Jump to content

Cannot install MBAM or use IE/Some search engines


Recommended Posts

Hey all, first time post here.

I recently have been unable to access google or install certain programs, and after trying to open internet explorer or use windows updates with no success I tried installed mbam (its my work computer, use it at home often). No success, can't install it or any other antivirus.

Here is my DDS:

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.21.2

Run by Justin at 15:15:04 on 2013-05-13

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1042.18.2038.1448 [GMT 9:00]

.

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

============== Running Processes ================

.

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

C:\Program Files\Java\jre7\bin\jqs.exe

C:\Program Files\AhnLab\APC2\Policy Agent\pasvc.exe

C:\Program Files\AhnLab\APC2\Policy Agent\PaPd.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\AhnLab\APC2\Policy Agent\patray.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\WINDOWS\system32\SearchFilterHost.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k imgsvc

.

============== Pseudo HJT Report ===============

.

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC

mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [HncUpdate] c:\program files\common files\hnc\hncutils\HncChecker.exe

mRun: [PaTray] "c:\program files\ahnlab\apc2\policy agent\patray.exe"

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [iME14 KOR Uninstall] c:\program files\common files\microsoft shared\ime14\shared\IMEKLMG.EXE /Uninstall /KOR /Log

mRun: [Korean IME Migration] c:\progra~1\common~1\micros~1\ime12\imekr\IMKRMIG.EXE

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

dRun: [ctfmon.exe] ctfmon.exe

StartupFolder: c:\docume~1\justin\e0ac~1\6dd0~1\ab6f~1\Dropbox.lnk -

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Explorer: NoDriveTypeAutoRun = dword:255

mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1

mPolicies-Explorer: NoDriveTypeAutoRun = dword:145

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

DPF: {063F7D71-5E0B-48F2-87D5-F63C5917947E} - hxxp://ahnlabdownload.nefficient.co.kr/aos/plugin/aosmgr.cab

DPF: {286A75C3-11FB-4FB4-AC4A-4DD1B0750050} - hxxps://vbv.nonghyup.com/initech/plugin/down/INIS60.cab

DPF: {39461460-2552-4D51-A062-3AB6A7B902E9} - hxxp://banking.nonghyup.com/shttp/install/down/INIS70.cab

DPF: {39FC0CF9-86F3-4502-B773-D16706EDEC83} - hxxp://banking.nonghyup.com/plugin/scsk/403174/SCSK4.cab

DPF: {5547DED5-E6A9-469A-90F0-5BFE5CD33FF1} - hxxps://pay.kcp.co.kr/plugin_new/file/KCPPaymentUX.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1346719379953

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1367280649953

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab

DPF: {D179A761-637C-41DC-B2F4-5F3C9A81390C} - hxxp://58.29.236.68/PassChecker.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

TCP: Interfaces\{A97FA8F4-8FE2-411F-A2D2-FE2D9D8E9EFB} : NameServer = 210.220.16.7,164.124.101.2

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL

Hosts: 192.150.18.117 www.adobe.com Static IP Entry

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\justin\application data\mozilla\firefox\profiles\2y50jbm6.default\

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\windows\system32\adobe\director\np32dsw_1202122.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_169.dll

FF - plugin: c:\windows\system32\npDeployJava1.dll

FF - plugin: c:\windows\system32\npenkIEInstall5.dll

FF - plugin: c:\windows\system32\nPFWFltU.dll

FF - plugin: c:\windows\system32\nPFWU.dll

FF - plugin: c:\windows\system32\npidsxU.dll

FF - plugin: c:\windows\system32\npptools.dll

.

============= SERVICES / DRIVERS ===============

.

R1 AMonTDnt;AMonTDnt;c:\windows\system32\drivers\amontdnt.sys [2012-9-4 106120]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-23 12880]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-13 67664]

R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2013-5-8 119024]

R2 AnfdIOnt;AnfdIOnt;c:\windows\system32\drivers\AnfdIOnt.sys [2012-9-4 15048]

R2 paSvc;Policy Agent Service;c:\program files\ahnlab\apc2\policy agent\PaSvc.exe [2012-9-4 858824]

R2 Policy Agent PD Service;Policy Agent PD Service;c:\program files\ahnlab\apc2\policy agent\PaPd.exe [2012-9-4 125640]

R3 PDNfeNt;PDNfeNt;c:\program files\ahnlab\apc2\policy agent\PdNfeNt.sys [2012-9-4 33088]

S3 AhnFlt2K;AhnFlt2K;\??\c:\windows\system32\drivers\ahnflt2k.sys --> c:\windows\system32\drivers\AhnFlt2K.sys [?]

