! My name is Maniac and I will be glad to help you solve your malware problem.Please note:If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.Make sure you read all of the instructions and fixes thoroughly before continuing with them.Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.Your log file is not attached. Please post it in your next reply. Link to post Share on other sites More sharing options...
mustangbubba44 Posted November 6, 2012 Author ID:610170 Share Posted November 6, 2012 Hi Maniac, Here is my log. Also, I will need to leave here in about a half hour for an appointment that will take about two hours. I'll do my best to keep active on this. Thanks in advance for your help. ComboFix 12-11-06.03 - Tom Endicott 11/06/2012 16:36:13.4.4 - x86 MINIMALMicrosoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2702 [GMT -5:00]Running from: c:\documents and settings\Tom Endicott\Desktop\ieplore.exe.exeAV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..---- Previous Run -------.c:\program files\Mozilla Firefox\components\AskHPRFF.jsc:\windows\system32\URTTemp\fusion.dllc:\windows\system32\URTTemp\mscoree.dllc:\windows\system32\URTTemp\mscoree.dll.localc:\windows\system32\URTTemp\mscorsn.dllc:\windows\system32\URTTemp\mscorwks.dllc:\windows\system32\URTTemp\msvcr71.dllc:\windows\system32\URTTemp\regtlib.exe..((((((((((((((((((((((((( Files Created from 2012-10-06 to 2012-11-06 )))))))))))))))))))))))))))))))..2012-11-06 19:06 . 2012-11-06 19:09 -------- d-----w- c:\documents and settings\All Users\Application Data\SOPAgent2012-11-05 12:25 . 2012-10-12 05:56 6918632 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2917786D-1792-43CB-81D5-E80E70308AA8}\mpengine.dll2012-11-04 07:16 . 2012-10-12 05:56 6918632 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2012-10-27 23:36 . 2010-05-14 18:56 125440 ----a-w- c:\windows\system32\hpf3l02t.dll2012-10-27 23:36 . 2010-05-14 18:56 319488 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpfpp02t.dll2012-10-27 23:20 . 2012-10-27 23:20 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant2012-10-27 23:04 . 2010-04-26 08:52 454504 ----a-w- c:\windows\system32\hpzids01.dll2012-10-24 21:31 . 2012-10-24 21:31 -------- d-----w- c:\documents and settings\LocalService\Application Data\IObit2012-10-24 21:31 . 2012-10-24 21:31 -------- d-----w- c:\documents and settings\Tom Endicott\AppData...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2012-10-09 22:20 . 2012-05-07 12:26 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe2012-10-09 22:20 . 2011-11-17 01:20 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2012-09-29 23:54 . 2011-06-06 21:18 22856 ----a-w- c:\windows\system32\drivers\mbam.sys2012-08-31 02:03 . 2009-06-18 22:48 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys2012-08-28 15:14 . 2004-08-10 16:51 916992 ----a-w- c:\windows\system32\wininet.dll2012-08-28 15:14 . 2004-08-10 16:51 43520 ----a-w- c:\windows\system32\licmgr10.dll2012-08-28 15:14 . 2004-08-10 16:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl2012-08-28 12:07 . 2004-08-10 16:51 385024 ----a-w- c:\windows\system32\html.iec2012-08-24 13:53 . 2004-08-10 16:51 177664 ----a-w- c:\windows\system32\wintrust.dll2012-08-21 13:33 . 2004-08-10 16:51 2148864 ------w- c:\windows\system32\ntoskrnl.exe2012-08-21 12:58 . 2004-08-04 02:59 2027520 ------w- c:\windows\system32\ntkrnlpa.exe..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152].[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}].[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]2012-01-03 20:31 1514152 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]"{D578D806-C260-4321-9AE0-3B181B39538C}"= "c:\progra~1\COMMON~1\mcafee\mcproxy\proxyver.dll" [2009-07-08 149520]"{0A9B27F1-F902-43a1-8663-BFF940E2F280}"= "c:\progra~1\COMMON~1\mcafee\mcproxy\proxyver.dll" [2009-07-08 149520]"{0E3F1A07-DA76-4168-BA0F-4AFA3007CEFF}"= "c:\progra~1\COMMON~1\mcafee\mcproxy\proxyver.dll" [2009-07-08 149520]"{4CE3F02C-E146-4C4F-A35D-16C9DA764CC2}"= "c:\progra~1\COMMON~1\mcafee\mcproxy\proxyver.dll" [2009-07-08 149520]"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152].[HKEY_CLASSES_ROOT\clsid\{d578d806-c260-4321-9ae0-3b181b39538c}][HKEY_CLASSES_ROOT\TypeLib\{D578D806-C260-4321-9AE0-3B181B39538C}].[HKEY_CLASSES_ROOT\clsid\{0a9b27f1-f902-43a1-8663-bff940e2f280}][HKEY_CLASSES_ROOT\TypeLib\{0A9B27F1-F902-43a1-8663-BFF940E2F280}].[HKEY_CLASSES_ROOT\clsid\{0e3f1a07-da76-4168-ba0f-4afa3007ceff}][HKEY_CLASSES_ROOT\TypeLib\{0E3F1A07-DA76-4168-BA0F-4AFA3007CEFF}].[HKEY_CLASSES_ROOT\clsid\{4ce3f02c-e146-4c4f-a35d-16c9da764cc2}].[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}][HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1][HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}][HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd].[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152].[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}][HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1][HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}][HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]2012-02-15 00:32 94208 ----a-w- c:\documents and settings\Tom Endicott\Application Data\Dropbox\bin\DropboxExt.14.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]2012-02-15 00:32 94208 ----a-w- c:\documents and settings\Tom Endicott\Application Data\Dropbox\bin\DropboxExt.14.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]2012-02-15 00:32 94208 ----a-w- c:\documents and settings\Tom Endicott\Application Data\Dropbox\bin\DropboxExt.14.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]2012-02-15 00:32 94208 ----a-w- c:\documents and settings\Tom Endicott\Application Data\Dropbox\bin\DropboxExt.14.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2007-07-11 198704]"Advanced SystemCare 6"="c:\program files\IObit\Advanced SystemCare 6\ASCTray.exe" [2012-09-25 490880]"SOPAgent"="c:\documents and settings\All Users\Application Data\SOPAgent\sopag_xejjsme.exe" [2012-11-06 90112].