Jump to content

Antispyware Safe? Google re-directs


Recommended Posts

I was hit by and thought I stopped the "Antispywaresafe" attack last night but I find that I can't download my windows updates and my google is redirected on both FF and IE. This is on my laptop, not my big PC, so it's tough to attach the Hijack this files, but here goes a try. I've run malwarebytes in safe mode with networking and normal mode; Hijack this, superantispyware; NOD32, registry booster 2 and I'm still finding nothing but I'm still stuck in the redirect and can't d/l windows updates. Please and thank you in advance.

__________

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 7:10:38 PM, on 5/26/2010

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.18904)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\ESET\nod32kui.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe

C:\Program Files\Ashampoo\Ashampoo Magical UnInstall\MagicalUnInstall.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Synaptics\SynTP\SynToshiba.exe

C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\conime.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [blackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background

O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"

O4 - HKLM\..\Run: [MagUninstall] "C:\Program Files\Ashampoo\Ashampoo Magical UnInstall\MagicalUnInstall.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [shadow] C:\Program Files\NewTech Infosystems\NTI Shadow 3\Shadow.exe --minimize

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Drambuie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\hmipcore.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\hmipcore.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\hmipcore.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\hmipcore.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\hmipcore.dll

O13 - Gopher Prefix:

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Update Service (gupdate1c9cebf2e10bf56) (gupdate1c9cebf2e10bf56) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HideMyIpSRV - Unknown owner - C:\Program Files\Hide My IP\HideMyIpSrv.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe

O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe

O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--

End of file - 10536 bytes

Link to post
Share on other sites

Hello losttherace! Welcome to MalwareBytes' Anti-Malware Forums!

My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:

  • The process of cleaning your system may take some time, so please be patient.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • If you don't know or can't understand something please ask.
  • Do not install or uninstall any software or hardware, while work on.

Please follow these instructions:

http://forums.malwarebytes.org/index.php?showtopic=9573

Link to post
Share on other sites

Hello losttherace! Welcome to MalwareBytes' Anti-Malware Forums!

My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:

  • The process of cleaning your system may take some time, so please be patient.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • If you don't know or can't understand something please ask.
  • Do not install or uninstall any software or hardware, while work on.

Please follow these instructions:

http://forums.malwarebytes.org/index.php?showtopic=9573

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4146

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18904

5/26/2010 11:08:13 PM

mbam-log-2010-05-26 (23-08-13).txt

Scan type: Quick scan

Objects scanned: 130295

Time elapsed: 7 minute(s), 40 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

____________

DDS (Ver_10-03-17.01) - NTFSx86

Run by Drambuie at 23:21:26.25 on Wed 05/26/2010

Internet Explorer: 8.0.6001.18904 BrowserJavaVersion: 1.6.0_19

Microsoft

Attach.zip

ark.zip

Link to post
Share on other sites

Step 1

Please, uninstall the following applications:

  1. Uniblue RegistryBooster 2

You can read, how to this here:

Step 2

Please go into the Control Panel, Add/Remove and for now remove ALL versions of JAVA

Then run this tool to help cleanup any left over Java

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please download JavaRa and unzip it to your desktop.

***Please close any instances of Internet Explorer (or other web browser) before continuing!***

  • Double-click on JavaRa.exe to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location and post it back when you reply
    Then look for the following Java folders and if found delete them.
    C:\Program Files\Java
    C:\Program Files\Common Files\Java
    C:\Windows\Sun
    C:\Documents and Settings\All Users\Application Data\Java
    C:\Documents and Settings\All Users\Application Data\Sun\Java
    C:\Documents and Settings\username\Application Data\Java
    C:\Documents and Settings\username\Application Data\Sun\Java

Step 3

**Note: If you need more detailed information, please visit the web page of ComboFix in BleepingComputer. **

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper.

Please download ComboFix from

Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

  1. If you are using Firefox, make sure that your download settings are as follows:
    • Open Tools -> Options -> Main tab
    • Set to Always ask me where to Save the files.