S3 AhnRec2K;AhnRec2K;\??\c:\windows\system32\drivers\ahnrec2k.sys --> c:\windows\system32\drivers\AhnRec2K.sys [?]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2012-9-4 1691480]

S3 JRSKD24;JRSKD24;\??\c:\windows\system32\jrskd24.sys --> c:\windows\system32\JRSKD24.SYS [?]

S3 kcrtx86;kcrtx86;c:\windows\system32\kcrtx86.sys [2012-11-27 126048]

S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2013-5-13 35144]

.

=============== File Associations ===============

.

ShellExec: Hwp.exe: print=c:\hnc\hwp70\HwpPrnMng.exe /p "%1"

.

=============== Created Last 30 ================

.

2013-05-13 04:58:43 -------- d-----w- c:\documents and settings\justin\local settings\application data\Mozilla

2013-05-13 04:57:32 -------- d-----w- c:\documents and settings\justin\local settings\application data\Sun

2013-05-13 04:47:18 -------- d-----w- c:\documents and settings\justin\application data\Dropbox

2013-05-13 04:44:41 -------- d-----w- c:\documents and settings\justin\application data\Windows Desktop Search

2013-05-13 04:44:40 -------- d--h--w- c:\windows\PIF

2013-05-13 04:44:40 -------- d-----w- c:\documents and settings\justin\?? ??

2013-05-13 04:44:40 -------- d-----r- c:\documents and settings\justin\?? ??

2013-05-13 04:12:48 -------- d-----w- c:\documents and settings\justin\local settings\application data\Google

2013-05-13 04:04:49 -------- d-----w- c:\documents and settings\justin\local settings\application data\Identities

2013-05-13 04:04:16 -------- d-sh--w- c:\documents and settings\justin\IETldCache

2013-05-13 04:03:30 -------- d-----w- c:\documents and settings\justin\local settings\application data\Microsoft

2013-05-13 03:56:59 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2013-05-09 03:24:12 6906960 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a8b84381-faca-4de5-b78c-ac81ec210e83}\mpengine.dll

2013-05-07 23:54:19 6906960 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll

2013-05-05 23:57:03 -------- d-----w- c:\windows\system32\Adobe

2013-04-30 03:01:48 275696 ----a-w- c:\windows\system32\mucltui.dll

2013-04-30 03:01:48 14576 ----a-w- c:\windows\system32\mucltui.dll.mui

2013-04-30 00:42:38 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2013-04-29 08:03:33 238872 ------w- c:\windows\system32\MpSigStub.exe

2013-04-29 07:49:58 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys

2013-04-29 07:49:58 12928 -c----w- c:\windows\system32\dllcache\usb8023.sys

2013-04-29 07:45:16 -------- d-----w- c:\windows\system32\wbem\repository\FS

2013-04-29 07:45:16 -------- d-----w- c:\windows\system32\wbem\Repository

2013-04-29 07:38:10 -------- d-----w- c:\program files\common files\INCA Shared

2013-04-29 07:37:10 -------- d-----w- c:\program files\Foruser Soft

2013-04-29 07:37:08 -------- d-----w- c:\program files\NPKI

2013-04-29 05:31:06 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2013-04-29 05:23:25 -------- d-----w- c:\windows\pss

2013-04-26 06:36:04 -------- d-----w- c:\program files\SUPERAntiSpyware

2013-04-26 06:36:04 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com

.

==================== Find3M ====================

.

2013-05-09 04:11:14 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-05-09 04:11:13 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-04-30 00:42:16 144896 ----a-w- c:\windows\system32\javacpl.cpl

2013-04-30 00:42:13 866720 ----a-w- c:\windows\system32\npDeployJava1.dll

2013-04-30 00:42:13 788896 ----a-w- c:\windows\system32\deployJava1.dll

2013-03-08 08:36:11 330752 ----a-w- c:\windows\system32\winsrv.dll

2013-03-07 15:56:51 2151424 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-03-07 15:56:51 2030080 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-03-02 01:57:44 1866880 ----a-w- c:\windows\system32\win32k.sys

2013-03-02 01:53:28 916480 ----a-w- c:\windows\system32\wininet.dll

2013-03-02 01:53:25 43520 ------w- c:\windows\system32\licmgr10.dll

2013-03-02 01:53:25 1469440 ------w- c:\windows\system32\inetcpl.cpl

2013-03-02 01:08:47 385024 ------w- c:\windows\system32\html.iec

2013-02-27 07:56:46 2067456 ----a-w- c:\windows\system32\mstscax.dll

.

============= FINISH: 15:15:51.40 ===============

AND Here is my Attach:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

.