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Logitech BT Wizard"="LBTWiz.exe -silent" [X]"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-23 8429568]"Logitech Hardware Abstraction Layer"="c:\program files\Common Files\Logitech\khalshared\KHALMNPR.EXE" [2007-01-11 101136]"SigmatelSysTrayApp"="stsystra.exe" [2006-07-24 282624]"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]"dscactivate"="c:\dell\dsca.exe" [2007-07-30 16384]"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-11 101136]"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2006-01-06 188416]"HPHmon04"="c:\windows\system32\hphmon04.exe" [2006-01-06 348160]"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-07-29 497648]"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-01-03 1391272]"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008].[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]"AutoLaunch"="c:\program files\Lavasoft\Ad-Aware\AutoLaunch.exe" [2011-06-11 669936].c:\documents and settings\Tom Endicott\Start Menu\Programs\Startup\Dropbox.lnk - c:\documents and settings\Tom Endicott\Application Data\Dropbox\bin\Dropbox.exe [2012-5-24 27112840].c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk - c:\program files\Hp\Digital Imaging\bin\hpqtra08.exe [2010-5-28 276328]SetPoint.lnk - c:\program files\SetPoint\SetPoint.exe [2007-8-29 679936].[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]2007-02-20 17:57 65536 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWlgn.DLL.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]@="Service".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]@="Service".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]@="".[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"DisableNotifications"= 1 (0x1).[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\Bonjour\\mDNSResponder.exe"="c:\\Documents and Settings\\Tom Endicott\\Application Data\\Dropbox\\bin\\Dropbox.exe"="c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"="c:\\Program Files\\iTunes\\iTunes.exe"="c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqtra08.exe"="c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqste08.exe"="c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpofxm08.exe"="c:\\Program Files\\Hp\\Digital Imaging\\bin\\hposfx08.exe"="c:\\Program Files\\Hp\\Digital Imaging\\bin\\hposid01.exe"="c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqkygrp.exe"="c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpfcCopy.exe"="c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpzwiz01.exe"="c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpoews01.exe"="c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpiscnapp.exe"="c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpofxs08.exe"="c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqfxt08.exe"="c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqgplgtupl.exe"="c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqgpc01.exe"="c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqusgm.exe"="c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqusgh.exe"="c:\\Program Files\\Hp\\HP Software Update\\hpwucli.exe"="c:\\Program Files\\Hp\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management.R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [4/3/2009 10:35 AM 64160]R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 2:06 PM 1036104]S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [9/30/2010 3:06 AM 169408]S2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files\IObit\Advanced SystemCare 6\ASCService.exe [10/24/2012 4:31 PM 1026432]S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [9/19/2012 3:21 PM 795072]S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [9/11/2012 6:54 AM 399432]S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/6/2011 4:18 PM 676936]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/6/2011 4:18 PM 22856].[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvcHPService REG_MULTI_SZ HPSLPSVC.Contents of the 'Scheduled Tasks' folder.2012-11-05 c:\windows\Tasks\Ad-Aware Update (Weekly).job- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 14:34].2012-11-06 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-07 22:20].2012-11-06 c:\windows\Tasks\AdobeAAMUpdater-1.0-TOMSCOMPUTER-Tom Endicott.job- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-07-29 06:25].2012-11-04 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 21:57].2012-11-06 c:\windows\Tasks\ASC6_AutoClean.job- c:\program files\IObit\Advanced SystemCare 6\AutoSweep.exe [2012-10-24 18:51].2012-11-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3397943351-4291228987-2028307631-1006Core.job- c:\documents and settings\Tom Endicott\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-12-08 20:04].2012-11-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3397943351-4291228987-2028307631-1006UA.job- c:\documents and settings\Tom Endicott\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-12-08 20:04].2012-11-06 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-09-12 21:25].2012-11-06 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job- c:\program files\Ask.com\UpdateTask.exe [2012-01-03 20:31].2012-11-25 c:\windows\Tasks\User_Feed_Synchronization-{A4D4F966-11CC-4BAA-B939-BE0AE4021753}.job- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]..