Jump to content

Recommended Posts

Hi there,

I've been having a problem with that bit of malware that constantly tries to contact 208.73.210.29 every few minutes. My system seems to have slowed down, too.

I'm not sure which process is contacting it and I don't know how to find out - Some people's logs seem to name processes but mine don't.

My logs are attached.

Can anyone help?

DDS (Ver_10-12-12.02) - NTFSx86

Run by Cunny at 11:24:44.35 on 04/02/2011

Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_23

Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1022.306 [GMT 0:00]

AV: ESET NOD32 Antivirus 3.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

FW: ZoneAlarm Firewall *Enabled*

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

svchost.exe

C:\WINDOWS\system32\cisvc.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\system32\NLSSRV32.EXE

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Genesys PC Camera Device\GenePccMon.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\Program Files\Trusteer\Rapport\bin\RapportService.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\LogoLess\LogoLess.exe

C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe

C:\Program Files\Nuance\NaturallySpeaking10\Program\natspeak.exe

C:\Documents and Settings\Cunny\Desktop\Downloaded Music\Apps\Current Apps\pushpin\PUSHPIN.EXE

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil_.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\Program Files\PC Connectivity Solution\Transports\NclIVTBTSrv.exe

C:\Documents and Settings\Cunny\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.ask.com?o=13170&l=dis

uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll

EB: &Research: {ff059e31-cc5a-4e2e-bf3b-96e929d65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [LogoLess (CzarSoft)] "c:\program files\logoless\LogoLess.exe"

uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [GenePccMon.exe] c:\program files\genesys pc camera device\GenePccMon.exe

mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon

mRun: [iJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet

mRun: [DNS7reminder] "c:\program files\nuance\naturallyspeaking10\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\nuance\naturallyspeaking10\Ereg.ini

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup

dRunOnce: [RunNarrator] Narrator.exe

StartupFolder: c:\docume~1\cunny\startm~1\programs\startup\dragon~1.lnk - c:\program files\nuance\naturallyspeaking10\program\natspeak.exe

StartupFolder: c:\docume~1\cunny\startm~1\programs\startup\pushpin.lnk - c:\documents and settings\cunny\desktop\downloaded music\apps\current apps\pushpin\PUSHPIN.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueso~1.lnk - c:\program files\ivt corporation\bluesoleil\BlueSoleil.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\privoxy.lnk - c:\program files\vidalia bundle\privoxy\privoxy.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000

IE: Locate Spot on Map by GPS - c:\program files\opanda\iexif 2.3\IExifMap.htm

IE: View Exif/GPS/IPTC with IExif - c:\program files\opanda\iexif 2.3\IExifCom.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab

DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} - hxxp://www.yougamers.com/systeminfo/FMSI.cab

DPF: {FD0EBBED-0C42-4D0F-82DA-44399B5C420A} - hxxp://downloads.virginmedia.com/CST/ver1/xp_mail.cab

TCP: {DF45A2A3-4B30-49F2-A870-8CAFF8396386} = 194.168.4.100,194.168.8.100

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll

Notify: Antiwpa - antiwpa.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\cunny\applic~1\mozilla\firefox\profiles\moq5grbu.default\

FF - prefs.js: browser.startup.homepage - www.yahoo.co.uk

FF - component: c:\documents and settings\cunny\application data\mozilla\firefox\profiles\moq5grbu.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc_fireftp.dll

FF - plugin: c:\documents and settings\cunny\application data\mozilla\firefox\profiles\moq5grbu.default\extensions\ietab@ip.cn\plugins\npCoralIETab.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft\office live\npOLW.dll

FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll

FF - plugin: c:\program files\veetle\player\npvlc.dll

FF - plugin: c:\program files\veetle\plugins\npVeetle.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}

FF - Ext: Tab Mix Plus: {dc572301-7619-498c-a57d-39143191b318} - %profile%\extensions\{dc572301-7619-498c-a57d-39143191b318}

FF - Ext: Torrent Finder Toolbar: TFToolbarX@torrent-finder - %profile%\extensions\TFToolbarX@torrent-finder

FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}

FF - Ext: bug489729: bug489729@alice0775 - %profile%\extensions\bug489729@alice0775

FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

FF - Ext: Torbutton: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca} - %profile%\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}

FF - Ext: TabRenamizer: {792BDDFE-2E7C-42ed-B18D-18154D2761BD} - %profile%\extensions\{792BDDFE-2E7C-42ed-B18D-18154D2761BD}

FF - Ext: Linkification: {35106bca-6c78-48c7-ac28-56df30b51d2a} - %profile%\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}

FF - Ext: Flagfox: {1018e4d6-728f-4b20-ad56-37578a4de76b} - %profile%\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}

FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}

FF - Ext: FireFTP: {a7c6cf7f-112c-4500-a7ea-39801a327e5f} - %profile%\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}

FF - Ext: TinEye Reverse Image Search: tineye@ideeinc.com - %profile%\extensions\tineye@ideeinc.com

FF - Ext: 4chan: {9AA46F4F-4DC7-4c06-97AF-5035170633FE} - %profile%\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}

FF - Ext: ChatZilla: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2} - %profile%\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}

FF - Ext: PhotoJacker: Photo Album Downloader for Facebook (fka FacePAD): facepad@lazyrussian.com - %profile%\extensions\facepad@lazyrussian.com

FF - Ext: Screengrab: {02450954-cdd9-410f-b1da-db804e18c671} - %profile%\extensions\{02450954-cdd9-410f-b1da-db804e18c671}

FF - Ext: Photobucket Uploader em:version=1.3>: pbupload@photobucket.com - %profile%\extensions\pbupload@photobucket.com

FF - Ext: RAMBack: ramback@pavlov.net - %profile%\extensions\ramback@pavlov.net

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

============= SERVICES / DRIVERS ===============

R0 iastor78;iastor78;c:\windows\system32\drivers\iastor78.sys [2001-8-23 308248]

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-10-7 35168]

R1 RapportCerberus_19917;RapportCerberus_19917;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\19917\RapportCerberus_19917.sys [2010-10-3 34792]

R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2010-10-3 169320]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-17 66632]

R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2010-10-27 532224]

R2 ekrn;Eset Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-10-7 472280]

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-9-1 54752]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-2-26 363344]

R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2009-12-16 65856]

R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2010-10-3 767208]

R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]

R3 DCamUSBGene;GenesysLogic USB2.0 PC Camera;c:\windows\system32\drivers\USBGENE.sys [2007-4-22 131584]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-2-26 20952]

S2 DragonSvc;Dragon Service;c:\program files\common files\nuance\dgnsvc.exe --> c:\program files\common files\nuance\dgnsvc.exe [?]