Motherboard: SAMSUNG ELECTRONICS CO.,LTD | | DeskTop System

Processor: Intel® Pentium® 4 CPU 3.00GHz | LGA 775 | 2992/mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 142 GiB total, 117.742 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E968-E325-11CE-BFC1-08002BE10318}

Description: Intel® 82915G/GV/910GL Express Chipset Family

Device ID: PCI\VEN_8086&DEV_2582&SUBSYS_6840144D&REV_0E\3&61AAA01&0&10

Manufacturer: Intel Corporation

Name: Intel® 82915G/GV/910GL Express Chipset Family

PNP Device ID: PCI\VEN_8086&DEV_2582&SUBSYS_6840144D&REV_0E\3&61AAA01&0&10

Service: ialm

.

Class GUID: {4D36E97B-E325-11CE-BFC1-08002BE10318}

Description: Virtual CloneDrive

Device ID: ROOT\SCSIADAPTER\0000

Manufacturer: Elaborate Bytes AG

Name: Virtual CloneDrive

PNP Device ID: ROOT\SCSIADAPTER\0000

Service: VClone

.

==== System Restore Points ===================

.

.

==== Installed Programs ======================

.

?????? ?? 2007

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.6)

Adobe Shockwave Player 12.0

AhnLab Policy Agent 4.0

CCleaner

CutePDF Writer 3.0

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows XP (KB954550-v5)

Intel® Graphics Media Accelerator Driver

Intel® Network Connections Drivers

J2SE Runtime Environment 5.0

Java 7 Update 21

Java Auto Updater

Korean Fonts Support For Adobe Reader X

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 ??? ?? ?

Microsoft .NET Framework 1.1 Security Update (KB2698023)

Microsoft .NET Framework 1.1 Security Update (KB2742597)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Base ??? ?? ??? ??? ??? ???

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access MUI (Korean) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office Excel MUI (Korean) 2007

Microsoft Office File Validation Add-In

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (Korean) 2007

Microsoft Office IME (Korean) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office InfoPath MUI (Korean) 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office OneNote MUI (Korean) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office Outlook MUI (Korean) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint MUI (Korean) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Korean) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing (Korean) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Publisher MUI (Korean) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared MUI (Korean) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Office Word MUI (Korean) 2007

Microsoft Software Update for Web Folders (English) 12

Microsoft Software Update for Web Folders (Korean) 12

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Mozilla Firefox 20.0.1 (x86 en-US)

Mozilla Maintenance Service

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 ?? ? SDK

Realtek High Definition Audio Driver

Rosetta Stone Version 3

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition

SUPERAntiSpyware

swMSM

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition

Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2768021) 32-Bit Edition

VirtualCloneDrive

VLC media player 2.0.5

WebFldrs XP

Windows Genuine Advantage Notifications (KB905474)

Windows Internet Explorer 7

Windows Internet Explorer 7? ?? ???? (KB2544521)

Windows Internet Explorer 7? ?? ???? (KB2722913)

Windows Internet Explorer 8

Windows Internet Explorer 8? ?? ???? (KB2510531)

Windows Internet Explorer 8? ?? ???? (KB2544521)

Windows Internet Explorer 8? ?? ???? (KB2618444)

Windows Internet Explorer 8? ?? ???? (KB2744842)

Windows Internet Explorer 8? ?? ???? (KB2761465)

Windows Internet Explorer 8? ?? ???? (KB2792100)

Windows Internet Explorer 8? ?? ???? (KB2797052)

Windows Internet Explorer 8? ?? ???? (KB2799329)

Windows Internet Explorer 8? ?? ???? (KB2817183)

Windows Internet Explorer 8? ?? ???? (KB982381)

Windows Internet Explorer 8? ???? (KB2598845)

Windows Internet Explorer 8? ???? (KB2632503)

Windows Media Format 11 runtime

Windows Media Player 11

Windows Search 4.0

Windows XP Service Pack 3

WinRAR 4.20 (32-bit)

.

==== End Of File ===========================

Hope I can get this resolved, thanks for taking a look!

Link to post
Share on other sites

Hello missionshill and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

ComboFix 13-05-18.04 - Justin 2013-05-20 9:19.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1042.18.2038.1309 [GMT 9:00]

Running from: c:\documents and settings\Justin\My Documents\Downloads\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\RmAgent2.log

c:\windows\system32\PDDRIVERUTIL.log

c:\windows\system32\SLog.log

c:\windows\system32\URTTemp

c:\windows\system32\URTTemp\fusion.dll

c:\windows\system32\URTTemp\mscoree.dll

c:\windows\system32\URTTemp\mscoree.dll.local

c:\windows\system32\URTTemp\mscorsn.dll

c:\windows\system32\URTTemp\mscorwks.dll

c:\windows\system32\URTTemp\msvcr71.dll

c:\windows\system32\URTTemp\regtlib.exe

c:\windows\tmp

c:\windows\tmp\dd_vcredistMSI68A4.txt

c:\windows\tmp\dd_vcredistMSI7416.txt

c:\windows\tmp\dd_vcredistUI68A4.txt

c:\windows\tmp\dd_vcredistUI7416.txt

c:\windows\tmp\qtsingleapp-koboex-f4a6-0-lockfile

.