------- Supplementary Scan -------.uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3070829uInternet Settings,ProxyOverride = <local>;*.localIE: Free YouTube to Mp3 Converter - c:\documents and settings\Tom Endicott\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htmTCP: DhcpNameServer = 192.168.1.1DPF: {70EDCF63-CA7E-4812-8528-DA1EA2FD53B6} - hxxp://www.hostacam.com/scripts/VitaminCtrl_2_1_0_26.cabDPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} - hxxps://valuemanager.iasreo.com/BPO/ImageUploader6.cabDPF: {E4BBF5F2-453C-4D24-8547-A717DD7592B9} - hxxps://valuemanager.iasreo.com/BPO/ImageUploader6.cabFF - ProfilePath - c:\documents and settings\Tom Endicott\Application Data\Mozilla\Firefox\Profiles\o09t08jl.default\FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com?o=13739&l=dirFF - prefs.js: browser.search.selectedEngine - YahooFF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=685749&p=FF - user.js: browser.cache.memory.capacity - 65536FF - user.js: browser.chrome.favicons - falseFF - user.js: browser.display.show_image_placeholders - trueFF - user.js: browser.turbo.enabled - trueFF - user.js: browser.urlbar.autocomplete.enabled - trueFF - user.js: browser.urlbar.autofill - trueFF - user.js: content.interrupt.parsing - trueFF - user.js: content.max.tokenizing.time - 2250000FF - user.js: content.notify.backoffcount - 5FF - user.js: content.notify.interval - 750000FF - user.js: content.notify.ontimer - trueFF - user.js: content.switch.threshold - 750000FF - user.js: network.http.max-connections - 48FF - user.js: network.http.max-connections-per-server - 16FF - user.js: network.http.max-persistent-connections-per-proxy - 16FF - user.js: network.http.max-persistent-connections-per-server - 8FF - user.js: network.http.pipelining - trueFF - user.js: network.http.pipelining.firstrequest - trueFF - user.js: network.http.pipelining.maxrequests - 8FF - user.js: network.http.proxy.pipelining - trueFF - user.js: network.http.request.max-start-delay - 0FF - user.js: nglayout.initialpaint.delay - 0FF - user.js: plugin.expose_full_path - trueFF - user.js: ui.submenuDelay - 0..**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2012-11-06 16:43Windows 5.1.2600 Service Pack 3 NTFS.scanning hidden processes ... .scanning hidden autostart entries ....scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\S-1-5-21-3397943351-4291228987-2028307631-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]"??"=hex:d4,e6,94,6e,dc,b6,30,04,1f,e9,1a,15,78,45,2a,9e,f5,34,66,2c,d0,59,c4, 3e,30,fe,10,58,0d,80,97,63,e2,a8,82,61,2b,b0,ab,e9,c6,3b,f6,b3,30,74,e5,f0,\"??"=hex:f9,3c,4c,01,e5,1e,f9,46,76,91,6e,b9,de,50,8d,8b.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".--------------------- DLLs Loaded Under Running Processes ---------------------.- - - - - - - > 'winlogon.exe'(348)c:\program files\common files\logitech\bluetooth\LBTWlgn.dllc:\program files\common files\logitech\bluetooth\LBTServ.dllc:\windows\system32\l3codeca.acm.- - - - - - - > 'explorer.exe'(1160)c:\windows\system32\WININET.dllc:\documents and settings\Tom Endicott\Application Data\Dropbox\bin\DropboxExt.14.dllc:\windows\system32\ieframe.dllc:\windows\system32\l3codeca.acmc:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll.Completion time: 2012-11-06 16:44:49ComboFix-quarantined-files.txt 2012-11-06 21:44ComboFix2.txt 2011-06-04 23:14ComboFix3.txt 2010-01-28 16:43.Pre-Run: 219,414,212,608 bytes freePost-Run: 219,388,076,032 bytes free.- - End Of File - - 9C9D3838009C791ABC13D411D4DC4FAE Link to post Share on other sites More sharing options...
Maniac Posted November 6, 2012 ID:610172 Share Posted November 6, 2012 Please post the contents of C:\Qoobox\Add-Remove-Programs-list.txt in your next reply. Link to post Share on other sites More sharing options...
mustangbubba44 Posted November 6, 2012 Author ID:610175 Share Posted November 6, 2012 How do I generate the C:\Qoobox\Add-Remove-Programs-list.txt ? Link to post Share on other sites More sharing options...
mustangbubba44 Posted November 7, 2012 Author ID:610244 Share Posted November 7, 2012 How do I generate the C:\Qoobox\Add-Remove-Programs-list.txt ?Please post the contents of C:\Qoobox\Add-Remove-Programs-list.txt in your next reply.32 Bit HP CIO Components Installer3ivx MPEG-4 5.0.3 (remove only)8500A909_eDocsAd-AwareAdobe AIRAdobe Community HelpAdobe Flash Player 11 ActiveXAdobe Flash Player 11 PluginAdobe Photoshop Elements 9Adobe Photoshop.com Inspiration BrowserAdobe Reader X (10.1.4)Advanced SystemCare 6AnswerWorks 5.0 English RuntimeApple Application SupportApple Mobile Device SupportApple Software UpdateBonjourBPD_DSWizardsbpd_scanBPDSoftwareBPDSoftware_IniBufferChmCDDRV_InstallerCisco WebEx MeetingsComm1: VFR Radio SimulatorConexant D850 56K V.9x DFVc ModemCoupon Printer for WindowsDave Ramsey's Financial Peace SoftwareDeep Space ExplorerDell CinePlayerDell Driver Reset ToolDell Support CenterDell System RestoreDellSupportDestinationsDeviceDiscoveryDictionary.com ToolbarDictionary.com Toolbar UpdaterDigital Line DetectDocMgrDocProc Link to post Share on other sites More sharing options...
mustangbubba44 Posted November 7, 2012 Author ID:610245 Share Posted November 7, 2012 32 Bit HP CIO Components Installer3ivx MPEG-4 5.0.3 (remove only)8500A909_eDocsAd-AwareAdobe AIRAdobe Community HelpAdobe Flash Player 11 ActiveXAdobe Flash Player 11 PluginAdobe Photoshop Elements 9Adobe Photoshop.com Inspiration BrowserAdobe Reader X (10.1.4)Advanced SystemCare 6AnswerWorks 5.0 English RuntimeApple Application SupportApple Mobile Device SupportApple Software UpdateBonjourBPD_DSWizardsbpd_scanBPDSoftwareBPDSoftware_IniBufferChmCDDRV_InstallerCisco WebEx MeetingsComm1: VFR Radio SimulatorConexant D850 56K V.9x DFVc ModemCoupon Printer for WindowsDave Ramsey's Financial Peace SoftwareDeep Space ExplorerDell CinePlayerDell Driver Reset ToolDell Support CenterDell System RestoreDellSupportDestinationsDeviceDiscoveryDictionary.com ToolbarDictionary.com Toolbar UpdaterDigital Line DetectDocMgrDocProcOops, didn't use select all. Here is the whole file:32 Bit HP CIO Components Installer3ivx MPEG-4 5.0.3 (remove only)8500A909_eDocsAd-AwareAdobe AIRAdobe Community HelpAdobe Flash Player 11 ActiveXAdobe Flash Player 11 PluginAdobe Photoshop Elements 9Adobe Photoshop.com Inspiration BrowserAdobe Reader X (10.1.4)Advanced SystemCare 6AnswerWorks 5.0 English RuntimeApple Application SupportApple Mobile Device SupportApple Software UpdateBonjourBPD_DSWizardsbpd_scanBPDSoftwareBPDSoftware_IniBufferChmCDDRV_InstallerCisco WebEx MeetingsComm1: VFR Radio SimulatorConexant D850 