[*]During the download, rename Combofix to Combo-Fix as follows:

CF_download_FF.gif

CF_download_rename.gif

[*]It is important you rename Combofix during the download, but not after.

[*]Please do not rename Combofix to other names, but only to the one indicated.

[*]Close any open browsers.

[*]Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

-----------------------------------------------------------

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause unpredictable results.
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

    -----------------------------------------------------------


  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

-----------------------------------------------------------

[*]Double click on combo-Fix.exe & follow the prompts.

[*]When finished, it will produce a report for you.

[*]Please post the C:\Combo-Fix.txt for further review.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

In your next reply, please include these log(s) in this sequence:

  1. JavaRa log
  2. ComboFix log

Link to post
Share on other sites

JavaRa 1.15 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Thu May 27 15:13:00 2010

Found and removed: C:\Users\Drambuie\AppData\LocalLow\Sun\Java\jre1.6.0_14

Found and removed: C:\Users\Drambuie\AppData\LocalLow\Sun\Java\jre1.6.0_15

Found and removed: C:\Users\Drambuie\AppData\LocalLow\Sun\Java\jre1.6.0_16

Found and removed: C:\Users\Drambuie\AppData\LocalLow\Sun\Java\jre1.6.0_17

------------------------------------

Finished reporting.

***********

ComboFix 10-05-26.04 - Drambuie 05/27/2010 17:41:55.2.2 - x86

Microsoft

Link to post
Share on other sites

Please go to www.virustotal.com and upload the following files:

C:\Windows\system32\rpcnetp.dll

C:\Windows\system32\rpcnetp.exe

C:\Windows\system32\agremove.exe

C:\Program Files\nu.jar

Post the resaults in your next reply

Of course, I'll let you know.

Link to post
Share on other sites

C:\Windows\system32\rpcnetp.dll and rpcnetp.exe are not found. I even searched.

this is agremove.exe

MD5: 9f2457cd8ec5e60ae852bf333385f2ac

First received: 2007.09.14 18:56:44 UTC

Date: 2010.05.23 20:59:12 UTC [>3D]

Results: 1/41

Permalink: analisis/cd1dc21c324eec7f73f935f41cc4901e48709f1dcf62f4ed421f4db9dc708acb-1274648352