.

((((((((((((((((((((((((( Files Created from 2013-04-20 to 2013-05-20 )))))))))))))))))))))))))))))))

.

.

2013-05-13 04:44 . 2013-05-13 04:44 -------- d--h--w- c:\windows\PIF

2013-05-13 04:44 . 2013-05-13 04:44 -------- d-----r- c:\docume~1\Justin\E0AC~1

2013-05-13 04:03 . 2013-05-13 06:15 -------- d-----w- c:\documents and settings\Justin

2013-05-09 03:24 . 2013-04-09 11:08 6906960 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A8B84381-FACA-4DE5-B78C-AC81EC210E83}\mpengine.dll

2013-05-07 23:54 . 2013-04-09 11:08 6906960 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-05-05 23:57 . 2013-05-13 04:43 -------- d-----w- c:\windows\system32\Adobe

2013-04-30 03:01 . 2012-06-02 06:18 275696 ----a-w- c:\windows\system32\mucltui.dll

2013-04-30 00:42 . 2013-04-30 00:42 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2013-04-29 08:03 . 2013-05-02 15:28 238872 ------w- c:\windows\system32\MpSigStub.exe

2013-04-29 07:49 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys

2013-04-29 07:49 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023.sys

2013-04-29 07:45 . 2013-04-29 07:45 -------- d-----w- c:\windows\system32\wbem\Repository

2013-04-29 07:38 . 2013-04-29 07:38 -------- d-----w- c:\program files\Common Files\INCA Shared

2013-04-29 07:37 . 2013-04-29 07:37 -------- d-----w- c:\program files\Foruser Soft

2013-04-29 07:37 . 2013-04-29 07:37 -------- d-----w- c:\program files\NPKI

2013-04-29 07:33 . 2013-04-29 07:33 -------- d-----w- c:\documents and settings\Administrator\.swt

2013-04-29 05:31 . 2013-04-29 05:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2013-04-26 06:36 . 2013-05-13 04:44 -------- d-----w- c:\program files\SUPERAntiSpyware

2013-04-26 06:36 . 2013-04-26 06:36 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-05-15 03:48 . 2012-09-04 00:46 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-05-15 03:48 . 2012-09-04 00:46 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-04-30 00:42 . 2012-09-07 02:42 144896 ----a-w- c:\windows\system32\javacpl.cpl

2013-04-30 00:42 . 2012-09-07 02:41 788896 ----a-w- c:\windows\system32\deployJava1.dll

2013-04-30 00:42 . 2012-09-07 02:41 866720 ----a-w- c:\windows\system32\npDeployJava1.dll

2013-04-16 22:16 . 2006-08-04 12:00 920064 ----a-w- c:\windows\system32\wininet.dll

2013-04-16 22:16 . 2006-08-04 12:00 43520 ------w- c:\windows\system32\licmgr10.dll

2013-04-16 22:16 . 2006-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2013-04-12 23:29 . 2006-08-04 12:00 385024 ------w- c:\windows\system32\html.iec

2013-04-12 14:00 . 2006-08-04 12:00 1875968 ----a-w- c:\windows\system32\win32k.sys

2013-03-08 08:36 . 2006-08-04 12:00 330752 ----a-w- c:\windows\system32\winsrv.dll

2013-03-07 15:56 . 2006-08-04 12:00 2151424 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-03-07 15:56 . 2004-08-04 00:47 2030080 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-02-27 07:56 . 2012-09-03 23:51 2067456 ----a-w- c:\windows\system32\mstscax.dll

2013-04-10 06:58 . 2013-04-30 01:57 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2006-08-04 208952]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-08-04 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-08-04 455168]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]

"HncUpdate"="c:\program files\Common Files\Hnc\HncUtils\HncChecker.exe" [2012-09-04 715616]

"PaTray"="c:\program files\AhnLab\APC2\Policy Agent\patray.exe" [2011-06-30 432840]

"RTHDCPL"="RTHDCPL.EXE" [2010-11-16 19722344]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]

"IME14 KOR Uninstall"="c:\program files\Common Files\Microsoft Shared\IME14\SHARED\IMEKLMG.EXE" [2010-01-20 80240]

"Korean IME Migration"="c:\progra~1\COMMON~1\MICROS~1\IME12\IMEKR\IMKRMIG.EXE" [2006-10-26 26400]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-11 253816]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="ctfmon.exe" [2008-04-13 15360]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2013-05-07 115440]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200412]

Ime File REG_SZ IMKR12.IME

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Documents and Settings\\Administrator\\Application Data\\Dropbox\\bin\\Dropbox.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=

"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\RosettaStoneVersion3.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"6063:TCP"= 6063:TCP:APC6063

"6178:TCP"= 6178:TCP:APC6178

"2191:UDP"= 2191:UDP:APCLOG

.