56K V.9x DFVc ModemCoupon Printer for WindowsDave Ramsey's Financial Peace SoftwareDeep Space ExplorerDell CinePlayerDell Driver Reset ToolDell Support CenterDell System RestoreDellSupportDestinationsDeviceDiscoveryDictionary.com ToolbarDictionary.com Toolbar UpdaterDigital Line DetectDocMgrDocProcDocumentation & Support LauncherDropboxElements 9 OrganizerElements STI InstallerFaxFlight Simulator XFlight Simulator X Service Pack 1FlipShareFormViewerFree Audio CD Burner version 1.4Free YouTube Download 2.3Free YouTube to MP3 Converter version 3.8Games, Music, & Photos LauncherGARMIN 500 Series TrainerGoogle ChromeGoogle Toolbar for Internet ExplorerGPBaseService2Hewlett-Packard ACLM.NET v1.1.0.0High Definition Audio Driver Package - KB835221Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)Hotfix for Windows Media Format SDK (KB902344)Hotfix for Windows XP (KB2158563)Hotfix for Windows XP (KB2443685)Hotfix for Windows XP (KB2570791)Hotfix for Windows XP (KB2633952)Hotfix for Windows XP (KB2756822)Hotfix for Windows XP (KB952287)Hotfix for Windows XP (KB954550-v5)Hotfix for Windows XP (KB961118)Hotfix for Windows XP (KB970653-v3)Hotfix for Windows XP (KB976098-v2)Hotfix for Windows XP (KB979306)Hotfix for Windows XP (KB981793)HP Customer Participation Program 12.0HP Document Manager 2.0HP Driver DiagnosticsHP Imaging Device Functions 14.0HP Officejet Pro 8500 A909 SeriesHP Product DetectionHP Smart Web Printing 4.60HP Solution Center 14.0HP UpdateHPDiagnosticAlertHPProductAssistantHPSSupplyIntel® Matrix Storage ManagerIntel® PRO Network Connections 11.2.1.69IrfanView (remove only)iTunesJava 6 Update 17KhalSetupMalwarebytes Anti-Malware version 1.65.1.1000MarketResearchMicrosoft .NET Framework 1.1Microsoft .NET Framework 1.1 Security Update (KB2656353)Microsoft .NET Framework 1.1 Security Update (KB2656370)Microsoft .NET Framework 1.1 Security Update (KB979906)Microsoft .NET Framework 2.0 Service Pack 2Microsoft .NET Framework 3.0 Service Pack 2Microsoft .NET Framework 3.5 SP1Microsoft Application Error ReportingMicrosoft Base Smart Card Cryptographic Service Provider PackageMicrosoft Flight Simulator XMicrosoft Flight Simulator X: AccelerationMicrosoft Kernel-Mode Driver Framework Feature Pack 1.5Microsoft Office 2007 Service Pack 3 (SP3)Microsoft Office Excel MUI (English) 2007Microsoft Office File Validation Add-InMicrosoft Office Home and Student 2007Microsoft Office OneNote MUI (English) 2007Microsoft Office PowerPoint MUI (English) 2007Microsoft Office Proof (English) 2007Microsoft Office Proof (French) 2007Microsoft Office Proof (Spanish) 2007Microsoft Office Proofing (English) 2007Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)Microsoft Office Shared MUI (English) 2007Microsoft Office Shared Setup Metadata MUI (English) 2007Microsoft Office Word MUI (English) 2007Microsoft Plus! Digital Media Edition InstallerMicrosoft Plus! Photo Story 2 LEMicrosoft Security ClientMicrosoft Security EssentialsMicrosoft Software Update for Web Folders (English) 12Microsoft Visual C RuntimeMicrosoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Zoo TycoonMicrosoft_VC80_CRT_x86Microsoft_VC80_MFC_x86Microsoft_VC80_MFCLOC_x86Microsoft_VC90_CRT_x86MobileMe Control PanelModem HelperMozilla Firefox (3.0.12)MPMMSVCSetupMSXML 4.0 SP2 (KB936181)MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)MSXML 4.0 SP2 Parser and SDKMusicmatch for Windows Media PlayerNancy Drew: Danger on Deception IslandNancy Drew: Last Train to Blue Moon CanyonNancy Drew: Ransom of the Seven ShipsNancy Drew: The Phantom of VeniceNancy Drew: Treasure in the Royal TowerNancy Drew: Warnings at Waverly AcademyNetWaitingNetworkNVIDIA DriversOCR Software by I.R.I.S. 14.0PhotoScapePhotosmart 130,230,7150,7345,7350,7550 (Remove only)PrimoPDF -- by Nitro PDF SoftwarePunch! Home and Landscape Design SuiteQualxServ Service AgreementQuicken 2010QuickTimeRisk (remove only)Roxio Creator AudioRoxio Creator BDAV PluginRoxio Creator CopyRoxio Creator DataRoxio Creator DERoxio Creator ToolsRoxio Drag-to-DiscRoxio Express LabelerRoxio MyDVD DERoxio Update ManagerScanSearchAssistSecurity Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596672) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596744) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596754) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596785) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596792) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596856) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596871) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2597162) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2597969) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2687314) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2687441) 32-Bit EditionSecurity Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit EditionSecurity Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit EditionSecurity Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit EditionSecurity Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit EditionSecurity Update for Microsoft Office Word 2007 (KB2687315) 32-Bit EditionSecurity Update for Microsoft Windows (KB2564958)Security Update for Step By Step Interactive Training (KB923723)Security Update for Windows Internet Explorer 8 (KB2183461)Security Update for Windows Internet Explorer 8 (KB2360131)Security Update for Windows Internet Explorer 8 (KB2416400)Security Update for Windows Internet Explorer 8 (KB2482017)Security Update for Windows Internet Explorer 8 (KB2497640)Security Update for Windows Internet Explorer 8 (KB2510531)Security Update for Windows Internet Explorer 8 (KB2530548)Security Update for Windows Internet Explorer 8 (KB2544521)Security Update for Windows Internet Explorer 8 (KB2559049)Security Update for Windows Internet Explorer 8 (KB2586448)Security Update for Windows Internet Explorer 8 (KB2618444)Security Update for Windows Internet Explorer 8 (KB2647516)Security Update for Windows Internet