Antivirus Version Last Update Result

a-squared 4.5.0.50 2010.05.10 -

AhnLab-V3 2010.05.23.00 2010.05.22 -

AntiVir 8.2.1.242 2010.05.23 -

Antiy-AVL 2.0.3.7 2010.05.21 -

Authentium 5.2.0.5 2010.05.23 -

Avast 4.8.1351.0 2010.05.23 -

Avast5 5.0.332.0 2010.05.23 -

AVG 9.0.0.787 2010.05.23 -

BitDefender 7.2 2010.05.23 -

CAT-QuickHeal 10.00 2010.05.21 -

ClamAV 0.96.0.3-git 2010.05.22 -

Comodo 4920 2010.05.23 -

DrWeb 5.0.2.03300 2010.05.23 -

eSafe 7.0.17.0 2010.05.23 -

eTrust-Vet 35.2.7503 2010.05.21 -

F-Prot 4.6.0.103 2010.05.23 -

F-Secure 9.0.15370.0 2010.05.23 -

Fortinet 4.1.133.0 2010.05.23 -

GData 21 2010.05.23 -

Ikarus T3.1.1.84.0 2010.05.23 -

Jiangmin 13.0.900 2010.05.22 -

Kaspersky 7.0.0.125 2010.05.23 -

McAfee 5.400.0.1158 2010.05.23 -

McAfee-GW-Edition 2010.1 2010.05.23 Heuristic.BehavesLike.Win32.Downloader.C

Microsoft 1.5802 2010.05.23 -

NOD32 5139 2010.05.23 -

Norman 6.04.12 2010.05.23 -

nProtect 2010-05-23.01 2010.05.23 -

Panda 10.0.2.7 2010.05.23 -

PCTools 7.0.3.5 2010.05.23 -

Prevx 3.0 2010.05.23 -

Rising 22.48.06.04 2010.05.23 -

Sophos 4.53.0 2010.05.23 -

Sunbelt 6343 2010.05.23 -

Symantec 20101.1.0.89 2010.05.23 -

TheHacker 6.5.2.0.285 2010.05.23 -

TrendMicro 9.120.0.1004 2010.05.23 -

TrendMicro-HouseCall 9.120.0.1004 2010.05.23 -

VBA32 3.12.12.5 2010.05.22 -

ViRobot 2010.5.20.2326 2010.05.23 -

VirusBuster 5.0.27.0 2010.05.23 -

Additional information

File size: 44544 bytes

MD5 : 9f2457cd8ec5e60ae852bf333385f2ac

SHA1 : bb6791894fc11ee68665411353411295af856e5d

SHA256: cd1dc21c324eec7f73f935f41cc4901e48709f1dcf62f4ed421f4db9dc708acb

PEInfo: PE Structure information

( base data )

entrypointaddress.: 0x1AE00

timedatestamp.....: 0x4422E82E (Thu Mar 23 19:25:50 2006)

machinetype.......: 0x14C (Intel I386)

( 3 sections )

name viradd virsiz rawdsiz ntrpy md5

UPX0 0x1000 0x10000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e

UPX1 0x11000 0xA000 0xA000 7.90 9cd5adcec0ff888cb4ffa8a58934851e

.rsrc 0x1B000 0x1000 0xA00 3.34 49dfe60daf93bdfc68058446a7394ad2

( 4 imports )

> advapi32.dll: FreeSid

> kernel32.dll: LoadLibraryA, GetProcAddress, ExitProcess

> user32.dll: wsprintfA

> ws2_32.dll: -

( 0 exports )

TrID : File type identification

UPX compressed Win32 Executable (39.5%)

Win32 EXE Yoda's Crypter (34.3%)

Win32 Executable Generic (11.0%)

Win32 Dynamic Link Library (generic) (9.8%)

Generic Win/DOS Executable (2.5%)

ThreatExpert: http://www.threatexpert.com/report.aspx?md...852bf333385f2ac

ssdeep: 768:3ksbl3bHrH9BhVjGS2lqh+mX5xVYbwuxLBOZzSBvxgGstQ5q:3ksbxbpBDrFhhz+bw24z6Cjtwq

sigcheck: publisher....: Absolute Software Corp.

copyright....: Copyright © 2005 Absolute Software Corp.