R3 AhnFlt2K;AhnFlt2K;c:\windows\system32\drivers\AhnFlt2K.sys [x]

R3 AhnRec2K;AhnRec2K;c:\windows\system32\drivers\AhnRec2K.sys [x]

R3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [x]

R3 JRSKD24;JRSKD24;c:\windows\system32\JRSKD24.SYS [x]

R3 kcrtx86;kcrtx86;c:\windows\system32\kcrtx86.sys [x]

R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [x]

S1 AMonTDnt;AMonTDnt;c:\windows\system32\Drivers\AMonTDnt.sys [x]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [x]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]

S2 AnfdIOnt;AnfdIOnt;c:\windows\system32\Drivers\AnfdIOnt.sys [x]

S2 paSvc;Policy Agent Service;c:\program files\AhnLab\APC2\Policy Agent\pasvc.exe [x]

S2 Policy Agent PD Service;Policy Agent PD Service;c:\program files\AhnLab\APC2\Policy Agent\PaPd.exe [x]

S3 PDNfeNt;PDNfeNt;c:\program files\AhnLab\APC2\Policy Agent\PDNfeNt.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2013-05-19 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-04 03:48]

.

.

------- Supplementary Scan -------

.

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Microsoft Excel? ????(&X) - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: Interfaces\{A97FA8F4-8FE2-411F-A2D2-FE2D9D8E9EFB}: NameServer = 210.220.16.7,164.124.101.2

DPF: {286A75C3-11FB-4FB4-AC4A-4DD1B0750050} - hxxps://vbv.nonghyup.com/initech/plugin/down/INIS60.cab

DPF: {5547DED5-E6A9-469A-90F0-5BFE5CD33FF1} - hxxps://pay.kcp.co.kr/plugin_new/file/KCPPaymentUX.cab

DPF: {D179A761-637C-41DC-B2F4-5F3C9A81390C} - hxxp://58.29.236.68/PassChecker.cab

FF - ProfilePath - c:\documents and settings\Justin\Application Data\Mozilla\Firefox\Profiles\2y50jbm6.default\

.

- - - - ORPHANS REMOVED - - - -

.

SafeBoot-66148935.sys

SafeBoot-72406307.sys

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2013-05-20 09:24

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

HncUpdate = c:\program files\Common Files\Hnc\HncUtils\HncChecker.exe??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]

@="??????à±î¾?????ø¨?à±î¾? v1"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]

@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]

@="??????à±î¾?????ø¨?à±î¾? v2"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]

@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(796)

c:\windows\system32\IMKR12.IME

.

Completion time: 2013-05-20 09:26:47

ComboFix-quarantined-files.txt 2013-05-20 00:26

.

Pre-Run: 125,734,498,304 bytes free

Post-Run: 125,919,686,656 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

- - End Of File - - 481195B4B2C3D7E35DDE984F44FB5B04

Link to post
Share on other sites

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

DirLook::

c:\docume~1\Justin\E0AC~1

JavaClearCache::

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Link to post
Share on other sites

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

Database version: v2013.05.19.10

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Justin :: 무안123 [administrator]

2013-05-22 오전 8:56:33

mbam-log-2013-05-22 (08-56-33).txt

Scan type: Custom scan (C:\MSOCache|)

Scan options enabled: File System | Heuristics/Shuriken | PUP | PUM

Scan options disabled: Memory | Startup | Registry | Heuristics/Extra | P2P

Objects scanned: 174

Time elapsed: 1 minute(s), 56 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

I created and saved the script to the same folder as Combofix and then dragged it on top. The program ran like it did before, and this is the log it creatd:

ComboFix 13-05-23.02 - Justin 2013-05-24 14:40:55.3.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1042.18.2038.1531 [GMT 9:00]

Running from: c:\documents and settings\Justin\My Documents\Downloads\ComboFix.exe

Command switches used :: c:\documents and settings\Justin\My Documents\Downloads\CFScript.txt

AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\system32\PDDRIVERUTIL.log

c:\windows\system32\SLog.log

.

---- Previous Run -------

.

c:\windows\system32\PDDRIVERUTIL.log

c:\windows\system32\SLog.log

.

.

((((((((((((((((((((((((( Files Created from 2013-04-24 to 2013-05-24 )))))))))))))))))))))))))))))))

.

.

2013-05-20 02:08 . 2013-05-20 02:03 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys

2013-05-20 02:08 . 2013-05-20 02:03 135136 ----a-w- c:\windows\system32\drivers\avipbb.sys

2013-05-20 02:08 . 2013-05-20 02:03 84744 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2013-05-20 02:08 . 2013-05-20 02:08 -------- d-----w- c:\program files\Avira

2013-05-20 02:08 . 2013-05-20 02:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

2013-05-20 00:42 . 2013-05-20 00:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2013-05-20 00:42 . 2013-04-04 05:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-05-20 00:04 . 2013-05-20 00:04 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2013-05-19 23:58 . 2013-05-19 23:58 -------- d-----w- C:\temp

2013-05-13 04:44 . 2013-05-24 05:35 -------- d-----w- c:\docume~1\Justin\F58E~1

2013-05-13 04:44 . 2013-05-13 04:44 -------- d--h--w- c:\windows\PIF

2013-05-13 04:44 . 2013-05-13 04:44 -------- d-----r- c:\docume~1\Justin\E0AC~1

2013-05-13 04:03 . 2013-05-22 07:42 -------- d-----w- c:\documents and settings\Justin

2013-05-09 03:24 . 2013-04-09 11:08 6906960 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A8B84381-FACA-4DE5-B78C-AC81EC210E83}\mpengine.dll

2013-05-07 23:54 . 2013-04-09 11:08 6906960 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-05-05 23:57 . 2013-05-13 04:43 -------- d-----w- c:\windows\system32\Adobe

2013-04-30 03:01 . 2012-06-02 06:18 275696 ----a-w- c:\windows\system32\mucltui.dll

2013-04-30 00:42 . 2013-04-30 00:42 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2013-04-29 08:03 . 2013-05-02 15:28 238872 ------w- c:\windows\system32\MpSigStub.exe

2013-04-29 07:49 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys

2013-04-29 07:49 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023.sys

2013-04-29 07:45 . 2013-04-29 07:45 -------- d-----w- c:\windows\system32\wbem\Repository

2013-04-29 07:38 . 2013-04-29 07:38 -------- d-----w- c:\program files\Common Files\INCA Shared

2013-04-29 07:37 . 2013-04-29 07:37 -------- d-----w- c:\program files\Foruser Soft

2013-04-29 07:37 . 2013-04-29 07:37 -------- d-----w- c:\program files\NPKI

2013-04-29 07:33 . 2013-04-29 07:33 -------- d-----w- c:\documents and settings\Administrator\.swt

2013-04-29 05:31 . 2013-04-29 05:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2013-04-26 06:36 . 2013-05-20 02:06 -------- d-----w- c:\program files\SUPERAntiSpyware

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-05-15 03:48 . 2012-09-04 00:46 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-05-15 03:48 . 2012-09-04 00:46 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-04-30 00:42 . 2012-09-07 02:42 144896 ----a-w- c:\windows\system32\javacpl.cpl

2013-04-30 00:42 . 2012-09-07 02:41 788896 ----a-w- c:\windows\system32\deployJava1.dll

2013-04-30 00:42 . 2012-09-07 02:41 866720 ----a-w- c:\windows\system32\npDeployJava1.dll

2013-04-16 22:16 . 2006-08-04 12:00 920064 ----a-w- c:\windows\system32\wininet.dll

2013-04-16 22:16 . 2006-08-04 12:00 43520 ------w- c:\windows\system32\licmgr10.dll

2013-04-16 22:16 . 2006-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2013-04-12 23:29 . 2006-08-04 12:00 385024 ------w- c:\windows\system32\html.iec

2013-04-12 14:00 . 2006-08-04 12:00 1875968 ----a-w- c:\windows\system32\win32k.sys

2013-03-08 08:36 . 2006-08-04 12:00 330752 ----a-w- c:\windows\system32\winsrv.dll

2013-03-07 15:56 . 2006-08-04 12:00 2151424 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-03-07 15:56 . 2004-08-04 00:47 2030080 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-02-27 07:56 . 2012-09-03 23:51 2067456 ----a-w- c:\windows\system32\mstscax.dll

.

.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

---- Directory of c:\docume~1\Justin\E0AC~1 ----

.

2013-05-13 06:15 . 2013-05-13 06:15 62 --sha-w- c:\docume~1\Justin\E0AC~1\????\?? ??\desktop.ini

2013-05-13 04:47 . 2013-05-13 04:47 1070 ----a-w- c:\docume~1\Justin\E0AC~1\????\??????\Dropbox.lnk

2013-05-13 04:14 . 2013-05-13 04:14 1548 ----a-w- c:\docume~1\Justin\E0AC~1\????\Google ??.lnk

2013-05-13 04:04 . 2013-05-13 04:04 803 ----a-w- c:\docume~1\Justin\E0AC~1\????\Internet Explorer.lnk

2013-05-13 04:04 . 2013-05-13 04:04 833 ----a-w- c:\docume~1\Justin\E0AC~1\????\??????\??? ??\Internet Explorer(?? ?? ??).lnk

2013-05-13 04:04 . 2013-05-13 04:04 774 ----a-w- c:\docume~1\Justin\E0AC~1\????\??????\???.lnk

2013-05-13 04:04 . 2013-05-13 04:04 738 ----a-w- c:\docume~1\Justin\E0AC~1\????\Outlook Express.lnk

2013-05-13 04:03 . 2012-09-03 23:27 62 --sha-w- c:\docume~1\Justin\E0AC~1\desktop.ini

2013-05-13 04:03 . 2013-05-13 04:04 182 --sha-w- c:\docume~1\Justin\E0AC~1\????\desktop.ini

2013-05-13 04:03 . 2013-05-13 04:04 522 --sha-w- c:\docume~1\Justin\E0AC~1\????\??????\desktop.ini

2013-05-13 04:03 . 2012-09-03 23:55 1527 ----a-w- c:\docume~1\Justin\E0AC~1\????\??????\Windows XP ????.lnk

2013-05-13 04:03 . 2012-09-03 23:55 282 --sha-w- c:\docume~1\Justin\E0AC~1\????\??????\?? ??? ??\desktop.ini

2013-05-13 04:03 . 2012-09-03 23:55 1525 ----a-w- c:\docume~1\Justin\E0AC~1\????\??????\?? ??? ??\???.lnk

2013-05-13 04:03 . 2013-05-13 04:04 788 ----a-w- c:\docume~1\Justin\E0AC~1\????\Windows Media Player.lnk

2013-05-13 04:03 . 2012-09-03 23:53 1487 ----a-w- c:\docume~1\Justin\E0AC~1\????\??????\Windows ???.lnk

2013-05-13 04:03 . 2012-09-03 23:55 1539 ----a-w- c:\docume~1\Justin\E0AC~1\????\??????\?? ??? ??\???? ???.lnk

2013-05-13 04:03 . 2012-09-03 23:55 1519 ----a-w- c:\docume~1\Justin\E0AC~1\????\??????\???.lnk

2013-05-13 04:03 . 2012-09-03 23:55 1501 ----a-w- c:\docume~1\Justin\E0AC~1\????\??????\?? ??? ??\?? ???.lnk

2013-05-13 04:03 . 2013-05-21 23:29 1519 ----a-w- c:\docume~1\Justin\E0AC~1\????\??????\???.lnk

2013-05-13 04:03 . 2012-09-03 23:55 1555 ----a-w- c:\docume~1\Justin\E0AC~1\????\??????\?? ????.lnk

2013-05-13 04:03 . 2012-09-03 23:55 1522 ----a-w- c:\docume~1\Justin\E0AC~1\????\??????\??? ?? ?? ???.lnk

2013-05-13 04:03 . 2012-09-03 23:55 386 ----a-w- c:\docume~1\Justin\E0AC~1\????\??????\???? ??? ???.lnk

2013-05-13 04:03 . 2012-09-03 23:55 84 --sha-w- c:\docume~1\Justin\E0AC~1\????\??????\??????\desktop.ini

2013-05-13 04:03 . 2012-09-03 23:55 1599 ----a-w- c:\docume~1\Justin\E0AC~1\????\?? ??.lnk

2013-05-13 04:03 . 2012-09-03 23:55 84 --sha-w- c:\docume~1\Justin\E0AC~1\????\??????\desktop.ini

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2006-08-04 208952]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-08-04 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-08-04 455168]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]

"HncUpdate"="c:\program files\Common Files\Hnc\HncUtils\HncChecker.exe" [2012-09-04 715616]

"PaTray"="c:\program files\AhnLab\APC2\Policy Agent\patray.exe" [2011-06-30 432840]

"RTHDCPL"="RTHDCPL.EXE" [2010-11-16 19722344]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]

"IME14 KOR Uninstall"="c:\program files\Common Files\Microsoft Shared\IME14\SHARED\IMEKLMG.EXE" [2010-01-20 80240]

"Korean IME Migration"="c:\progra~1\COMMON~1\MICROS~1\IME12\IMEKR\IMKRMIG.EXE" [2006-10-26 26400]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-11 253816]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-05-20 345312]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="ctfmon.exe" [2008-04-13 15360]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200412]

Ime File REG_SZ IMKR12.IME

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Documents and Settings\\Administrator\\Application Data\\Dropbox\\bin\\Dropbox.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=

"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\RosettaStoneVersion3.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"6063:TCP"= 6063:TCP:APC6063

"6178:TCP"= 6178:TCP:APC6178

"2191:UDP"= 2191:UDP:APCLOG

.

R3 AhnFlt2K;AhnFlt2K;c:\windows\system32\drivers\AhnFlt2K.sys [x]

R3 AhnRec2K;AhnRec2K;c:\windows\system32\drivers\AhnRec2K.sys [x]

R3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [x]

R3 JRSKD24;JRSKD24;c:\windows\system32\JRSKD24.SYS [x]

R3 kcrtx86;kcrtx86;c:\windows\system32\kcrtx86.sys [x]

R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [x]

S1 AMonTDnt;AMonTDnt;c:\windows\system32\Drivers\AMonTDnt.sys [x]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]

S2 AnfdIOnt;AnfdIOnt;c:\windows\system32\Drivers\AnfdIOnt.sys [x]

S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [x]

S2 paSvc;Policy Agent Service;c:\program files\AhnLab\APC2\Policy Agent\pasvc.exe [x]

S2 Policy Agent PD Service;Policy Agent PD Service;c:\program files\AhnLab\APC2\Policy Agent\PaPd.exe [x]

S3 PDNfeNt;PDNfeNt;c:\program files\AhnLab\APC2\Policy Agent\PDNfeNt.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2013-05-24 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-04 03:48]

.

.

------- Supplementary Scan -------

.

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Microsoft Excel? ????(&X) - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: Interfaces\{A97FA8F4-8FE2-411F-A2D2-FE2D9D8E9EFB}: NameServer = 210.220.16.7,164.124.101.2

DPF: {286A75C3-11FB-4FB4-AC4A-4DD1B0750050} - hxxps://vbv.nonghyup.com/initech/plugin/down/INIS60.cab

DPF: {5547DED5-E6A9-469A-90F0-5BFE5CD33FF1} - hxxps://pay.kcp.co.kr/plugin_new/file/KCPPaymentUX.cab

DPF: {D179A761-637C-41DC-B2F4-5F3C9A81390C} - hxxp://58.29.236.68/PassChecker.cab

FF - ProfilePath - c:\documents and settings\Justin\Application Data\Mozilla\Firefox\Profiles\2y50jbm6.default\

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2013-05-24 14:49

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

HncUpdate = c:\program files\Common Files\Hnc\HncUtils\HncChecker.exe??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]

@="??????à±î¾?????ø¨?à±î¾? v1"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]

@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]

@="??????à±î¾?????ø¨?à±î¾? v2"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]

@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(800)

c:\windows\system32\IMKR12.IME

.

Completion time: 2013-05-24 14:50:37

ComboFix-quarantined-files.txt 2013-05-24 05:50

ComboFix2.txt 2013-05-20 00:26

.

Pre-Run: 127,275,110,400 bytes free

Post-Run: 127,264,739,328 bytes free

.

- - End Of File - - 52532F3BFE6F4191CA7B0CABD6D9B98A

Link to post
Share on other sites

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.
      Save it to your Desktop.
    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.

    [*]Check "YES, I accept the Terms of Use."

    [*]Click the Start button.

    [*]Accept any security warnings from your browser.

    [*]Under Scan Settings, check "Scan Archives" and "Remove found threats"

    [*]Click Advanced settings and select the following:

    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology

    [*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

    [*]When the scan completes, click List Threats

    [*]Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

    [*]Click the Back button.

    [*]Click the Finish button.

Link to post
Share on other sites

C:\Documents and Settings\Administrator\Local Settings\Temp\is-AOCMP.tmp\OCSetupHlp.dll Win32/OpenCandy application cleaned by deleting - quarantined

C:\Documents and Settings\Administrator\Local Settings\Temp\is-CJPEF.tmp\OCSetupHlp.dll Win32/OpenCandy application cleaned by deleting - quarantined

C:\Program Files\Avira\AntiVir Desktop\apnic.dll a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting (after the next restart) - quarantined

C:\Program Files\Avira\AntiVir Desktop\apntoolbarinstaller.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting (after the next restart) - quarantined

C:\System Volume Information\_restore{5FDF2AE0-78C4-4D02-A384-81C8E5F2003F}\RP161\A0070161.exe Win32/OpenCandy application cleaned by deleting - quarantined

C:\System Volume Information\_restore{5FDF2AE0-78C4-4D02-A384-81C8E5F2003F}\RP161\A0070162.exe Win32/OpenCandy application cleaned by deleting - quarantined

Link to post
Share on other sites

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named)

Click the cog in the upper right

AVPfront.gif

Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan

avpsettings.gif

Allow AVP to delete all infections found

Once it has finished select report tab (last tab)

Select Detected threads report from the left and press Save button

Save it to your desktop and post it in your next reply.

Link to post
Share on other sites

  • 2 weeks later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.