Explorer 8 (KB2675157)Security Update for Windows Internet Explorer 8 (KB2699988)Security Update for Windows Internet Explorer 8 (KB2722913)Security Update for Windows Internet Explorer 8 (KB2744842)Security Update for Windows Internet Explorer 8 (KB969897)Security Update for Windows Internet Explorer 8 (KB971961)Security Update for Windows Internet Explorer 8 (KB972260)Security Update for Windows Internet Explorer 8 (KB974455)Security Update for Windows Internet Explorer 8 (KB976325)Security Update for Windows Internet Explorer 8 (KB978207)Security Update for Windows Internet Explorer 8 (KB981332)Security Update for Windows Internet Explorer 8 (KB982381)Security Update for Windows Media Player (KB2378111)Security Update for Windows Media Player (KB911564)Security Update for Windows Media Player (KB952069)Security Update for Windows Media Player (KB954155)Security Update for Windows Media Player (KB968816)Security Update for Windows Media Player (KB973540)Security Update for Windows Media Player (KB975558)Security Update for Windows Media Player (KB978695)Security Update for Windows Media Player 10 (KB936782)Security Update for Windows Media Player 6.4 (KB925398)Security Update for Windows XP (KB2079403)Security Update for Windows XP (KB2115168)Security Update for Windows XP (KB2121546)Security Update for Windows XP (KB2160329)Security Update for Windows XP (KB2229593)Security Update for Windows XP (KB2259922)Security Update for Windows XP (KB2279986)Security Update for Windows XP (KB2286198)Security Update for Windows XP (KB2296011)Security Update for Windows XP (KB2296199)Security Update for Windows XP (KB2347290)Security Update for Windows XP (KB2360937)Security Update for Windows XP (KB2387149)Security Update for Windows XP (KB2393802)Security Update for Windows XP (KB2412687)Security Update for Windows XP (KB2419632)Security Update for Windows XP (KB2423089)Security Update for Windows XP (KB2436673)Security Update for Windows XP (KB2440591)Security Update for Windows XP (KB2443105)Security Update for Windows XP (KB2476490)Security Update for Windows XP (KB2476687)Security Update for Windows XP (KB2478960)Security Update for Windows XP (KB2478971)Security Update for Windows XP (KB2479628)Security Update for Windows XP (KB2479943)Security Update for Windows XP (KB2481109)Security Update for Windows XP (KB2483185)Security Update for Windows XP (KB2485376)Security Update for Windows XP (KB2485663)Security Update for Windows XP (KB2491683)Security Update for Windows XP (KB2503658)Security Update for Windows XP (KB2503665)Security Update for Windows XP (KB2506212)Security Update for Windows XP (KB2506223)Security Update for Windows XP (KB2507618)Security Update for Windows XP (KB2507938)Security Update for Windows XP (KB2508272)Security Update for Windows XP (KB2508429)Security Update for Windows XP (KB2509553)Security Update for Windows XP (KB2511455)Security Update for Windows XP (KB2524375)Security Update for Windows XP (KB2535512)Security Update for Windows XP (KB2536276-v2)Security Update for Windows XP (KB2536276)Security Update for Windows XP (KB2544893-v2)Security Update for Windows XP (KB2544893)Security Update for Windows XP (KB2555917)Security Update for Windows XP (KB2562937)Security Update for Windows XP (KB2566454)Security Update for Windows XP (KB2567053)Security Update for Windows XP (KB2567680)Security Update for Windows XP (KB2570222)Security Update for Windows XP (KB2570947)Security Update for Windows XP (KB2584146)Security Update for Windows XP (KB2585542)Security Update for Windows XP (KB2592799)Security Update for Windows XP (KB2598479)Security Update for Windows XP (KB2603381)Security Update for Windows XP (KB2618451)Security Update for Windows XP (KB2619339)Security Update for Windows XP (KB2620712)Security Update for Windows XP (KB2621440)Security Update for Windows XP (KB2624667)Security Update for Windows XP (KB2631813)Security Update for Windows XP (KB2633171)Security Update for Windows XP (KB2639417)Security Update for Windows XP (KB2641653)Security Update for Windows XP (KB2646524)Security Update for Windows XP (KB2647518)Security Update for Windows XP (KB2653956)Security Update for Windows XP (KB2655992)Security Update for Windows XP (KB2659262)Security Update for Windows XP (KB2660465)Security Update for Windows XP (KB2661637)Security Update for Windows XP (KB2676562)Security Update for Windows XP (KB2685939)Security Update for Windows XP (KB2686509)Security Update for Windows XP (KB2691442)Security Update for Windows XP (KB2695962)Security Update for Windows XP (KB2698365)Security Update for Windows XP (KB2705219)Security Update for Windows XP (KB2707511)Security Update for Windows XP (KB2709162)Security Update for Windows XP (KB2712808)Security Update for Windows XP (KB2718523)Security Update for Windows XP (KB2719985)Security Update for Windows XP (KB2723135)Security Update for Windows XP (KB2724197)Security Update for Windows XP (KB2731847)Security Update for Windows XP (KB923561)Security Update for Windows XP (KB923689)Security Update for Windows XP (KB923789)Security Update for Windows XP (KB938464-v2)Security Update for Windows XP (KB938464)Security Update for Windows XP (KB941569)Security Update for Windows XP (KB946648)Security Update for Windows XP (KB950762)Security Update for Windows XP (KB950974)Security Update for Windows XP (KB951066)Security Update for Windows XP (KB951376-v2)Security Update for Windows XP (KB951698)Security Update for Windows XP (KB951748)Security Update for Windows XP (KB952004)Security Update for Windows XP (KB952954)Security Update for Windows XP (KB953838)Security Update for Windows XP (KB953839)Security Update for Windows XP (KB954211)Security Update for Windows XP (KB954459)Security Update for Windows XP (KB954600)Security Update for Windows XP (KB955069)Security Update for Windows XP (KB956391)Security Update for Windows XP (KB956572)Security Update for Windows XP (KB956744)Security Update for Windows XP (KB956802)Security Update