S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2001-8-23 3584]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-1-6 1691480]

S3 cpuz130;cpuz130;\??\c:\docume~1\cunny\locals~1\temp\cpuz130\cpuz_x32.sys --> c:\docume~1\cunny\locals~1\temp\cpuz130\cpuz_x32.sys [?]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]

S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]

=============== Created Last 30 ================

2011-02-02 12:24:35 -------- d-----w- c:\program files\IVT Corporation

2011-02-01 00:31:56 -------- d-----w- c:\program files\iPod

2011-01-30 20:29:01 -------- d-----w- c:\program files\common files\ScanSoft Shared

2011-01-30 20:28:59 -------- d-----w- c:\program files\common files\Nuance

2011-01-30 20:28:26 -------- d-----w- c:\program files\Nuance

2011-01-28 10:56:21 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys

2011-01-28 10:56:21 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys

2011-01-28 10:56:15 32384 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys

2011-01-28 10:56:15 32384 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2011-01-23 06:18:40 -------- d-----w- c:\docume~1\cunny\applic~1\FLEXnet

2011-01-23 06:18:39 -------- d-----w- c:\docume~1\cunny\applic~1\Nuance

2011-01-23 06:08:28 -------- d-----w- c:\docume~1\alluse~1\applic~1\Nuance

2011-01-23 06:08:19 -------- d-----w- c:\windows\speech

2011-01-23 06:05:56 833342 ----a-w- c:\windows\system32\regw2.exe

2011-01-23 02:14:59 837736 ----a-w- c:\windows\system32\nvgenco322040.dll

2011-01-23 02:14:58 941160 ----a-w- c:\windows\system32\nvdispco322090.dll

2011-01-14 02:31:50 -------- d-----w- c:\program files\common files\PCSuite

2011-01-10 22:24:09 -------- d-----w- c:\docume~1\alluse~1\applic~1\Canon IJ Network Tool

2011-01-10 22:24:02 307200 ----a-w- c:\windows\system32\CNC5200L.dll

2011-01-10 22:24:02 15872 ----a-w- c:\windows\system32\CNHMCA.dll

2011-01-10 22:24:02 1335296 ----a-w- c:\windows\system32\CNC5200C.dll

2011-01-10 22:24:02 114688 ----a-w- c:\windows\system32\CNC5200I.dll

2011-01-10 22:24:02 106496 ----a-w- c:\windows\system32\CNC5200U.dll

2011-01-10 22:14:03 -------- d--h--w- c:\docume~1\alluse~1\applic~1\CanonIJMyPrinter

2011-01-10 21:20:29 -------- d-----w- C:\spoolerlogs

2011-01-10 20:18:21 -------- d-----w- c:\docume~1\alluse~1\applic~1\CanonIJPLM

2011-01-10 20:00:43 -------- d-----w- c:\docume~1\alluse~1\applic~1\CanonIJMSetup

2011-01-10 20:00:38 -------- d-----w- c:\program files\common files\CANON

2011-01-10 19:58:13 73216 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNMPPAE.DLL

2011-01-10 19:58:13 27648 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNMPDAE.DLL

2011-01-10 19:58:12 290816 ----a-w- c:\windows\system32\CNMLMAE.DLL

2011-01-10 19:57:54 180224 ----a-w- c:\windows\system32\CNMIUAE.DLL

2011-01-10 19:57:15 34816 ----a-w- c:\windows\system32\CNMNPUI.DLL

2011-01-10 19:57:15 340992 ----a-w- c:\windows\system32\CNMNPPM.DLL

2011-01-10 19:57:15 -------- d-----w- c:\windows\system32\STRING

==================== Find3M ====================

2011-02-02 13:17:28 252080 ----a-w- c:\windows\system32\nvdrsdb0.bin

2011-02-02 13:17:28 1 ----a-w- c:\windows\system32\nvdrssel.bin

2011-02-02 13:17:26 252080 ----a-w- c:\windows\system32\nvdrsdb1.bin

2011-01-08 03:27:00 6397824 ----a-w- c:\windows\system32\nv4_disp.dll

2011-01-08 03:27:00 61440 ----a-w- c:\windows\system32\OpenCL.dll

2011-01-08 03:27:00 4980736 ----a-w- c:\windows\system32\nvcuda.dll

2011-01-08 03:27:00 2916968 ----a-w- c:\windows\system32\nvcuvid.dll

2011-01-08 03:27:00 2292678 ----a-w- c:\windows\system32\nvdata.bin

2011-01-08 03:27:00 2251368 ----a-w- c:\windows\system32\nvcuvenc.dll

2011-01-08 03:27:00 1958400 ----a-w- c:\windows\system32\nvapi.dll

2011-01-08 03:27:00 14671872 ----a-w- c:\windows\system32\nvoglnt.dll

2011-01-08 03:27:00 13004800 ----a-w- c:\windows\system32\nvcompiler.dll

2010-11-29 17:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2010-11-29 17:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts

2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll

2010-11-12 18:53:06 472808 ----a-w- c:\windows\system32\deployJava1.dll

2010-11-12 16:34:10 73728 ----a-w- c:\windows\system32\javacpl.cpl

2010-11-09 14:50:47 253952 ----a-w- c:\windows\system32\odbc32.dll

============= FINISH: 11:26:19.10 ===============attachment=51211:Attach.zip]mbam_log_2011_02_03__13_23_37_.txt

Attach.zip

Link to post
Share on other sites

Please don't attach the scans / logs from these scans, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

Note: Close all browsers before running ATF Cleaner: IE, FireFox, etc.