product......: agremove

description..: agremove.exe

original name: agremove.exe

internal name: agremove.exe

file version.: 0, 0, 0, 0

comments.....: Installation/Management Application

signers......: -

signing date.: -

verified.....: Unsigned

PEiD : UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser

packers (Kaspersky): UPX

packers (F-Prot): UPX

RDS : NSRL Reference Data Set

***********

Antivirus Version Last Update Result

a-squared 4.5.0.50 2010.05.10 -

AhnLab-V3 2010.05.23.00 2010.05.22 -

AntiVir 8.2.1.242 2010.05.23 -

Antiy-AVL 2.0.3.7 2010.05.21 -

Authentium 5.2.0.5 2010.05.23 -

Avast 4.8.1351.0 2010.05.23 -

Avast5 5.0.332.0 2010.05.23 -

AVG 9.0.0.787 2010.05.23 -

BitDefender 7.2 2010.05.23 -

CAT-QuickHeal 10.00 2010.05.21 -

ClamAV 0.96.0.3-git 2010.05.22 -

Comodo 4920 2010.05.23 -

DrWeb 5.0.2.03300 2010.05.23 -

eSafe 7.0.17.0 2010.05.23 -

eTrust-Vet 35.2.7503 2010.05.21 -

F-Prot 4.6.0.103 2010.05.23 -

F-Secure 9.0.15370.0 2010.05.23 -

Fortinet 4.1.133.0 2010.05.23 -

GData 21 2010.05.23 -

Ikarus T3.1.1.84.0 2010.05.23 -

Jiangmin 13.0.900 2010.05.22 -

Kaspersky 7.0.0.125 2010.05.23 -

McAfee 5.400.0.1158 2010.05.23 -

McAfee-GW-Edition 2010.1 2010.05.23 Heuristic.BehavesLike.Win32.Downloader.C

Microsoft 1.5802 2010.05.23 -

NOD32 5139 2010.05.23 -

Norman 6.04.12 2010.05.23 -

nProtect 2010-05-23.01 2010.05.23 -

Panda 10.0.2.7 2010.05.23 -

PCTools 7.0.3.5 2010.05.23 -

Prevx 3.0 2010.05.23 -

Rising 22.48.06.04 2010.05.23 -

Sophos 4.53.0 2010.05.23 -

Sunbelt 6343 2010.05.23 -

Symantec 20101.1.0.89 2010.05.23 -

TheHacker 6.5.2.0.285 2010.05.23 -

TrendMicro 9.120.0.1004 2010.05.23 -

TrendMicro-HouseCall 9.120.0.1004 2010.05.23 -

VBA32 3.12.12.5 2010.05.22 -

ViRobot 2010.5.20.2326 2010.05.23 -

VirusBuster 5.0.27.0 2010.05.23 -

Additional information

File size: 44544 bytes

MD5 : 9f2457cd8ec5e60ae852bf333385f2ac

SHA1 : bb6791894fc11ee68665411353411295af856e5d

SHA256: cd1dc21c324eec7f73f935f41cc4901e48709f1dcf62f4ed421f4db9dc708acb

PEInfo: PE Structure information

( base data )

entrypointaddress.: 0x1AE00

timedatestamp.....: 0x4422E82E (Thu Mar 23 19:25:50 2006)

machinetype.......: 0x14C (Intel I386)

( 3 sections )

name viradd virsiz rawdsiz ntrpy md5

UPX0 0x1000 0x10000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e

UPX1 0x11000 0xA000 0xA000 7.90 9cd5adcec0ff888cb4ffa8a58934851e

.rsrc 0x1B000 0x1000 0xA00 3.34 49dfe60daf93bdfc68058446a7394ad2

( 4 imports )

> advapi32.dll: FreeSid

> kernel32.dll: LoadLibraryA, GetProcAddress, ExitProcess

> user32.dll: wsprintfA

> ws2_32.dll: -

( 0 exports )

TrID : File type identification

UPX compressed Win32 Executable (39.5%)

Win32 EXE Yoda's Crypter (34.3%)

Win32 Executable Generic (11.0%)

Win32 Dynamic Link Library (generic) (9.8%)

Generic Win/DOS Executable (2.5%)

ThreatExpert: http://www.threatexpert.com/report.aspx?md...852bf333385f2ac

ssdeep: 768:3ksbl3bHrH9BhVjGS2lqh+mX5xVYbwuxLBOZzSBvxgGstQ5q:3ksbxbpBDrFhhz+bw24z6Cjtwq

sigcheck: publisher....: Absolute Software Corp.

copyright....: Copyright © 2005 Absolute Software Corp.

product......: agremove

description..: agremove.exe

original name: agremove.exe

internal name: agremove.exe

file version.: 0, 0, 0, 0

comments.....: Installation/Management Application

signers......: -

signing date.: -

verified.....: Unsigned

PEiD : UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser

packers (Kaspersky): UPX

packers (F-Prot): UPX

RDS : NSRL Reference Data Set

Link to post
Share on other sites

Thanks! :welcome:

Please read the following through carefully so that you understand what to do.

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK. (If Vista, click on the Vista Orb and copy and paste the following into the Search field. (make sure you include the quotation marks) Then press Ctrl+Shift+Enter.)
    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v
  • If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
  • It may ask you to reboot the computer to complete the process. Allow it to do so.
  • When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.

In your next reply, please include these log(s) in this sequence:

  1. TDSSKiller log
  2. a new fresh GMER log

Link to post
Share on other sites

Thank YOU! :welcome:

18:51:31:562 5176 TDSS rootkit removing tool 2.3.1.0 May 25 2010 12:52:14

18:51:31:562 5176 ================================================================================

18:51:31:562 5176 SystemInfo:

18:51:31:562 5176 OS Version: 6.0.6002 ServicePack: 2.0

18:51:31:562 5176 Product type: Workstation

18:51:31:562 5176 ComputerName: DRAMBUIE-PC

18:51:31:562 5176 UserName: Drambuie

18:51:31:562 5176 Windows directory: C:\Windows

18:51:31:562 5176 Processor architecture: Intel x86

18:51:31:562 5176 Number of processors: 2

18:51:31:562 5176 Page size: 0x1000

18:51:31:562 5176 Boot type: Normal boot

18:51:31:562 5176 ================================================================================

18:51:32:373 5176 Initialize success

18:51:32:373 5176

18:51:32:373 5176 Scanning Services ...

18:51:33:995 5176 Raw services enum returned 445 services

18:51:34:011 5176

18:51:34:011 5176 Scanning Drivers ...

18:51:35:384 5176 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys

18:51:35:462 5176 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys

18:51:35:509 5176 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys

18:51:35:618 5176 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys

18:51:35:680 5176 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys

18:51:35:774 5176 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys

18:51:35:945 5176 AgereSoftModem (5d97943c128ed756d1b0a08302c1b1f8) C:\Windows\system32\DRIVERS\AGRSM.sys

18:51:36:070 5176 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys

18:51:36:101 5176 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

18:51:36:148 5176 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys

18:51:36:195 5176 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys

18:51:36:351 5176 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys

18:51:36:710 5176 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys

18:51:36:866 5176 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys

18:51:36:913 5176 AMON (515c9cf8a21a62861d5058135f852d6a) C:\Windows\system32\drivers\amon.sys

18:51:37:022 5176 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys

18:51:37:053 5176 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys

18:51:37:115 5176 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

18:51:37:178 5176 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys

18:51:37:287 5176 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

18:51:37:334 5176 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys

18:51:37:381 5176 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

18:51:37:412 5176 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

18:51:37:521 5176 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

18:51:37:568 5176 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

18:51:37:583 5176 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

18:51:37:599 5176 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

18:51:37:646 5176 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

18:51:37:817 5176 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

18:51:37:927 5176 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys

18:51:37:973 5176 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys

18:51:38:083 5176 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys

18:51:38:145 5176 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys

18:51:38:176 5176 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys

18:51:38:239 5176 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys

18:51:38:332 5176 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys

18:51:38:395 5176 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys

18:51:38:488 5176 CSC (9bdb2e89be8d0ef37b1f25c3d3fc192c) C:\Windows\system32\drivers\csc.sys

18:51:38:629 5176 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys

18:51:38:753 5176 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys

18:51:38:831 5176 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

18:51:38:956 5176 DXGKrnl (fb85f7f69e9b109820409243f578cc4d) C:\Windows\System32\drivers\dxgkrnl.sys

18:51:39:065 5176 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys

18:51:39:206 5176 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys

18:51:39:284 5176 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys

18:51:39:346 5176 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys

18:51:39:471 5176 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys

18:51:39:549 5176 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys

18:51:39:643 5176 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

18:51:39:705 5176 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

18:51:39:814 5176 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys

18:51:39:939 5176 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys

18:51:39:970 5176 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys

18:51:40:048 5176 fvevol (fecf4c2e42440a8d132bf94eee3c3fc9) C:\Windows\system32\DRIVERS\fvevol.sys

18:51:40:142 5176 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys

18:51:40:267 5176 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys

18:51:40:345 5176 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys

18:51:40:454 5176 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

18:51:40:516 5176 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

18:51:40:579 5176 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys

18:51:40:610 5176 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys

18:51:40:735 5176 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys

18:51:40:781 5176 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys

18:51:40:859 5176 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

18:51:41:031 5176 ialm (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys

18:51:41:156 5176 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys

18:51:41:265 5176 igfx (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys

18:51:41:390 5176 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

18:51:41:437 5176 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys

18:51:41:483 5176 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys

18:51:41:530 5176 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

18:51:41:639 5176 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys

18:51:41:702 5176 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

18:51:41:733 5176 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

18:51:42:123 5176 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys

18:51:42:310 5176 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys

18:51:42:341 5176 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

18:51:42:357 5176 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

18:51:42:419 5176 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

18:51:42:529 5176 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys

18:51:42:560 5176 klmd23 (0b06b0a25e08df0d536402bce3bde61e) C:\Windows\system32\drivers\klmd.sys

18:51:42:669 5176 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys

18:51:42:794 5176 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

18:51:42:841 5176 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys

18:51:42:872 5176 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys

18:51:42:887 5176 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys

18:51:43:012 5176 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

18:51:43:059 5176 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys

18:51:43:106 5176 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

18:51:43:153 5176 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

18:51:43:246 5176 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

18:51:43:309 5176 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys

18:51:43:371 5176 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

18:51:43:433 5176 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys

18:51:43:527 5176 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

18:51:43:574 5176 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

18:51:43:652 5176 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys

18:51:43:730 5176 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys

18:51:43:855 5176 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys

18:51:43:933 5176 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys

18:51:43:964 5176 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys

18:51:43:995 5176 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys

18:51:44:089 5176 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

18:51:44:151 5176 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

18:51:44:182 5176 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

18:51:44:229 5176 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

18:51:44:307 5176 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

18:51:44:369 5176 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys

18:51:44:416 5176 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

18:51:44:463 5176 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

18:51:44:557 5176 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys

18:51:44:635 5176 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys

18:51:44:775 5176 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys

18:51:44:869 5176 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

18:51:44:915 5176 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

18:51:44:978 5176 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys

18:51:45:040 5176 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

18:51:45:134 5176 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

18:51:45:227 5176 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys

18:51:45:352 5176 NETw3v32 (a15f219208843a5a210c8cb391384453) C:\Windows\system32\DRIVERS\NETw3v32.sys

18:51:45:555 5176 NETw4v32 (6522dd40a5f67ced020bd81b856613fb) C:\Windows\system32\DRIVERS\NETw4v32.sys

18:51:45:789 5176 NETw5v32 (8de67bd902095a13329fd82c85a1fa09) C:\Windows\system32\DRIVERS\NETw5v32.sys

18:51:45:945 5176 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

18:51:45:976 5176 nod32drv (e4dd307d959f80b2c0869046d34baa36) C:\Windows\system32\drivers\nod32drv.sys

18:51:46:023 5176 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys

18:51:46:054 5176 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

18:51:46:148 5176 NSNDIS5 (53f7546e8daefb3a0813f5e19c4613c9) C:\Windows\system32\NSNDIS5.SYS

18:51:46:257 5176 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys

18:51:46:382 5176 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

18:51:46:444 5176 NuidFltr (20623a75f3c6c1076ebba64dd8c4bc02) C:\Windows\system32\DRIVERS\NuidFltr.sys

18:51:46:491 5176 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

18:51:46:507 5176 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys

18:51:46:631 5176 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys

18:51:46:663 5176 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys

18:51:46:741 5176 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys

18:51:46:772 5176 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

18:51:46:850 5176 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys

18:51:46:959 5176 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

18:51:47:037 5176 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys

18:51:47:084 5176 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys

18:51:47:146 5176 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys

18:51:47:271 5176 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

18:51:47:396 5176 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

18:51:47:443 5176 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys

18:51:47:567 5176 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys

18:51:47:630 5176 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\Windows\system32\Drivers\PxHelp20.sys

18:51:47:739 5176 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys

18:51:47:817 5176 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

18:51:47:895 5176 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

18:51:47:957 5176 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

18:51:48:020 5176 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

18:51:48:098 5176 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys

18:51:48:191 5176 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys

18:51:48:285 5176 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys

18:51:48:379 5176 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

18:51:48:472 5176 rdpdr (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\DRIVERS\rdpdr.sys

18:51:48:519 5176 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

18:51:48:581 5176 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys

18:51:48:675 5176 RimUsb (f17713d108aca124a139fde877eef68a) C:\Windows\system32\Drivers\RimUsb.sys

18:51:48:769 5176 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys

18:51:48:800 5176 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys

18:51:48:878 5176 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

18:51:48:956 5176 RTL8169 (5163f804256deb8cf1ef64b780a18caa) C:\Windows\system32\DRIVERS\Rtlh86.sys

18:51:49:049 5176 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

18:51:49:065 5176 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS

18:51:49:096 5176 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys

18:51:49:190 5176 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

18:51:49:252 5176 SCDEmu (46b50c07abfda51d9b22212eaeb82d2b) C:\Windows\system32\drivers\SCDEmu.sys

18:51:49:330 5176 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys

18:51:49:393 5176 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

18:51:49:455 5176 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys

18:51:49:486 5176 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

18:51:49:533 5176 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

18:51:49:611 5176 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys

18:51:49:658 5176 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys

18:51:49:673 5176 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys

18:51:49:705 5176 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

18:51:49:736 5176 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys

18:51:49:829 5176 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys

18:51:49:892 5176 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys

18:51:49:985 5176 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys

18:51:50:126 5176 snapman (c3bf55189aa92b8f919108ef9e4accae) C:\Windows\system32\DRIVERS\snapman.sys

18:51:50:204 5176 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

18:51:50:329 5176 srv (0debafcc0e3591fca34f077cab62f7f7) C:\Windows\system32\DRIVERS\srv.sys

18:51:50:407 5176 srv2 (6b6f3658e0a58c6c50c5f7fbdf3df633) C:\Windows\system32\DRIVERS\srv2.sys

18:51:50:500 5176 srvnet (0c5ab1892ae0fa504218db094bf6d041) C:\Windows\system32\DRIVERS\srvnet.sys

18:51:50:531 5176 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

18:51:50:625 5176 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

18:51:50:672 5176 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

18:51:50:687 5176 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

18:51:50:719 5176 SynTP (5efcedcf3daf5c8d9e8b77a34a4eec99) C:\Windows\system32\DRIVERS\SynTP.sys

18:51:50:921 5176 Tcpip (48cbe6d53632d0067c2d6b20f90d84ca) C:\Windows\system32\drivers\tcpip.sys

18:51:51:155 5176 Tcpip6 (48cbe6d53632d0067c2d6b20f90d84ca) C:\Windows\system32\DRIVERS\tcpip.sys

18:51:51:296 5176 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys

18:51:51:358 5176 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

18:51:51:467 5176 tdrpman (3b7b6779eb231f731bba8f9fe67aadfc) C:\Windows\system32\DRIVERS\tdrpman.sys

18:51:51:592 5176 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

18:51:51:686 5176 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys

18:51:51:733 5176 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys

18:51:51:873 5176 tifm21 (28b7f973c36d157a7885b1ae42a4a2a9) C:\Windows\system32\drivers\tifm21.sys

18:51:51:920 5176 tifsfilter (b0b3122bff3910e0ba97014045467778) C:\Windows\system32\DRIVERS\tifsfilt.sys

18:51:52:029 5176 timounter (13bfe330880ac0ce8672d00aa5aff738) C:\Windows\system32\DRIVERS\timntr.sys

18:51:52:138 5176 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

18:51:52:185 5176 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

18:51:52:263 5176 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys

18:51:52:435 5176 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS

18:51:52:559 5176 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys

18:51:52:637 5176 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys

18:51:52:684 5176 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys

18:51:52:778 5176 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys

18:51:52:825 5176 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

18:51:52:856 5176 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

18:51:52:903 5176 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

18:51:53:027 5176 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys

18:51:53:495 5176 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

18:51:53:636 5176 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys

18:51:53:667 5176 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys

18:51:53:698 5176 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys

18:51:53:729 5176 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys

18:51:53:761 5176 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS

18:51:53:870 5176 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys

18:51:53:901 5176 VCSVADHWSer (b2abab4ca46bad182e27763dc19c780f) C:\Windows\system32\DRIVERS\vcsvad.sys

18:51:53:963 5176 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys

18:51:54:010 5176 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

18:51:54:119 5176 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys

18:51:54:151 5176 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys

18:51:54:166 5176 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys

18:51:54:244 5176 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

18:51:54:447 5176 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys

18:51:54:541 5176 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys

18:51:54:665 5176 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys

18:51:54:681 5176 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

18:51:54:759 5176 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

18:51:54:759 5176 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

18:51:54:790 5176 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys

18:51:54:915 5176 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys

18:51:55:024 5176 WinRing0_1_2_0 (845af1ba23c8d5e64def61bcc441604c) C:\Program Files\BatteryCare\WinRing0.sys

18:51:55:118 5176 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys

18:51:55:196 5176 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys

18:51:55:258 5176 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

18:51:55:352 5176 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

18:51:55:352 5176

18:51:55:352 5176 Completed

18:51:55:352 5176

18:51:55:352 5176 Results:

18:51:55:352 5176 Registry objects infected / cured / cured on reboot: 0 / 0 / 0

18:51:55:352 5176 File objects infected / cured / cured on reboot: 0 / 0 / 0

18:51:55:352 5176

18:51:55:367 5176 KLMD(ARK) unloaded successfully

***********

GMER 1.0.15.15281 - http://www.gmer.net

Rootkit scan 2010-05-27 19:28:11

Windows 6.0.6002 Service Pack 2

Running: 7untmx76.exe; Driver: C:\Users\Drambuie\AppData\Local\Temp\fxdcqkoc.sys

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[4980] ntdll.dll!LdrLoadDll 77629390 5 Bytes JMP 00FB13F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs amon.sys (Amon monitor/Eset )

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 61: copy of MBR

Disk \Device\Harddisk0\DR0 sector 62: copy of MBR

---- EOF - GMER 1.0.15 ----

*********

As a question: When may I re-enable drivers (defogger) I presume when you tell me :)

Last night when I turnes off laptop for 30 minutes, then rebooted, it came back very strange and gave me 'cannot find windows service' and made all my desktop wacky (only about 5 icons) and looked like Win98.

I hope this is part of the rootkit that is on the darn machine and not a symptom of something else.) Thank you.

Will I be able to reinstall Java and all? I know, stop getting so anxious! :)

Link to post
Share on other sites

Open Notepad and copy and paste the text in the code box below into it:

KillAll::

MBR::

Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.

Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.

Link to post
Share on other sites

I can't start any programs because it gives me a warning that the files are marked for deletion. If you leave the forum tonight, is it safe for me to shut down laptop?

Here's new combofix results. I have to enter from PC as laptop can't open firefox.

ComboFix 10-05-26.04 - Drambuie 05/27/2010 20:44:04.3.2 - x86

Microsoft

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.