for Windows XP (KB956803)Security Update for Windows XP (KB956841)Security Update for Windows XP (KB956844)Security Update for Windows XP (KB957095)Security Update for Windows XP (KB957097)Security Update for Windows XP (KB958644)Security Update for Windows XP (KB958687)Security Update for Windows XP (KB958690)Security Update for Windows XP (KB958869)Security Update for Windows XP (KB959426)Security Update for Windows XP (KB960225)Security Update for Windows XP (KB960715)Security Update for Windows XP (KB960803)Security Update for Windows XP (KB960859)Security Update for Windows XP (KB961371)Security Update for Windows XP (KB961373)Security Update for Windows XP (KB961501)Security Update for Windows XP (KB968537)Security Update for Windows XP (KB969059)Security Update for Windows XP (KB969898)Security Update for Windows XP (KB969947)Security Update for Windows XP (KB970238)Security Update for Windows XP (KB970430)Security Update for Windows XP (KB971468)Security Update for Windows XP (KB971486)Security Update for Windows XP (KB971557)Security Update for Windows XP (KB971633)Security Update for Windows XP (KB971657)Security Update for Windows XP (KB972270)Security Update for Windows XP (KB973346)Security Update for Windows XP (KB973354)Security Update for Windows XP (KB973507)Security Update for Windows XP (KB973525)Security Update for Windows XP (KB973869)Security Update for Windows XP (KB973904)Security Update for Windows XP (KB974112)Security Update for Windows XP (KB974318)Security Update for Windows XP (KB974392)Security Update for Windows XP (KB974571)Security Update for Windows XP (KB975025)Security Update for Windows XP (KB975467)Security Update for Windows XP (KB975560)Security Update for Windows XP (KB975561)Security Update for Windows XP (KB975562)Security Update for Windows XP (KB975713)Security Update for Windows XP (KB977165)Security Update for Windows XP (KB977816)Security Update for Windows XP (KB977914)Security Update for Windows XP (KB978037)Security Update for Windows XP (KB978251)Security Update for Windows XP (KB978262)Security Update for Windows XP (KB978338)Security Update for Windows XP (KB978542)Security Update for Windows XP (KB978601)Security Update for Windows XP (KB978706)Security Update for Windows XP (KB979309)Security Update for Windows XP (KB979482)Security Update for Windows XP (KB979559)Security Update for Windows XP (KB979683)Security Update for Windows XP (KB979687)Security Update for Windows XP (KB980195)Security Update for Windows XP (KB980218)Security Update for Windows XP (KB980232)Security Update for Windows XP (KB980436)Security Update for Windows XP (KB981322)Security Update for Windows XP (KB981852)Security Update for Windows XP (KB981957)Security Update for Windows XP (KB981997)Security Update for Windows XP (KB982132)Security Update for Windows XP (KB982214)Security Update for Windows XP (KB982665)Security Update for Windows XP (KB982802)SetPointShop for HP SuppliesSmartWebPrintingSolutionCenterSonic Activation ModuleSouthwest CalculatorStarry Night CSAPStatusToolboxTop Producer EditorTrayAppUniblue ProcessQuickLink 2Uninstall 1.0.0.1Update for 2007 Microsoft Office System (KB967642)Update for Microsoft .NET Framework 3.5 SP1 (KB963707)Update for Windows Internet Explorer 8 (KB2598845)Update for Windows Internet Explorer 8 (KB2632503)Update for Windows Internet Explorer 8 (KB968220)Update for Windows Internet Explorer 8 (KB976662)Update for Windows Internet Explorer 8 (KB976749)Update for Windows Internet Explorer 8 (KB980182)Update for Windows XP (KB2141007)Update for Windows XP (KB2345886)Update for Windows XP (KB2467659)Update for Windows XP (KB2492386)Update for Windows XP (KB2541763)Update for Windows XP (KB2607712)Update for Windows XP (KB2616676)Update for Windows XP (KB2641690)Update for Windows XP (KB2661254-v2)Update for Windows XP (KB2718704)Update for Windows XP (KB2736233)Update for Windows XP (KB2749655)Update for Windows XP (KB951072-v2)Update for Windows XP (KB951978)Update for Windows XP (KB955759)Update for Windows XP (KB955839)Update for Windows XP (KB967715)Update for Windows XP (KB968389)Update for Windows XP (KB971029)Update for Windows XP (KB971737)Update for Windows XP (KB973687)Update for Windows XP (KB973815)URL AssistantVisual C++ 2008 x86 Runtime - (v9.0.30729)Visual C++ 2008 x86 Runtime - v9.0.30729.01WebFldrs XPWebRegWIDCOMM Bluetooth SoftwareWindows Feature Pack for Storage (32-bit) - IMAPI update for Blu-RayWindows Installer 3.1 (KB893803)Windows Internet Explorer 8Windows Management Framework CoreWindows Media Format RuntimeWindows Media Player 10Windows Movie Maker 2.0Windows XP Service Pack 3Yahoo! MessengerYahoo! Toolbar Link to post Share on other sites More sharing options...
Maniac Posted November 7, 2012 ID:610315 Share Posted November 7, 2012 Please do not run ComboFix anymore without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look hereStep 1Please download Junkware Removal Tool to your desktop.Shut down your protection software now to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.The tool will open and start scanning your system.Please be patient as this can take a while to complete depending on your system's specifications.On completion, a log (JRT.txt) is saved to your desktop and will automatically open.Post the contents of JRT.txt into your next message.Step 2Launch Malwarebytes' Anti-MalwareGo to Update tab and select Check for Updates. If an update is found, it will download and install the latest version. Go to Scanner tab and select Perform Quick Scan, then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.Step 3Download aswMBR.exe to your desktop. Double click the aswMBR.exe to run it Click the "Scan" button to start scan On completion of the scan click save log, save it to your desktop and post in your next reply In your next reply, post the following log files:Junkware Removal Tool logMalwarebytes' Anti-Malware logaswMBR log Link to post Share on other sites More sharing options...