Please download ATF Cleaner by Atribune.

Download - ATF Cleaner

Link to post
Share on other sites

Did that anyway just in case. Computer seems to be running fine, nothing new. Haven't needed to reboot though.

2011/02/06 19:08:11.0171 5192	TDSS rootkit removing tool 2.4.16.0 Feb  1 2011 10:34:03
2011/02/06 19:08:13.0187 5192 ===========================================================================
=====
2011/02/06 19:08:13.0187 5192 SystemInfo:
2011/02/06 19:08:13.0187 5192
2011/02/06 19:08:13.0187 5192 OS Version: 5.1.2600 ServicePack: 3.0
2011/02/06 19:08:13.0187 5192 Product type: Workstation
2011/02/06 19:08:13.0187 5192 ComputerName: RATHERUNIQUE
2011/02/06 19:08:13.0187 5192 UserName: Cunny
2011/02/06 19:08:13.0187 5192 Windows directory: C:\WINDOWS
2011/02/06 19:08:13.0187 5192 System windows directory: C:\WINDOWS
2011/02/06 19:08:13.0187 5192 Processor architecture: Intel x86
2011/02/06 19:08:13.0187 5192 Number of processors: 2
2011/02/06 19:08:13.0187 5192 Page size: 0x1000
2011/02/06 19:08:13.0187 5192 Boot type: Normal boot
2011/02/06 19:08:13.0187 5192 ===========================================================================
=====
2011/02/06 19:08:14.0593 5192 Initialize success
2011/02/06 19:08:27.0703 0764 ===========================================================================
=====
2011/02/06 19:08:27.0703 0764 Scan started
2011/02/06 19:08:27.0703 0764 Mode: Manual;
2011/02/06 19:08:27.0703 0764 ===========================================================================
=====
2011/02/06 19:08:28.0187 0764 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/02/06 19:08:28.0250 0764 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/02/06 19:08:28.0359 0764 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/02/06 19:08:28.0437 0764 AFD (4d43e74f2a1239d53929b82600f1971c) C:\WINDOWS\System32\drivers\afd.sys
2011/02/06 19:08:28.0750 0764 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
2011/02/06 19:08:29.0218 0764 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/02/06 19:08:29.0343 0764 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/02/06 19:08:29.0578 0764 atksgt (f9c24d25d9ff29f894995a64812b4d85) C:\WINDOWS\system32\DRIVERS\atksgt.sys
2011/02/06 19:08:29.0671 0764 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/02/06 19:08:29.0796 0764 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/02/06 19:08:29.0953 0764 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/02/06 19:08:30.0125 0764 BlueletAudio (852a1bd08e7dfeb9e30b5440881c0501) C:\WINDOWS\system32\DRIVERS\blueletaudio.sys
2011/02/06 19:08:30.0171 0764 BlueletSCOAudio (8fc27b12a02b43947787f0ef1885df9b) C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys
2011/02/06 19:08:30.0281 0764 BT (c5cce2b26f73f8cf7f3c82159e79aa08) C:\WINDOWS\system32\DRIVERS\btnetdrv.sys
2011/02/06 19:08:30.0437 0764 Btcsrusb (da473d279420234170da795f1cad4479) C:\WINDOWS\system32\Drivers\btcusb.sys
2011/02/06 19:08:30.0625 0764 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
2011/02/06 19:08:30.0750 0764 BTHidEnum (ce643d0918123d76a5caab008fca9663) C:\WINDOWS\system32\Drivers\vbtenum.sys
2011/02/06 19:08:30.0796 0764 BTHidMgr (dfca4fe4c8aec786b4d0f432eb730f48) C:\WINDOWS\system32\Drivers\BTHidMgr.sys
2011/02/06 19:08:30.0906 0764 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
2011/02/06 19:08:31.0046 0764 BTHPORT (51d05d5a8a7d93ab0b1a8d6a38db3ca4) C:\WINDOWS\system32\Drivers\BTHport.sys
2011/02/06 19:08:31.0218 0764 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
2011/02/06 19:08:31.0375 0764 BTNetFilter (4f26303becbb7cc5ca8ff39593124cf2) C:\Program Files\IVT Corporation\BlueSoleil\Device\Win2k\BTNetFilter.sys
2011/02/06 19:08:31.0546 0764 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/02/06 19:08:31.0687 0764 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/02/06 19:08:31.0843 0764 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/02/06 19:08:31.0968 0764 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/02/06 19:08:32.0078 0764 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/02/06 19:08:32.0250 0764 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/02/06 19:08:32.0375 0764 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/02/06 19:08:32.0781 0764 DCamUSBGene (4aefc07ae970fb75201cdcb79e9bad33) C:\WINDOWS\system32\DRIVERS\usbgene.sys
2011/02/06 19:08:32.0953 0764 Disk (47b6aaec570f2c11d8bad80a064d8ed1) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/02/06 19:08:33.0078 0764 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/02/06 19:08:33.0234 0764 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/02/06 19:08:33.0312 0764 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/02/06 19:08:33.0390 0764 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/02/06 19:08:33.0546 0764 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/02/06 19:08:33.0734 0764 eamon (a777d095402b31b0aafe7f19c89fb3a1) C:\WINDOWS\system32\DRIVERS\eamon.sys
2011/02/06 19:08:33.0906 0764 easdrv (e6dffb60bdbd91749eab4d45bc8926a9) C:\WINDOWS\system32\DRIVERS\easdrv.sys
2011/02/06 19:08:34.0078 0764 ENTECH (16ebd8bf1d5090923694cc972c7ce1b4) C:\WINDOWS\system32\DRIVERS\ENTECH.sys
2011/02/06 19:08:34.0250 0764 epfwtdir (bb2e195088af3f6091ef9f8e42f0581f) C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
2011/02/06 19:08:34.0421 0764 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/02/06 19:08:34.0515 0764 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/02/06 19:08:34.0671 0764 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/02/06 19:08:34.0812 0764 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/02/06 19:08:34.0890 0764 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/02/06 19:08:35.0171 0764 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
2011/02/06 19:08:35.0296 0764 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/02/06 19:08:35.0390 0764 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/02/06 19:08:35.0500 0764 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2011/02/06 19:08:35.0656 0764 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/02/06 19:08:35.0750 0764 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/02/06 19:08:35.0875 0764 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/02/06 19:08:36.0062 0764 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/02/06 19:08:36.0265 0764 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/02/06 19:08:36.0406 0764 iaStor (e5a0034847537eaee3c00349d5c34c5f) C:\WINDOWS\system32\DRIVERS\iaStor.sys
2011/02/06 19:08:36.0484 0764 iastor78 (e5a0034847537eaee3c00349d5c34c5f) C:\WINDOWS\system32\drivers\iastor78.sys
2011/02/06 19:08:36.0609 0764 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/02/06 19:08:36.0984 0764 IntcAzAudAddService (6806443ba8a66f63866f50e81ef685aa) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/02/06 19:08:37.0125 0764 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/02/06 19:08:37.0265 0764 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/02/06 19:08:37.0375 0764 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/02/06 19:08:37.0453 0764 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/02/06 19:08:37.0562 0764 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/02/06 19:08:37.0765 0764 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/02/06 19:08:37.0890 0764 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/02/06 19:08:37.0984 0764 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/02/06 19:08:38.0109 0764 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/02/06 19:08:38.0203 0764 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/02/06 19:08:38.0359 0764 KSecDD (c6ebf1d6ad71df30db49b8d3287e1368) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/02/06 19:08:38.0500 0764 lirsgt (8ccf9ed46d52af1375875f74a91ffacf) C:\WINDOWS\system32\DRIVERS\lirsgt.sys
2011/02/06 19:08:38.0671 0764 MBAMProtector (836e0e09ca9869be7eb39ef2cf3602c7) C:\WINDOWS\system32\drivers\mbam.sys
2011/02/06 19:08:38.0781 0764 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/02/06 19:08:38.0968 0764 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/02/06 19:08:39.0156 0764 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
2011/02/06 19:08:39.0343 0764 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/02/06 19:08:39.0453 0764 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/02/06 19:08:39.0546 0764 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/02/06 19:08:39.0625 0764 MRxDAV (0a25b866933d126d1e831fd025a278c2) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/02/06 19:08:39.0734 0764 MRxSmb (d09b9f0b9960dd41e73127b7814c115f) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/02/06 19:08:39.0843 0764 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/02/06 19:08:39.0968 0764 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/02/06 19:08:40.0078 0764 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/02/06 19:08:40.0156 0764 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/02/06 19:08:40.0375 0764 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/02/06 19:08:40.0531 0764 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/02/06 19:08:40.0640 0764 Mup (6546fe6639499fa4bef180bdf08266a1) C:\WINDOWS\system32\drivers\Mup.sys
2011/02/06 19:08:40.0703 0764 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/02/06 19:08:40.0843 0764 NDIS (b5b1080d35974c0e718d64280761bcd5) C:\WINDOWS\system32\drivers\NDIS.sys
2011/02/06 19:08:40.0953 0764 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/02/06 19:08:41.0093 0764 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/02/06 19:08:41.0265 0764 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/02/06 19:08:41.0328 0764 NdisWan (b053a8411045fd0664b389a090cb2bbc) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/02/06 19:08:41.0468 0764 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/02/06 19:08:41.0546 0764 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/02/06 19:08:41.0578 0764 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/02/06 19:08:41.0765 0764 NETw4x32 (d57258165aba8162de8e29d71487fc4b) C:\WINDOWS\system32\DRIVERS\NETw4x32.sys
2011/02/06 19:08:42.0312 0764 nmwcd (c3963d85b721a7f80d8a55f4e2867a3a) C:\WINDOWS\system32\drivers\ccdcmb.sys
2011/02/06 19:08:42.0453 0764 nmwcdc (3859c69a77793180548802dac9f34a38) C:\WINDOWS\system32\drivers\ccdcmbo.sys
2011/02/06 19:08:42.0578 0764 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/02/06 19:08:42.0656 0764 Ntfs (a0857c97770034fd2af17dc4014b5abd) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/02/06 19:08:42.0765 0764 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/02/06 19:08:43.0421 0764 nv (18c9b152da7bea76b2f9e4b6412e0aaf) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/02/06 19:08:45.0000 0764 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/02/06 19:08:45.0015 0764 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/02/06 19:08:45.0140 0764 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2011/02/06 19:08:45.0156 0764 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/02/06 19:08:45.0203 0764 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/02/06 19:08:45.0312 0764 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
2011/02/06 19:08:45.0468 0764 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/02/06 19:08:45.0578 0764 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/02/06 19:08:45.0656 0764 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/02/06 19:08:45.0734 0764 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
2011/02/06 19:08:46.0093 0764 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/02/06 19:08:46.0203 0764 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/02/06 19:08:46.0250 0764 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/02/06 19:08:46.0328 0764 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/02/06 19:08:46.0609 0764 RapportCerberus_19917 (539fbdcff37a24102c507092b333ec2b) C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\19917\RapportCerberus_19917.sys
2011/02/06 19:08:46.0843 0764 RapportPG (c9b8a131aaf77d969cbc3987537b319d) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
2011/02/06 19:08:46.0968 0764 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/02/06 19:08:47.0109 0764 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/02/06 19:08:47.0203 0764 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/02/06 19:08:47.0281 0764 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/02/06 19:08:47.0343 0764 Rdbss (9629383f70db691cb6aa5bbd828cd9a9) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/02/06 19:08:47.0375 0764 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/02/06 19:08:47.0625 0764 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/02/06 19:08:47.0765 0764 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/02/06 19:08:47.0875 0764 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
2011/02/06 19:08:48.0046 0764 RivaTuner32 (c0c8909be3ecc9df8089112bf9be954e) C:\Program Files\RivaTuner v2.22\RivaTuner32.sys
2011/02/06 19:08:48.0171 0764 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2011/02/06 19:08:48.0453 0764 rspndr (743d7d59767073a617b1dcc6c546f234) C:\WINDOWS\system32\DRIVERS\rspndr.sys
2011/02/06 19:08:48.0671 0764 RTLE8023xp (89619ef503f949fae09252a8b883ee11) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
2011/02/06 19:08:48.0796 0764 s116bus (815445f4676cc96bc9aeec303c727e19) C:\WINDOWS\system32\DRIVERS\s116bus.sys
2011/02/06 19:08:49.0031 0764 s116mdfl (333d1e0743e6de1779c3c418ac601c3a) C:\WINDOWS\system32\DRIVERS\s116mdfl.sys
2011/02/06 19:08:49.0203 0764 s116mdm (50d6e5b021e9ec7553ab8a3553cc1b6b) C:\WINDOWS\system32\DRIVERS\s116mdm.sys
2011/02/06 19:08:49.0421 0764 s116obex (ec32601f04a5a5de89315d0f55e73d66) C:\WINDOWS\system32\DRIVERS\s116obex.sys
2011/02/06 19:08:49.0625 0764 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/02/06 19:08:49.0781 0764 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
2011/02/06 19:08:49.0875 0764 SASKUTIL (67d2688756dd304af655349baad82bff) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/02/06 19:08:50.0156 0764 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/02/06 19:08:50.0281 0764 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/02/06 19:08:50.0375 0764 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2011/02/06 19:08:50.0484 0764 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/02/06 19:08:50.0656 0764 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/02/06 19:08:50.0921 0764 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/02/06 19:08:51.0046 0764 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\System32\Drivers\sptd.sys
2011/02/06 19:08:51.0421 0764 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/02/06 19:08:51.0500 0764 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/02/06 19:08:51.0625 0764 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/02/06 19:08:51.0765 0764 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/02/06 19:08:51.0875 0764 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/02/06 19:08:52.0078 0764 SynTP (7b70299794a7dbac6f4910fffcfdf208) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/02/06 19:08:52.0265 0764 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/02/06 19:08:52.0328 0764 Tcpip (ce42c0c1c33cebd799056525461c523b) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/02/06 19:08:52.0468 0764 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/02/06 19:08:52.0531 0764 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/02/06 19:08:52.0609 0764 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/02/06 19:08:52.0812 0764 truecrypt (fac6431ba75c6b68553d168d29f470f2) C:\WINDOWS\system32\drivers\truecrypt.sys
2011/02/06 19:08:53.0062 0764 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/02/06 19:08:53.0250 0764 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/02/06 19:08:53.0390 0764 upperdev (0ccadc7391021376edbb8aa649d04e68) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
2011/02/06 19:08:53.0515 0764 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/02/06 19:08:53.0765 0764 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/02/06 19:08:53.0906 0764 usbccgp (c18d6c74953621346df6b0a11f80c1cc) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/02/06 19:08:54.0093 0764 usbehci (152ee0baa614388273a0b9ae9c9fd5a0) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/02/06 19:08:54.0203 0764 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/02/06 19:08:54.0359 0764 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/02/06 19:08:54.0500 0764 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/02/06 19:08:54.0609 0764 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys
2011/02/06 19:08:54.0796 0764 UsbserFilt (68b4f83cccf70a2ff32ee142c234332a) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
2011/02/06 19:08:55.0000 0764 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/02/06 19:08:55.0093 0764 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/02/06 19:08:55.0171 0764 VComm (51750b0539986186c6931fc40d171521) C:\WINDOWS\system32\DRIVERS\VComm.sys
2011/02/06 19:08:55.0296 0764 VcommMgr (6d9c891c0a761afed1f3609c2e56f2b9) C:\WINDOWS\system32\Drivers\VcommMgr.sys
2011/02/06 19:08:55.0515 0764 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/02/06 19:08:55.0656 0764 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/02/06 19:08:55.0796 0764 vsdatant (050c38ebb22512122e54b47dc278bccd) C:\WINDOWS\system32\vsdatant.sys
2011/02/06 19:08:56.0281 0764 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/02/06 19:08:56.0390 0764 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/02/06 19:08:56.0578 0764 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/02/06 19:08:56.0765 0764 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/02/06 19:08:56.0906 0764 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/02/06 19:08:57.0031 0764 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/02/06 19:08:57.0078 0764 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/02/06 19:08:58.0484 0764 ===========================================================================
=====
2011/02/06 19:08:58.0484 0764 Scan finished
2011/02/06 19:08:58.0484 0764 ===========================================================================
=====

Link to post
Share on other sites

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  • Double click on ComboFix.exe & follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
    Note: If you have XP SP3, use the XP SP2 package.
    If Vista or Windows 7, skip the Recovery Console part
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

ComboFix 11-02-05.01 - Cunny 07/02/2011 14:48:43.1.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1022.502 [GMT 0:00]

Running from: c:\documents and settings\Cunny\Desktop\ComboFix.exe

AV: ESET NOD32 Antivirus 3.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

FW: ZoneAlarm Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Cunny\Application Data\inst.exe

c:\program files\Common Files\InstallShield\UpdateService\issch.exe

c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe

c:\program files\Common

c:\program files\Common\VsoVprev.ax

c:\program files\Nuance\NaturallySpeaking10\Ereg\Ereg.exe

c:\windows\system\WINSPOOL.DRV

c:\windows\system32\regw2.exe

E:\Autorun.inf

c:\windows\system32\msgsvc.dll . . . is infected!!

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_npf

((((((((((((((((((((((((( Files Created from 2011-01-07 to 2011-02-07 )))))))))))))))))))))))))))))))

.

2011-02-04 14:09 . 2011-02-04 14:09 -------- d-----w- c:\program files\SDA

2011-02-02 12:30 . 2011-02-02 12:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Bluetooth

2011-02-02 12:24 . 2011-02-02 12:24 -------- d-----w- c:\program files\IVT Corporation

2011-02-01 00:31 . 2011-02-01 00:31 -------- d-----w- c:\program files\iPod

2011-01-30 20:33 . 2011-01-30 20:33 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield

2011-01-30 20:29 . 2011-01-30 20:29 -------- d-----w- c:\program files\Common Files\ScanSoft Shared

2011-01-30 20:29 . 2011-01-30 20:29 -------- d-----w- c:\documents and settings\All Users\Application Data\ScanSoft

2011-01-30 20:28 . 2011-01-30 20:28 -------- d-----w- c:\program files\Common Files\Nuance

2011-01-30 20:28 . 2011-01-30 20:28 -------- d-----w- c:\program files\Nuance

2011-01-28 10:56 . 2008-04-14 00:15 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys

2011-01-28 10:56 . 2008-04-14 00:15 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys

2011-01-28 10:56 . 2008-04-22 14:09 32384 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys

2011-01-28 10:56 . 2008-04-22 14:09 32384 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2011-01-23 06:08 . 2011-01-30 20:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Nuance

2011-01-23 06:08 . 2011-01-23 06:08 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet

2011-01-23 06:08 . 2011-01-30 20:33 -------- d-----w- c:\windows\speech

2011-01-23 02:14 . 2011-01-08 03:27 837736 ----a-w- c:\windows\system32\nvgenco322040.dll

2011-01-23 02:14 . 2011-01-08 03:27 941160 ----a-w- c:\windows\system32\nvdispco322090.dll

2011-01-14 02:31 . 2011-01-14 02:31 -------- d-----w- c:\program files\Common Files\PCSuite

2011-01-10 22:24 . 2011-01-10 22:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Canon IJ Network Tool

2011-01-10 22:24 . 2010-03-18 19:25 307200 ----a-w- c:\windows\system32\CNC5200L.dll

2011-01-10 22:24 . 2010-03-18 17:12 1335296 ----a-w- c:\windows\system32\CNC5200C.dll

2011-01-10 22:24 . 2010-03-18 17:12 114688 ----a-w- c:\windows\system32\CNC5200I.dll

2011-01-10 22:24 . 2010-03-18 17:11 106496 ----a-w- c:\windows\system32\CNC5200U.dll

2011-01-10 22:24 . 2008-08-25 18:02 15872 ----a-w- c:\windows\system32\CNHMCA.dll

2011-01-10 22:23 . 2011-01-10 22:23 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonBJ

2011-01-10 22:14 . 2011-01-10 22:14 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonIJMyPrinter

2011-01-10 21:20 . 2011-01-10 21:20 -------- d-----w- C:\spoolerlogs

2011-01-10 20:18 . 2011-01-10 22:44 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJPLM

2011-01-10 20:00 . 2011-01-10 20:00 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJMSetup

2011-01-10 20:00 . 2011-01-10 20:00 -------- d-----w- c:\program files\Common Files\CANON

2011-01-10 19:58 . 2010-08-25 05:00 73216 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPPAE.DLL

2011-01-10 19:58 . 2010-08-25 05:00 27648 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPDAE.DLL

2011-01-10 19:58 . 2010-08-25 05:00 290816 ----a-w- c:\windows\system32\CNMLMAE.DLL

2011-01-10 19:58 . 2011-01-10 19:58 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information

2011-01-10 19:57 . 2010-03-11 08:56 180224 ----a-w- c:\windows\system32\CNMIUAE.DLL

2011-01-10 19:57 . 2011-01-10 19:57 -------- d--h--w- c:\program files\CanonBJ

2011-01-10 19:57 . 2011-01-10 19:57 -------- d-----w- c:\windows\system32\STRING

2011-01-10 19:57 . 2010-02-05 01:37 34816 ----a-w- c:\windows\system32\CNMNPUI.DLL

2011-01-10 19:57 . 2010-02-05 01:37 340992 ----a-w- c:\windows\system32\CNMNPPM.DLL

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-01-08 03:27 . 2010-09-02 15:28 61440 ----a-w- c:\windows\system32\OpenCL.dll

2011-01-08 03:27 . 2010-09-02 15:28 2916968 ----a-w- c:\windows\system32\nvcuvid.dll

2011-01-08 03:27 . 2010-09-02 15:28 2251368 ----a-w- c:\windows\system32\nvcuvenc.dll

2011-01-08 03:27 . 2010-09-02 15:28 14671872 ----a-w- c:\windows\system32\nvoglnt.dll

2011-01-08 03:27 . 2010-09-02 15:28 4980736 ----a-w- c:\windows\system32\nvcuda.dll

2011-01-08 03:27 . 2010-09-02 15:28 1958400 ----a-w- c:\windows\system32\nvapi.dll

2011-01-08 03:27 . 2010-09-02 15:28 13004800 ----a-w- c:\windows\system32\nvcompiler.dll

2011-01-08 03:27 . 2010-03-08 13:54 6397824 ----a-w- c:\windows\system32\nv4_disp.dll

2011-01-08 03:27 . 2010-03-08 13:54 9888672 ----a-w- c:\windows\system32\drivers\nv4_mini.sys

2011-01-07 19:58 . 2011-01-07 19:58 282624 ----a-w- c:\windows\system32\nvrsel.dll

2011-01-07 19:58 . 2011-01-07 19:58 274432 ----a-w- c:\windows\system32\nvrsesm.dll

2011-01-07 19:58 . 2011-01-07 19:58 253952 ----a-w- c:\windows\system32\nvrsth.dll

2011-01-07 19:58 . 2011-01-07 19:58 249856 ----a-w- c:\windows\system32\nvrseng.dll

2011-01-07 19:58 . 2011-01-07 19:58 126976 ----a-w- c:\windows\system32\nvrszht.dll

2011-01-07 19:58 . 2011-01-07 19:58 331776 ----a-w- c:\windows\system32\nvrshe.dll

2011-01-07 19:58 . 2011-01-07 19:58 286720 ----a-w- c:\windows\system32\nvrsfr.dll

2011-01-07 19:58 . 2011-01-07 19:58 274432 ----a-w- c:\windows\system32\nvrsnl.dll

2011-01-07 19:58 . 2011-01-07 19:58 270336 ----a-w- c:\windows\system32\nvrsru.dll

2011-01-07 19:58 . 2011-01-07 19:58 262144 ----a-w- c:\windows\system32\nvrshu.dll

2011-01-07 19:58 . 2011-01-07 19:58 258048 ----a-w- c:\windows\system32\nvrssl.dll

2011-01-07 19:58 . 2011-01-07 19:58 253952 ----a-w- c:\windows\system32\nvrsda.dll

2011-01-07 19:58 . 2011-01-07 19:58 249856 ----a-w- c:\windows\system32\nvrsfi.dll

2011-01-07 19:58 . 2011-01-07 19:58 229376 ----a-w- c:\windows\system32\nvrszhc.dll

2011-01-07 19:58 . 2011-01-07 19:58 335872 ----a-w- c:\windows\system32\nvrsar.dll

2011-01-07 19:58 . 2011-01-07 19:58 282624 ----a-w- c:\windows\system32\nvrses.dll

2011-01-07 19:58 . 2011-01-07 19:58 278528 ----a-w- c:\windows\system32\nvrsde.dll

2011-01-07 19:58 . 2011-01-07 19:58 270336 ----a-w- c:\windows\system32\nvrsptb.dll

2011-01-07 19:58 . 2011-01-07 19:58 266240 ----a-w- c:\windows\system32\nvrsko.dll

2011-01-07 19:58 . 2011-01-07 19:58 258048 ----a-w- c:\windows\system32\nvrstr.dll

2011-01-07 19:58 . 2011-01-07 19:58 258048 ----a-w- c:\windows\system32\nvrssk.dll

2011-01-07 19:58 . 2011-01-07 19:58 253952 ----a-w- c:\windows\system32\nvrssv.dll

2011-01-07 19:58 . 2011-01-07 19:58 253952 ----a-w- c:\windows\system32\nvrsno.dll

2011-01-07 19:58 . 2011-01-07 19:58 249856 ----a-w- c:\windows\system32\nvrscs.dll

2011-01-07 19:58 . 2011-01-07 19:58 282624 ----a-w- c:\windows\system32\nvrsit.dll

2011-01-07 19:58 . 2011-01-07 19:58 274432 ----a-w- c:\windows\system32\nvrspt.dll

2011-01-07 19:58 . 2011-01-07 19:58 270336 ----a-w- c:\windows\system32\nvrsja.dll

2011-01-07 19:58 . 2011-01-07 19:58 258048 ----a-w- c:\windows\system32\nvrspl.dll

2011-01-07 19:58 . 2011-01-07 19:58 81920 ----a-w- c:\windows\system32\nvwddi.dll

2011-01-07 19:58 . 2011-01-07 19:58 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll

2011-01-07 19:58 . 2011-01-07 19:58 277608 ----a-w- c:\windows\system32\nvmccs.dll

2011-01-07 19:58 . 2011-01-07 19:58 156776 ----a-w- c:\windows\system32\nvsvc32.exe

2011-01-07 19:58 . 2011-01-07 19:58 145000 ----a-w- c:\windows\system32\nvcolor.exe

2011-01-07 19:58 . 2011-01-07 19:58 13880424 ----a-w- c:\windows\system32\nvcpl.dll

2011-01-07 19:58 . 2011-01-07 19:58 111208 ----a-w- c:\windows\system32\nvmctray.dll

2010-12-20 18:09 . 2010-02-26 14:18 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-12-20 18:08 . 2010-02-26 14:18 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-11-29 17:38 . 2010-11-29 17:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2010-11-29 17:38 . 2010-11-29 17:38 69632 ----a-w- c:\windows\system32\QuickTime.qts

2010-11-18 18:12 . 2008-11-27 22:03 81920 ----a-w- c:\windows\system32\isign32.dll

2010-11-12 18:53 . 2010-05-06 22:11 472808 ----a-w- c:\windows\system32\deployJava1.dll

2010-11-12 16:34 . 2009-05-12 23:53 73728 ----a-w- c:\windows\system32\javacpl.cpl

.

------- Sigcheck -------

[7] 2001-08-23 . 367DE8E5F638C091F49273144274F629 . 361600 . . [5.1.2600.5649] . . c:\windows\system32\dllcache\tcpip.sys

[-] 2001-08-23 . CE42C0C1C33CEBD799056525461C523B . 361600 . . [5.1.2600.5649] . . c:\windows\system32\drivers\tcpip.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Eraser"="c:\program files\Eraser\eraser.exe" [2009-12-16 337808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-05 827392]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2001-08-23 110592]

"RTHDCPL"="RTHDCPL.EXE" [2009-12-10 18789920]

"GenePccMon.exe"="c:\program files\Genesys PC Camera Device\GenePccMon.exe" [2007-02-13 36864]

"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-10-07 1461080]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-09-02 1043968]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-20 443728]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-24 2516296]

"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-08-24 206240]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-07 13880424]

"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"RunNarrator"="Narrator.exe" [2001-08-23 53760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-5-17 24576]

Privoxy.lnk - c:\program files\Vidalia Bundle\Privoxy\privoxy.exe [2006-11-20 250368]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2010-09-23 03:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

2009-12-10 17:00 64032 ----a-w- c:\windows\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

2008-12-10 09:02 216520 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

2005-02-16 16:15 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2011-01-07 19:58 13880424 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]

2009-03-20 14:32 1312256 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-11-29 17:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

2009-12-10 17:00 18789920 ----a-w- c:\windows\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\SoulseekNS\\slsk.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\loom\\Loom.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil_.exe"=

R0 iastor78;iastor78;c:\windows\system32\drivers\iastor78.sys [8/23/2001 9:00 AM 308248]

S1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [10/7/2009 8:18 AM 35168]

S1 RapportCerberus_19917;RapportCerberus_19917;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\19917\RapportCerberus_19917.sys [10/3/2010 11:54 PM 34792]

S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [10/3/2010 11:43 PM 169320]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 10:25 AM 12872]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2010 10:15 AM 66632]

S2 DragonSvc;Dragon Service;c:\program files\Common Files\Nuance\dgnsvc.exe --> c:\program files\Common Files\Nuance\dgnsvc.exe [?]

S2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [10/7/2009 8:16 AM 472280]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2/26/2010 2:18 PM 363344]

S2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [12/16/2009 9:11 AM 65856]

S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [8/23/2001 9:00 AM 3584]

S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [10/3/2010 11:43 PM 767208]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [1/6/2010 2:24 PM 1691480]

S3 cpuz130;cpuz130;\??\c:\docume~1\Cunny\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\Cunny\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]

S3 DCamUSBGene;GenesysLogic USB2.0 PC Camera;c:\windows\system32\drivers\USBGENE.sys [4/22/2007 1:45 AM 131584]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2/26/2010 2:18 PM 20952]

S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 10:15 AM 12872]

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [11/28/2008 12:39 AM 691696]

.

Contents of the 'Scheduled Tasks' folder

2011-02-02 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 12:34]

.

.

------- Supplementary Scan -------

.

TCP: {DF45A2A3-4B30-49F2-A870-8CAFF8396386} = 194.168.4.100,194.168.8.100

DPF: {FD0EBBED-0C42-4D0F-82DA-44399B5C420A} - hxxp://downloads.virginmedia.com/CST/ver1/xp_mail.cab

FF - ProfilePath - c:\documents and settings\Cunny\Application Data\Mozilla\Firefox\Profiles\moq5grbu.default\

.

- - - - ORPHANS REMOVED - - - -

HKLM-Run-DNS7reminder - c:\program files\Nuance\NaturallySpeaking10\Ereg\Ereg.exe

Notify-WgaLogon - (no file)

SafeBoot-WudfPf

SafeBoot-WudfRd

MSConfigStartUp-Easy-PrintToolBox - c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE

MSConfigStartUp-ISUSScheduler - c:\program files\Common Files\InstallShield\UpdateService\issch.exe

MSConfigStartUp-nwiz - nwiz.exe

MSConfigStartUp-SSBkgdUpdate - c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe

AddRemove-FrostWire - n:\new folder\FrostWire\Uninstall.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-02-07 18:06

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

GenePccMon.exe = c:\program files\Genesys PC Camera Device\GenePccMon.exe???????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(248)

c:\program files\SUPERAntiSpyware\SASWINLO.dll

c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(1564)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\msi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\rundll32.exe

.

**************************************************************************

.

Completion time: 2011-02-07 18:10:13 - machine was rebooted

ComboFix-quarantined-files.txt 2011-02-07 18:10

Pre-Run: 12,197,154,816 bytes free

Post-Run: 13,577,383,936 bytes free

Current=4 Default=4 Failed=2 LastKnownGood=3 Sets=1,2,3,4

- - End Of File - - 5587E07696E6BDB8C44BAE71A73248FA

Link to post
Share on other sites

Good job thumbup.gif

The following will implement some cleanup procedures as well as reset System Restore points:

For XP:

  • Click START run
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

For Vista / Windows 7

  • Click START Search
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

If you used DeFogger

To re-enable your Emulation drivers, double click DeFogger to run the tool.

  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled.

Here's my usual all clean post

To be on the safe side, I would also change all my passwords.

This infection appears to have been cleaned, but as the malware could be configured to run any program a remote attacker requires, it's impossible to be 100% sure that any machine is clean.

Log looks good :)

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    1. From within Internet Explorer click on the Tools menu and then click on Options.
    2. Click once on the Security tab
    3. Click once on the Internet icon so it becomes highlighted.
    4. Click once on the Custom Level button.
    5. Change the Download signed ActiveX controls to Prompt
    6. Change the Download unsigned ActiveX controls to Disable
    7. Change the Initialize and script ActiveX controls not marked as safe to Disable
    8. Change the Installation of desktop items to Prompt
    9. Change the Launching programs and files in an IFRAME to Prompt
    10. Change the Navigate sub-frames across different domains to Prompt
    11. When all these settings have been made, click on the OK button.
    12. If it prompts you as to whether or not you want to save the settings, press the Yes button.
    13. Next press the Apply button and then the OK to exit the Internet Properties page.

    [*]Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week

    (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

    [*]Use a Firewall - I can not stress how important it is that you use a Firewall on your computer.

    Without a firewall your computer is succeptible to being hacked and taken over.

    I am very serious about this and see it happen almost every day with my clients.

    Simply using a Firewall in its default configuration can lower your risk greatly.

    [*] WOT , Web of Trust, As 'Googling' is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

    Green to go

    Yellow for caution

    Red to stop

    WOT has an addon available for both Firefox and IE.

    [*]Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly.

    This will ensure your computer has always the latest security updates available installed on your computer.

    If there are new updates to install, install them immediately, reboot your computer, and revisit the site

    until there are no more critical updates.

Only run one Anti-Virus and Firewall program.

I would suggest you read:

PC Safety and Security--What Do I Need?.

How to Prevent Malware:

Link to post
Share on other sites

I do use Bluetooth, yeah.

It is only MBAM that complains about it, but I read somewhere that the IP it's trying to contact is supposed to be malicious - Nothing concrete. It seems to work even though it's being blocked. Should I unblock and chance it? I have good Antivirus/Antimalware software.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.