mustangbubba44 Posted November 7, 2012 Author ID:610343 Share Posted November 7, 2012 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 2.8.4 (11.07.2012)OS: Microsoft Windows XP x86Ran by Tom Endicott on Wed 11/07/2012 at 7:56:37.67Blog: http://thisisudax.blogspot.com~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ServicesSuccessfully stopped: [service] Application UpdaterSuccessfully deleted: [service] Application Updater~~~ Registry ValuesSuccessfully deleted: [Registry Value] hkey_local_machine\software\microsoft\windows\currentversion\run\\ApnUpdaterSuccessfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\urlsearchhooks\\{00000000-6e41-4fd3-8538-502f5495e5fc}Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{d4027c7f-154a-4066-a1ad-4243d8127440}Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{d4027c7f-154a-4066-a1ad-4243d8127440}~~~ Registry KeysSuccessfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\software\search settings"Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{171debeb-c3d4-40b7-ac73-056a5eba4a7e}Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ef99bd32-c1fb-11d2-892f-0090271d4f88}Successfully deleted: [Registry Key] hkey_classes_root\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}Successfully deleted: [Registry Key] hkey_classes_root\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{d4027c7f-154a-4066-a1ad-4243d8127440}Successfully deleted: [Registry Key] "hkey_classes_root\genericasktoolbar.toolbarwnd"Successfully deleted: [Registry Key] "hkey_classes_root\genericasktoolbar.toolbarwnd.1"Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\askbardis"Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\asktoolbarinfo"Successfully deleted: [Registry Key] "hkey_current_user\software\ask.com"Successfully deleted: [Registry Key] "hkey_current_user\software\asktoolbar"Successfully deleted: [Registry Key] "hkey_local_machine\software\apn"Successfully deleted: [Registry Key] "hkey_local_machine\software\asktoolbar"Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\appid\genericasktoolbar.dll"Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\0e12f736682067fde4d1158d5940a82e"Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\1a24b5bb8521b03e0c8d908f5abc0ae6"Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\261f213d1f55267499b1f87d0cc3bcf7"Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\2b0d56c4f4c46d844a57ffed6f0d2852"Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\49d4375fe41653242aea4c969e4e65e0"Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\6aa0923513360135b272e8289c5f13fa"Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\6f7467af8f29c134cbbab394eccfde96"Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\741b4adf27276464790022c965ab6da8"Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\7de196b10195f5647a2b21b761f3de01"Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\922525dcc5199162f8935747ca3d8e59"Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\9d4f5849367142e4685ed8c25e44c5ed"Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\a5875b04372c19545beb90d4d606c472"Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\a876d9e80b896ec44a8620248cc79296"Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\b66ffab725b92594c986de826a867888"Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\bcda179d619b91648538e3394cac94cc"Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\d677b1a9671d4d4004f6f2a4469e86ea"Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\dd1402a9dd4215a43abde169a41afa0e"Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\e36e114a0ead2ad46b381d23ad69cddf"Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\ef8e618db3aedfbb384561b5c548f65e"Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\products\a28b4d68debaa244eb686953b7074fef"~~~ FilesSuccessfully deleted: [File] "C:\WINDOWS\couponprinter.ocx"Successfully deleted: [File] "C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job"~~~ FoldersSuccessfully deleted: [Folder] "C:\Documents and Settings\Tom Endicott\Application Data\dvdvideosoftiehelpers"Successfully deleted: [Folder] "C:\Documents and Settings\Tom Endicott\Application Data\search settings"Successfully deleted: [Folder] "C:\Program Files\Common Files\dvdvideosoft"Successfully deleted: [Folder] "C:\Program Files\Common Files\spigot"Successfully deleted: [Folder] "C:\Program Files\application updater"Successfully deleted: [Folder] "C:\Program Files\coupons"Successfully deleted: [Folder] "C:\Program Files\dvdvideosoft"Failed to delete: [Folder-LOCKED!] "C:\Program Files\ask.com"Successfully deleted: [Folder] "C:\Documents and Settings\Tom Endicott\local settings\application data\asktoolbar"Successfully deleted: [Folder] "C:\WINDOWS\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}"~~~ FireFox detected and repairedSuccessfully deleted: [File] C:\Documents and Settings\Tom Endicott\Application Data\Mozilla\Firefox\Profiles\o09t08jl.default\user.jsFailed to delete: [Folder] C:\Documents and Settings\Tom Endicott\Application Data\Mozilla\Firefox\Profiles\o09t08jl.default\extensions\iobit@mybrowserbar.comSuccessfully deleted: [Folder] C:\Documents and Settings\Tom Endicott\Application Data\Mozilla\Firefox\Profiles\o09t08jl.default\extensions\toolbar@ask.comFailed to delete: [Folder] C:\Documents and Settings\Tom Endicott\Application Data\Mozilla\Firefox\Profiles\o09t08jl.default\extensions\wtxpcom@mybrowserbar.comSuccessfully deleted: [Folder] C:\Documents and Settings\Tom Endicott\Application Data\Mozilla\Firefox\Profiles\o09t08jl.default\extensions\{acaa314b-eeba-48e4-ad47-84e31c44796c}Successfully deleted: [Folder] C:\Documents and Settings\Tom Endicott\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}Successfully deleted: [File] C:\Documents and Settings\Tom Endicott\Application Data\Mozilla\Firefox\Profiles\o09t08jl.default\searchplugins\askcom.xmlFailed to delete: [npCouponPrinter.dll] from [FF plugins]Failed to delete: [npMozCouponPrinter.dll] from [FF plugins]user_pref("extensions.enabledItems", "toolbar@ask.com:3.14.1.100010,{ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1,{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17,jqs@sun.com:1.0,{20a82645-c095-46ed-80e3-08825760534b}:1.1,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.12");user_pref("extensions.snipit.chromeURL", "http://toolbar.ask.com/toolbarv/askRedirect?o=20008&gct=&gc=1&q={searchTerms}&crm=1");~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Wed 11/07/2012 at 7:59:43.43End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Link to post Share on other sites More sharing options...
mustangbubba44 Posted November 7, 2012 Author ID:610344 Share Posted November 7, 2012 Malwarebytes Anti-Malware (PRO) 1.65.1.1000www.malwarebytes.orgDatabase version: v2012.11.07.04Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)Internet Explorer 8.0.6001.18702Tom Endicott :: TOMSCOMPUTER [administrator]Protection: Disabled11/7/2012 8:05:03 AMmbam-log-2012-11-07 (08-05-03).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 239912Time elapsed: 2 minute(s), 48 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 1HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|SOPAgent (Backdoor.Bot) -> Data: C:\Documents and Settings\All Users\Application Data\SOPAgent\sopag_xejjsme.exe -> Quarantined and deleted successfully.Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 1C:\Documents and Settings\All Users\Application Data\SOPAgent\sopag_xejjsme.exe (Backdoor.Bot) -> Quarantined and deleted successfully.(end) Link to post Share on other sites More sharing options...
Maniac Posted November 7, 2012 ID:610349 Share Posted November 7, 2012 BACKDOOR WARNINGOne or more of the identified infections is known to use a backdoor.This allows hackers to remotely control your computer, steal critical system information and download and execute files.I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:Help: I Got Hacked. Now What Do I Do?Help: I Got Hacked. Now What Do I Do? Part IIHow Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?When Should I Format, How Should I ReinstallWe can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please let me know. Link to post Share on other sites More sharing options...
mustangbubba44 Posted November 7, 2012 Author ID:610374 Share Posted November 7, 2012 I want to clean it, but will probably end up getting a new one as I was planning on doing so anyway.aswMBR version 0.9.9.1665 Copyright© 2011 AVAST SoftwareRun date: 2012-11-07 08:18:05-----------------------------08:18:05.250 OS Version: Windows 5.1.2600 Service Pack 308:18:05.250 Number of processors: 4 586 0xF0B08:18:05.250 ComputerName: TOMSCOMPUTER UserName: Tom Endicott08:18:05.875 Initialize success08:19:17.812 AVAST engine defs: 1211070008:19:27.593 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-108:19:27.609 Disk 0 Vendor: ST332062 3.AD Size: 305245MB BusType: 308:19:27.625 Disk 0 MBR read successfully08:19:27.625 Disk 0 MBR scan08:19:27.656 Disk 0 unknown MBR code08:19:27.671 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 47 MB offset 6308:19:27.703 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 301940 MB offset 9639008:19:27.734 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 3255 MB offset 61847037008:19:27.765 Disk 0 scanning sectors +62513734508:19:27.859 Disk 0 scanning C:\WINDOWS\system32\drivers08:19:35.390 Service scanning08:19:48.140 Modules scanning08:19:51.593 Disk 0 trace - called modules:08:19:51.765 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll08:19:51.906 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8abea9c0]08:19:52.062 3 CLASSPNP.SYS[f7647fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8abb5030]08:19:52.812 AVAST engine scan C:\WINDOWS08:19:58.781 AVAST engine scan C:\WINDOWS\system3208:21:46.046 AVAST engine scan C:\WINDOWS\system32\drivers08:21:59.062 AVAST engine scan C:\Documents and Settings\Tom Endicott08:28:46.031 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Tom Endicott\Desktop\MBR.dat"08:28:46.140 The log file has been saved successfully to "C:\Documents and Settings\Tom Endicott\Desktop\aswMBR.txt"08:40:45.453 AVAST engine scan C:\Documents and Settings\All Users08:52:16.953 Scan finished successfully08:52:53.203 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Tom Endicott\Desktop\MBR.dat"08:52:53.218 The log file has been saved successfully to "C:\Documents and Settings\Tom Endicott\Desktop\aswMBR.txt" Link to post Share on other sites More sharing options...
Maniac Posted November 7, 2012 ID:610376 Share Posted November 7, 2012 Okay. In this case, boot in Normal mode, update Malwarebytes' Anti-Malware and perform a quick scan. Post the log in your next reply. Link to post Share on other sites More sharing options...
mustangbubba44 Posted November 7, 2012 Author ID:610389 Share Posted November 7, 2012 Malwarebytes Anti-Malware (PRO) 1.65.1.1000www.malwarebytes.orgDatabase version: v2012.11.07.04Windows XP Service Pack 3 x86 NTFSInternet Explorer 8.0.6001.18702Tom Endicott :: TOMSCOMPUTER [administrator]Protection: Enabled11/7/2012 9:18:15 AMmbam-log-2012-11-07 (09-18-15).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 241571Time elapsed: 2 minute(s), 51 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)(end) Link to post Share on other sites More sharing options...
Maniac Posted November 7, 2012 ID:610400 Share Posted November 7, 2012 Please run a free online scan with the ESET Online ScannerNote: You will need to use Internet Explorer for this scanTick the box next to YES, I accept the Terms of UseClick StartWhen asked, allow the ActiveX control to installClick StartMake sure that the options Remove found threats and the option Scan unwanted applications is checkedClick Scan (This scan can take several hours, so please be patient)Once the scan is completed, you may close the windowUse Notepad to open the logfile located at C:\Program Files\ESET\Eset Online Scanner\log.txtCopy and paste that log as a reply to this topic Link to post Share on other sites More sharing options...
mustangbubba44 Posted November 7, 2012 Author ID:610434 Share Posted November 7, 2012 ESETSmartInstaller@High as CAB hook log:OnlineScanner.ocx - registred OK# version=7# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)# OnlineScanner.ocx=1.0.0.6583# api_version=3.0.2# EOSSerial=f9b14e2c386eed4b982f09c98743d1ea# end=finished# remove_checked=true# archives_checked=true# unwanted_checked=true# unsafe_checked=false# antistealth_checked=true# utc_time=2012-11-07 04:51:47# local_time=2012-11-07 11:51:48 (-0500, Eastern Standard Time)# country="United States"# lang=1033# osver=5.1.2600 NT Service Pack 3# compatibility_mode=512 16777215 100 0 44169749 44169749 0 0# compatibility_mode=1024 16777215 100 0 44279179 44279179 0 0# compatibility_mode=5891 16776869 42 93 0 5001591 0 0# compatibility_mode=8192 67108863 100 0 0 0 0 0# scanned=240945# found=5# cleaned=5# scan_time=5289C:\Program Files\IObit Toolbar\IE\6.3\iobitToolbarIE.dll a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 00000000000000000000000000000000 CC:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1765\A0209786.exe a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 00000000000000000000000000000000 CC:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1765\A0209792.dll a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 00000000000000000000000000000000 CC:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1766\A0209859.dll a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 00000000000000000000000000000000 CC:\WINDOWS\Installer\309a53b.msi probably a variant of Win32/Toolbar.Widgi application (deleted - quarantined) 00000000000000000000000000000000 C Link to post Share on other sites More sharing options...
Maniac Posted November 7, 2012 ID:610497 Share Posted November 7, 2012 Download AVPTool from Here to your desktop Run the programme you have just downloaded to your desktop (it will be randomly named) Click the cog in the upper right Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan Allow AVP to delete all infections foundOnce it has finished select report tab (last tab)Select Detected threads report from the left and press Save buttonSave it to your desktop and post it in your next reply. Link to post Share on other sites More sharing options...
LDTate Posted November 27, 2012 ID:617701 Share Posted November 27, 2012 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts