Jump to content

Infected and fustrated


Recommended Posts

Cant get rid of an infection, I've spent days downloading and running various scans also in safe mode, system restores and everything i can think of. ANy help would be greatly appreciated, I've never used hijackthis or submitted my problem to a forum, always been able to figure it out on my own (maybe this is the first time Ive gotten something nasty?) Two files just keep coming back over and over.

Malwarebytes' Anti-Malware 1.31

Database version: 1512

Windows 5.1.2600 Service Pack 2

12/18/2008 5:16:10 AM

mbam-log-2008-12-18 (05-16-10).txt

Scan type: Quick Scan

Objects scanned: 46172

Time elapsed: 2 minute(s), 38 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 2

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

;*******************************************************************************

********************************************************************************

*

*******************

ANALYSIS: 2008-12-18 05:05:49

PROTECTIONS: 1

MALWARE: 7

SUSPECTS: 5

;*******************************************************************************

********************************************************************************

*

*******************

PROTECTIONS

Description Version Active Updated

;===============================================================================

================================================================================

=

===================

ESET NOD32 Antivirus 3.0 3.0 Yes Yes

;===============================================================================

================================================================================

=

===================

MALWARE

Id Description Type Active Severity Disinfectable Disinfected Location

;===============================================================================

================================================================================

=

===================

00029434 spyware/virtumonde Spyware No 1 Yes No hkey_local_machine\software\microsoft\ms track system

00029434 spyware/virtumonde Spyware No 1 Yes No hkey_local_machine\software\microsoft\ms juan

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Russ & Angela\Cookies\russ & angela@atdmt[1].txt

00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Russ & Angela\Cookies\russ & angela@advertising[1].txt

00475627 Bck/Bifrose.BHN Virus/Trojan No 1 Yes No C:\Documents and Settings\Russ & Angela\My Documents\Azureus Downloads\WindowsBlinds.6.Enhanced-EMBRACE\Keyfilemaker.+.Patch.by.EMBRACE\keygen.exe

03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\WINDOWS\System32\zlhxzt.dll

03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\WINDOWS\system32\zlhxzt.dll

03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\Documents and Settings\Russ & Angela\My Documents\Azureus Downloads\BitDefender Total Security 2008 V11.0.15+Keygen(Patch)-HeartBug\Patch.exe

03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\WINDOWS\system32\qwunhons.dll

03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\WINDOWS\system32\zlhxzt.dll

04357894 Generic Trojan Virus/Trojan No 0 Yes No C:\WINDOWS\system32\mjrlif.dll

04380209 Generic Trojan Virus/Trojan No 0 Yes No C:\WINDOWS\system32\cyoxpdon.dll

;===============================================================================

================================================================================

=

===================

SUSPECTS

Sent Location K

;===============================================================================

================================================================================

=

===================

No C:\Documents and Settings\Russ & Angela\My Documents\Azureus Downloads\NOD32 Antivirus 3.0.642(with unlimited update fix)\NOD32 Antivirus 3.0.642(with unlimited update fix)\Fix\NOD32_v3.0.642_32bit_FiX_1.2-TemDono.exe

No C:\Documents and Settings\Russ & Angela\My Documents\Azureus Downloads\NOD32 Antivirus 3.0.642(with unlimited update fix)\NOD32 Antivirus 3.0.642(with unlimited update fix).rar[NOD32 Antivirus 3.0.642(with unlimited update fix)\Fix\NOD32_v3.0.642_32bit_FiX_1.2-TemDono.exe]

No C:\Documents and Settings\Russ & Angela\My Documents\Azureus Downloads\NOD32 Antivirus 3.0.642(with unlimited update fix).rar[NOD32 Antivirus 3.0.642(with unlimited update fix)\NOD32 Antivirus 3.0.642(with unlimited update fix)\Fix\NOD32_v3.0.642_32bit_FiX_1.2-TemDono.exe]

No C:\Documents and Settings\Russ & Angela\My Documents\Azureus Downloads\NOD32 Antivirus 3.0.642(with unlimited update fix).rar[NOD32 Antivirus 3.0.642(with unlimited update fix)\NOD32 Antivirus 3.0.642(with unlimited update fix).rar][NOD32 Antivirus 3.0.642(with unlimited update fix)\Fix\NOD32_v3.0.642_32bit_FiX_1.2-TemDono.exe]

No C:\Documents and Settings\Russ & Angela\My Documents\Azureus Downloads\Stardock Object Desktop Suite.rar[stardock Object Desktop Suite\IconPackager.zip][KeyGen.exe]

;===============================================================================

================================================================================

=

===================

VULNERABILITIES

Id Severity Description K

;===============================================================================

================================================================================

=

===================

184379 MEDIUM MS08-001 K

182048 HIGH MS07-069 K

182043 HIGH MS07-064 K

176382 HIGH MS07-057 K

170907 HIGH MS07-046 K

170906 HIGH MS07-045 K

170904 HIGH MS07-043 K

164913 HIGH MS07-033 K

160623 HIGH MS07-027 K

150253 HIGH MS07-016 K

141030 HIGH MS06-072 K

137568 HIGH MS06-067 K

133386 MEDIUM MS06-064 K

129976 MEDIUM MS06-052 K

126083 HIGH MS06-042 K

120825 MEDIUM MS06-032 K

120814 HIGH MS06-021 K

114664 HIGH MS06-013 K

108743 MEDIUM MS06-007 K

93394 HIGH MS05-050 K

;===============================================================================

================================================================================

=

===================

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 5:06:28 AM, on 12/18/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe

C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe

C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe

C:\Program Files\PowerISO\PWRISOVM.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\program files\valve\steam\steam.exe

C:\Program Files\RocketDock\RocketDock.exe

C:\Program Files\DesktopEarth\DesktopEarth.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Vuze\Azureus.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: (no name) - {0D8592D8-B2B4-45A2-B24D-A3CDDE6000B1} - (no file)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {66f7b06a-67d5-4751-b871-b089453f59b5} - (no file)

O2 - BHO: (no name) - {75F324ED-B35A-4240-8751-359723C61D62} - (no file)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe"

O4 - HKLM\..\Run: [CPU Power Monitor] "C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe"

O4 - HKLM\..\Run: [Cpu Level Up help] C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [bootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs

O4 - HKCU\..\Run: [steam] "c:\program files\valve\steam\steam.exe" -silent

O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"

O4 - Startup: DesktopEarth AutoStart.lnk = ?

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab

O20 - AppInit_DLLs: wbsys.dll zlhxzt.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--

End of file - 5481 bytes

Link to post
Share on other sites

  • Staff

Hello, I'm Tom, part of Malwarebytes support team and I'll be assisting you today.

At any point if you're unsure of the directions presented to you below, don't hesitate to come back for clarification. It may help if you print them out. Also please remember to subscribe or track this topic for replies so you'll be alerted when I post back continuing instructions.

I'm seeing several items needing attention, but I'd like to collect more information from the system before we begin to use any removal tools.

Please download OTListIt from here.

  • Save the file to your desktop.
  • Once on the desktop double click OTListit.exe and the application will open.
  • Be sure the 'Use Whitelist' box is ticked.
  • From the 'File Ages' drop down menu, please select '14 days'
  • Then click the 'Run Scan' button.

The scan will produce 2 logs for you, one will be minimized, please post both logs here for me to review. We'll continue with additional steps if required based on the output of these logs

Link to post
Share on other sites

Guest remixed

I am not authorised to advise or assist you with your malware problem so my comment should be viewed as constuctive observation. It is clear that your entire P.C security is based on hacked/cracked and patched software (as well as a number of non-security programs) I am not judging you, but have you ever considered the folly of using non-authorised versions as your defence against security attacks?

For example see http://spywarefiles.prevx.com/RRIJIB451030...EMDONO.EXE.html which is kinda relevant. Good luck!

Link to post
Share on other sites

OTListIt logfile created on: 12/23/2008 5:30:32 AM - Run

OTListIt2 by OldTimer - Version 1.0.1.0 Folder = C:\Documents and Settings\Russ & Angela\Desktop

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.12 Gb Available Physical Memory | 56.19% Memory free

4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free

Paging file location(s): C:\pagefile.sys 4092 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 465.75 Gb Total Space | 288.38 Gb Free Space | 61.92% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

Drive F: | 3.73 Gb Total Space | 3.65 Gb Free Space | 98.06% Space Free | Partition Type: FAT32

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: RUSSELL-F6A64F0

Current User Name: Russ & Angela

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Output = Standard

File Age = 14 Days

Company Name Whitelist: On

========== Processes (SafeList) ==========

[2006/12/18 07:34:36 | 00,868,352 | R--- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe

[2006/07/13 06:12:26 | 00,729,088 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMax4.exe

[2007/09/06 10:19:14 | 01,426,432 | ---- | M] () -- C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe

[2007/09/06 18:57:52 | 00,626,688 | ---- | M] () -- C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe

[2007/09/11 09:32:54 | 00,880,640 | ---- | M] () -- C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe

[2008/07/07 01:34:59 | 00,167,936 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE

[2008/02/20 11:06:58 | 01,443,072 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

[2004/08/04 06:00:00 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe

[2008/10/12 08:55:52 | 01,410,296 | ---- | M] (Valve Corporation) -- C:\Program Files\Valve\Steam\steam.exe

[2007/09/02 13:58:52 | 00,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe

[2008/07/08 17:41:02 | 02,828,184 | ---- | M] (PC Tools) -- C:\Program Files\Registry Mechanic\RegMech.exe

[2004/08/04 06:00:00 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe

[2006/03/10 02:15:02 | 00,749,568 | ---- | M] (CodeFromThe70s.org) -- C:\Program Files\DesktopEarth\DesktopEarth.exe

[2008/09/10 15:50:26 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

[2008/02/20 11:08:46 | 00,472,320 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

[2006/12/14 16:49:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe

[2008/11/12 14:54:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe

[2004/08/04 06:00:00 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe

[2008/06/21 11:49:02 | 00,030,208 | ---- | M] (CPUID) -- C:\Program Files\PC Wizard 2008\PC Wizard.exe

[2008/09/21 10:37:04 | 00,312,320 | ---- | M] (CPUID) -- C:\Program Files\PC Wizard 2008\pcwizard.dll

[2008/12/17 17:49:03 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

[2007/12/03 19:28:42 | 00,254,976 | ---- | M] (Azureus Inc) -- C:\Program Files\Vuze\Azureus.exe

[2008/12/23 05:29:28 | 00,419,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Russ & Angela\Desktop\OTListIt2.exe

========== (O23) Win32 Services (SafeList) ==========

[2008/09/10 15:50:26 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])

[2005/09/23 06:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])

[2005/09/23 06:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])

[2008/02/20 11:14:52 | 00,019,200 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv [On_Demand | Stopped])

[2008/02/20 11:08:46 | 00,472,320 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn [Auto | Running])

[2006/12/14 16:49:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])

[2006/12/23 16:54:04 | 00,262,144 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Stopped])

[2004/08/04 06:00:00 | 00,003,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\regedt32.exe -- (NOD32FiXTemDono [Auto | Stopped])

[2008/11/12 14:54:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])

[2006/10/18 19:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

[2007/01/15 19:09:06 | 00,293,888 | R--- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService [On_Demand | Running])

[2006/08/06 16:57:30 | 00,093,952 | R--- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (AEAudio [On_Demand | Running])

[2006/10/18 13:12:16 | 00,012,664 | R--- | M] () -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO [system | Running])

[2008/02/20 11:01:30 | 00,039,944 | ---- | M] (ESET) -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon [Auto | Running])

[2008/02/20 11:02:22 | 00,029,704 | ---- | M] (ESET) -- C:\WINDOWS\system32\drivers\easdrv.sys -- (easdrv [system | Running])

[2008/02/20 11:11:16 | 00,033,800 | ---- | M] () -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir [system | Running])

[2004/10/27 14:21:36 | 00,138,240 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus [On_Demand | Running])

[2004/08/12 20:56:20 | 00,005,810 | R--- | M] () -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor [On_Demand | Running])

[2008/11/12 14:54:00 | 06,188,320 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])

[2008/06/19 17:24:30 | 00,028,544 | ---- | M] (Panda Security, S.L.) -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot [boot | Running])

[2008/12/13 20:53:16 | 00,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\system32\drivers\pcouffin.sys -- (pcouffin [On_Demand | Stopped])

[2004/08/04 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])

[2008/08/05 16:02:08 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\PxHelp20.sys -- (PxHelp20 [boot | Running])

[2008/07/07 01:40:49 | 00,056,108 | ---- | M] (PowerISO Computing, Inc.) -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu [system | Running])

[2007/11/13 04:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])

[2006/03/17 03:18:58 | 00,392,960 | R--- | M] (Sensaura) -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService [On_Demand | Running])

[2002/01/01 02:28:31 | 00,685,816 | ---- | M] () -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd [boot | Running])

[2008/09/10 15:45:18 | 00,032,000 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])

[2004/08/04 06:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL [Disabled | Stopped])

[2007/06/08 09:15:00 | 00,262,912 | ---- | M] (Marvell) -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp [On_Demand | Running])

[2008/01/25 12:23:48 | 00,009,600 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\Program Files\PC Wizard 2008\pcwiz32.sys -- (cpuz129 [On_Demand | Running])

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home

HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (no name) - {66f7b06a-67d5-4751-b871-b089453f59b5} - Reg Error: Key does not exist or could not be opened. File not found

O2 - BHO: (no name) - {75F324ED-B35A-4240-8751-359723C61D62} - Reg Error: Key does not exist or could not be opened. File not found

O3 - HKCU\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Value does not exist or could not be read. File not found

O4 - HKLM..\Run: [Ai Nap] "C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe" ()

O4 - HKLM..\Run: [Cpu Level Up help] C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe ()

O4 - HKLM..\Run: [CPU Power Monitor] "C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe" ()

O4 - HKLM..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice (ESET)

O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found

O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)

O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] nwiz.exe /install ()

O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)

O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)

O4 - HKLM..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray (Analog Devices, Inc.)

O4 - HKLM..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)

O4 - HKCU..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H (PC Tools)

O4 - HKCU..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" ()

O4 - HKCU..\Run: [steam] "c:\program files\valve\steam\steam.exe" -silent (Valve Corporation)

O4 - Startup: C:\Documents and Settings\Russ & Angela\Start Menu\Programs\Startup\DesktopEarth AutoStart.lnk = C:\Documents and Settings\Russ & Angela\Application Data\Microsoft\Installer\{D87176E9-ECD0-48C6-8E8B-B0054781DFB4}\_2B52280D74B238E888B1F2.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O15 - HKLM\..Trusted Sites: 1 domain(s) and sub-domain(s) not assigned to a zone.

O18 - Protocol\Handler: - ipp - No CLSID value found

O18 - Protocol\Handler: - ipp\0x00000001 - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler: - msdaipp - No CLSID value found

O18 - Protocol\Handler: - msdaipp\0x00000001 - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler: - msdaipp\oledb - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O20 - See sections below for AppInitDlls and Winlogon settings

========== Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]

WBSrv: "DllName" = C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll -- C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll (Stardock Corporation)

========== Safeboot Options ==========

"AlternateShell" = cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]

"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []

[2008/07/14 10:38:28 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== Files/Folders - Created Within 14 Days ==========

[3 C:\WINDOWS\*.tmp files]

[2008/12/23 05:29:26 | 00,419,328 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Russ & Angela\Desktop\OTListIt2.exe

[2008/12/22 19:34:51 | 00,001,638 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DAEMON Tools Pro.lnk

[2008/12/22 19:34:47 | 00,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Pro

[2008/12/21 21:07:41 | 00,001,029 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Bioshock.lnk

[2008/12/21 21:07:35 | 00,000,000 | ---D | C] -- C:\Program Files\2K Games

[2008/12/21 13:31:51 | 00,006,160 | ---- | C] () -- C:\Documents and Settings\Russ & Angela\My Documents\2ISO1_DVD.nri

[2008/12/21 13:21:50 | 00,005,264 | ---- | C] () -- C:\Documents and Settings\Russ & Angela\My Documents\ISO1_DVD.nri

[2008/12/21 08:30:51 | 00,050,971 | ---- | C] () -- C:\Documents and Settings\Russ & Angela\My Documents\New.ncd

[2008/12/19 05:22:35 | 00,000,781 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Registry Mechanic.lnk

[2008/12/19 05:22:34 | 01,081,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCOMCTL.OCX

[2008/12/19 05:22:34 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\STKIT432.DLL

[2008/12/19 05:15:07 | 00,000,000 | ---D | C] -- C:\Program Files\Registry Mechanic

[2008/12/19 05:14:26 | 07,513,456 | ---- | C] (PC Tools ) -- C:\Documents and Settings\Russ & Angela\Desktop\rminstall.exe

[2008/12/17 18:54:12 | 00,028,544 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys

[2008/12/17 18:53:33 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security

[2008/12/17 18:53:25 | 00,175,648 | ---- | C] () -- C:\Documents and Settings\Russ & Angela\Desktop\activescan2_en.exe

[2008/12/17 18:52:31 | 00,001,777 | ---- | C] () -- C:\Documents and Settings\Russ & Angela\Desktop\HijackThis.lnk

[2008/12/17 18:52:31 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2008/12/17 18:52:23 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Russ & Angela\Desktop\HJTInstall.exe

[2008/12/16 19:21:10 | 00,002,403 | ---- | C] () -- C:\Documents and Settings\Russ & Angela\Start Menu\Programs\Startup\DesktopEarth AutoStart.lnk

[2008/12/16 19:21:09 | 00,000,000 | ---D | C] -- C:\Program Files\DesktopEarth

[2008/12/16 19:20:32 | 06,533,632 | ---- | C] () -- C:\Documents and Settings\Russ & Angela\Desktop\DesktopEarthSetup.msi

[2008/12/16 17:13:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Russ & Angela\Application Data\Malwarebytes

[2008/12/16 17:13:09 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2008/12/16 17:13:09 | 00,000,739 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2008/12/16 17:13:06 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2008/12/16 17:13:05 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2008/12/16 17:13:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2008/12/16 17:10:25 | 02,538,872 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Russ & Angela\My Documents\mbam-setup.exe

[2008/12/16 16:53:32 | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\zlhxzt.dll

[2008/12/16 16:53:31 | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\qwunhons.dll

[2008/12/16 16:53:29 | 00,068,096 | ---- | C] () -- C:\WINDOWS\System32\cyoxpdon.dll

[2008/12/16 16:49:30 | 00,646,376 | ---- | C] (Crawler Inc. ) -- C:\Documents and Settings\Russ & Angela\Desktop\SpywareTerminatorSetup.exe

[2008/12/16 15:03:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2008/12/16 15:03:16 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor

[2008/12/15 20:50:57 | 00,000,000 | ---D | C] -- C:\VundoFix Backups

[2008/12/15 17:13:05 | 00,000,000 | ---D | C] -- C:\Program Files\a-squared Free

[2008/12/15 17:09:17 | 00,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2008/12/14 20:59:28 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows OneCare Live

[2008/12/14 09:59:16 | 00,000,000 | -HSD | C] -- C:\WINDOWS\CSC

[2008/12/14 09:42:15 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center

[2008/12/14 09:30:02 | 00,000,211 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2008/12/14 09:03:55 | 00,000,976 | ---- | C] () -- C:\Documents and Settings\Russ & Angela\Desktop\Spybot - Search & Destroy.lnk

[2008/12/14 09:03:49 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy

[2008/12/14 09:03:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

[2008/12/14 08:40:41 | 15,083,520 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Russ & Angela\Desktop\spybotsd160.exe

[2008/12/13 21:40:34 | 00,104,448 | ---- | C] () -- C:\WINDOWS\System32\mjrlif.dll

[2008/12/13 20:53:37 | 00,000,668 | ---- | C] () -- C:\Documents and Settings\Russ & Angela\Application Data\vso_ts_preview.xml

[2008/12/13 13:13:57 | 21,975,664 | ---- | C] () -- C:\Documents and Settings\Russ & Angela\My Documents\WindowBlinds6_public.exe

[2008/12/13 09:56:56 | 00,000,000 | ---D | C] -- C:\WINDOWS\Sun

[2008/12/13 08:06:18 | 01,851,944 | ---- | C] (VSO-Software SARL ) -- C:\Documents and Settings\Russ & Angela\My Documents\vso_inspector_setup.exe

========== Files - Modified Within 14 Days ==========

[2 C:\WINDOWS\System32\*.tmp files]

[3 C:\WINDOWS\*.tmp files]

[2008/12/23 05:29:28 | 00,419,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Russ & Angela\Desktop\OTListIt2.exe

[2008/12/22 19:38:55 | 00,196,994 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

[2008/12/22 19:38:54 | 00,002,403 | ---- | M] () -- C:\Documents and Settings\Russ & Angela\Start Menu\Programs\Startup\DesktopEarth AutoStart.lnk

[2008/12/22 19:38:51 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2008/12/22 19:38:51 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2008/12/22 19:38:50 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2008/12/22 19:34:51 | 00,001,638 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DAEMON Tools Pro.lnk

[2008/12/21 21:07:41 | 00,001,029 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Bioshock.lnk

[2008/12/21 13:31:51 | 00,006,160 | ---- | M] () -- C:\Documents and Settings\Russ & Angela\My Documents\2ISO1_DVD.nri

[2008/12/21 13:21:50 | 00,005,264 | ---- | M] () -- C:\Documents and Settings\Russ & Angela\My Documents\ISO1_DVD.nri

[2008/12/21 08:30:51 | 00,050,971 | ---- | M] () -- C:\Documents and Settings\Russ & Angela\My Documents\New.ncd

[2008/12/19 05:22:35 | 00,000,781 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Registry Mechanic.lnk

[2008/12/19 05:14:39 | 07,513,456 | ---- | M] (PC Tools ) -- C:\Documents and Settings\Russ & Angela\Desktop\rminstall.exe

[2008/12/19 04:21:33 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2008/12/19 04:19:39 | 00,105,472 | ---- | M] () -- C:\Documents and Settings\Russ & Angela\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/12/17 18:53:25 | 00,175,648 | ---- | M] () -- C:\Documents and Settings\Russ & Angela\Desktop\activescan2_en.exe

[2008/12/17 18:52:31 | 00,001,777 | ---- | M] () -- C:\Documents and Settings\Russ & Angela\Desktop\HijackThis.lnk

[2008/12/17 18:52:23 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Russ & Angela\Desktop\HJTInstall.exe

[2008/12/17 18:19:46 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2008/12/17 05:21:32 | 00,087,608 | ---- | M] () -- C:\Documents and Settings\Russ & Angela\Application Data\inst.exe

[2008/12/17 05:21:32 | 00,047,360 | ---- | M] (VSO Software) -- C:\Documents and Settings\Russ & Angela\Application Data\pcouffin.sys

[2008/12/17 05:21:32 | 00,007,887 | ---- | M] () -- C:\Documents and Settings\Russ & Angela\Application Data\pcouffin.cat

[2008/12/17 05:21:32 | 00,001,144 | ---- | M] () -- C:\Documents and Settings\Russ & Angela\Application Data\pcouffin.inf

[2008/12/16 19:20:47 | 06,533,632 | ---- | M] () -- C:\Documents and Settings\Russ & Angela\Desktop\DesktopEarthSetup.msi

[2008/12/16 17:13:09 | 00,000,739 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2008/12/16 17:10:29 | 02,538,872 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Russ & Angela\My Documents\mbam-setup.exe

[2008/12/16 16:53:32 | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\zlhxzt.dll

[2008/12/16 16:53:32 | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\qwunhons.dll

[2008/12/16 16:53:30 | 00,068,096 | ---- | M] () -- C:\WINDOWS\System32\cyoxpdon.dll

[2008/12/16 16:49:30 | 00,646,376 | ---- | M] (Crawler Inc. ) -- C:\Documents and Settings\Russ & Angela\Desktop\SpywareTerminatorSetup.exe

[2008/12/16 15:14:30 | 00,458,340 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2008/12/16 15:14:30 | 00,392,626 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2008/12/16 15:14:30 | 00,058,800 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2008/12/15 17:05:33 | 00,000,211 | ---- | M] () -- C:\WINDOWS\wininit.ini

[2008/12/14 09:52:27 | 00,000,668 | ---- | M] () -- C:\Documents and Settings\Russ & Angela\Application Data\vso_ts_preview.xml

[2008/12/14 09:03:55 | 00,000,976 | ---- | M] () -- C:\Documents and Settings\Russ & Angela\Desktop\Spybot - Search & Destroy.lnk

[2008/12/14 08:40:57 | 15,083,520 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Russ & Angela\Desktop\spybotsd160.exe

[2008/12/13 21:40:34 | 00,104,448 | ---- | M] () -- C:\WINDOWS\System32\mjrlif.dll

[2008/12/13 20:53:16 | 00,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\System32\drivers\pcouffin.sys

[2008/12/13 13:14:45 | 21,975,664 | ---- | M] () -- C:\Documents and Settings\Russ & Angela\My Documents\WindowBlinds6_public.exe

[2008/12/13 08:06:18 | 01,851,944 | ---- | M] (VSO-Software SARL ) -- C:\Documents and Settings\Russ & Angela\My Documents\vso_inspector_setup.exe

[2008/12/10 05:03:22 | 00,000,507 | ---- | M] () -- C:\WINDOWS\win.ini

[2008/12/10 05:03:22 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini

[2008/12/10 05:03:22 | 00,000,211 | -HS- | M] () -- C:\boot.ini

[2008/12/10 03:00:59 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK

========== Alternate Data Streams ==========

@Alternate Data Stream - 151 bytes -> %AllUsersProfile%\Application Data\TEMP:D1B5B4F1

@Alternate Data Stream - 149 bytes -> %AllUsersProfile%\Application Data\TEMP:DFC5A2B2

< End of report >

OTListIt Extras logfile created on: 12/23/2008 5:30:32 AM - Run

OTListIt2 by OldTimer - Version 1.0.1.0 Folder = C:\Documents and Settings\Russ & Angela\Desktop

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.12 Gb Available Physical Memory | 56.19% Memory free

4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free

Paging file location(s): C:\pagefile.sys 4092 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 465.75 Gb Total Space | 288.38 Gb Free Space | 61.92% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

Drive F: | 3.73 Gb Total Space | 3.65 Gb Free Space | 98.06% Space Free | Partition Type: FAT32

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: RUSSELL-F6A64F0

Current User Name: Russ & Angela

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Output = Standard

File Age = 14 Days

Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

[2008/05/02 05:35:04 | 05,170,416 | ---- | M] (Splash Damage, Ltd.) -- C:\Program Files\id Software\Enemy Territory - QUAKE Wars\etqw.exe:*:Enabled:Enemy Territory - QUAKE Wars

[2008/05/02 05:41:44 | 05,018,864 | ---- | M] (Splash Damage, Ltd.) -- C:\Program Files\id Software\Enemy Territory - QUAKE Wars\etqwded.exe:*:Enabled:etqwded.exe

[2007/02/27 13:22:36 | 05,607,424 | ---- | M] () -- C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)

[2007/02/27 13:19:08 | 01,556,480 | ---- | M] () -- C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)

[2006/04/02 14:20:16 | 00,733,184 | ---- | M] () -- C:\Program Files\Synergy\synergys.exe:*:Enabled:synergys

File not found -- C:\Program Files\iolo\System Mechanic Professional\Personal Firewall\ioloFW.exe:*:Enabled:iolo Firewall

Link to post
Share on other sites

  • Staff

OK, I see enough there to warrant further advanced removal tools and methods.

Download ComboFix from one of these locations:

Link 1

Link 2

Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Link to post
Share on other sites

ComboFix 08-12-23.01 - Russ & Angela 2008-12-23 13:38:10.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1280 [GMT -6:00]

Running from: c:\documents and settings\Russ & Angela\Desktop\ComboFix.exe

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Russ & Angela\Application Data\inst.exe

c:\windows\system32\cyoxpdon.dll

c:\windows\system32\mjrlif.dll

c:\windows\system32\qwunhons.dll

c:\windows\system32\zlhxzt.dll

.

((((((((((((((((((((((((( Files Created from 2008-11-23 to 2008-12-23 )))))))))))))))))))))))))))))))

.

2008-12-22 19:34 . 2008-12-22 19:34 <DIR> d-------- c:\program files\DAEMON Tools Pro

2008-12-21 21:07 . 2008-12-21 21:07 <DIR> d-------- c:\program files\2K Games

2008-12-19 05:22 . 2004-03-09 01:00 1,081,616 --a------ c:\windows\system32\MSCOMCTL.OCX

2008-12-17 18:54 . 2008-06-19 17:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys

2008-12-17 18:53 . 2008-12-17 18:53 <DIR> d-------- c:\program files\Panda Security

2008-12-17 18:52 . 2008-12-17 18:52 <DIR> d-------- c:\program files\Trend Micro

2008-12-16 19:21 . 2008-12-16 19:21 <DIR> d-------- c:\program files\DesktopEarth

2008-12-16 17:13 . 2008-12-16 17:13 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware

2008-12-16 17:13 . 2008-12-16 17:13 <DIR> d-------- c:\documents and settings\Russ & Angela\Application Data\Malwarebytes

2008-12-16 17:13 . 2008-12-16 17:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes

2008-12-16 17:13 . 2008-12-03 19:53 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2008-12-16 17:13 . 2008-12-03 19:53 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2008-12-16 15:03 . 2008-12-16 19:06 <DIR> d-------- c:\program files\Spyware Doctor

2008-12-16 15:03 . 2008-12-22 19:38 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP

2008-12-15 20:50 . 2008-12-15 20:50 <DIR> d-------- C:\VundoFix Backups

2008-12-15 17:13 . 2008-12-16 05:55 <DIR> d-------- c:\program files\a-squared Free

2008-12-15 17:09 . 2008-12-17 18:19 664 --a------ c:\windows\system32\d3d9caps.dat

2008-12-15 16:59 . 2008-12-15 16:59 1,646,861 ---hs---- c:\windows\system32\uybfehtk.tmp

2008-12-15 15:38 . 2008-12-15 15:38 <DIR> d---s---- c:\documents and settings\Russ & Angela\UserData

2008-12-14 20:59 . 2008-12-14 20:59 <DIR> d-------- c:\program files\Microsoft Windows OneCare Live

2008-12-14 09:42 . 2008-12-14 20:59 <DIR> d-------- c:\program files\Windows Live Safety Center

2008-12-14 09:30 . 2008-12-15 17:05 211 --a------ c:\windows\wininit.ini

2008-12-14 09:03 . 2008-12-14 09:03 <DIR> d-------- c:\program files\Spybot - Search & Destroy

2008-12-14 09:03 . 2008-12-15 05:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2008-12-13 09:56 . 2008-12-13 09:56 <DIR> d-------- c:\windows\Sun

2008-12-09 05:30 . 2008-12-09 05:48 <DIR> d-------- c:\documents and settings\Russ & Angela\Application Data\LimeWire

2008-12-09 05:30 . 2008-12-09 05:30 410,984 --a------ c:\windows\system32\deploytk.dll

2008-12-03 05:21 . 2008-12-03 05:21 <DIR> d-------- c:\documents and settings\Russ & Angela\.thumbnails

2008-12-01 19:41 . 2008-12-05 04:57 <DIR> d-------- c:\documents and settings\Russ & Angela\.gimp-2.2

2008-12-01 19:39 . 2008-12-01 19:39 <DIR> d-------- c:\program files\GIMPshop

2008-11-25 05:10 . 2008-11-25 05:10 <DIR> d-------- c:\documents and settings\Russ & Angela\Application Data\Yahoo!

2008-11-25 05:10 . 2008-11-25 05:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo! Companion

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-12-23 19:38 --------- d-----w c:\program files\Vuze

2008-12-23 19:38 --------- d-----w c:\documents and settings\Russ & Angela\Application Data\Azureus

2008-12-22 03:07 --------- d--h--w c:\program files\InstallShield Installation Information

2008-12-17 11:21 47,360 ----a-w c:\documents and settings\Russ & Angela\Application Data\pcouffin.sys

2008-12-17 11:21 --------- d-----w c:\program files\VSO

2008-12-17 11:21 --------- d-----w c:\documents and settings\Russ & Angela\Application Data\Vso

2008-12-14 02:53 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys

2008-12-13 20:45 --------- d-----w c:\program files\Stardock

2008-11-18 02:45 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!

2008-11-18 02:44 --------- d-----w c:\program files\Yahoo!

2008-11-16 12:39 --------- d-----w c:\program files\ESET

2008-11-16 12:39 --------- d-----w c:\documents and settings\All Users\Application Data\ESET

2008-11-16 12:29 --------- d-----w c:\program files\RocketDock

2008-11-14 11:59 --------- d-----w c:\program files\eMule

2008-11-14 11:51 --------- d-----w c:\documents and settings\All Users\Application Data\iolo

2008-11-12 19:45 453,152 ----a-w c:\windows\system32\NVUNINST.EXE

2008-11-01 23:34 --------- d-----w c:\program files\AGEIA Technologies

2008-10-30 05:47 107,888 ----a-w c:\windows\system32\CmdLineExt.dll

2008-10-30 05:47 --------- d--h--r c:\documents and settings\Russ & Angela\Application Data\SecuROM

2008-10-30 05:39 22,328 ----a-w c:\documents and settings\Russ & Angela\Application Data\PnkBstrK.sys

2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys

2008-10-23 13:01 283,648 ----a-w c:\windows\system32\gdi32.dll

2008-10-16 20:13 202,776 ----a-w c:\windows\system32\wuweb.dll

2008-10-16 20:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll

2008-10-16 20:12 561,688 ----a-w c:\windows\system32\wuapi.dll

2008-10-16 20:12 323,608 ----a-w c:\windows\system32\wucltui.dll

2008-10-16 20:09 92,696 ----a-w c:\windows\system32\cdm.dll

2008-10-16 20:09 51,224 ----a-w c:\windows\system32\wuauclt.exe

2008-10-16 20:09 43,544 ----a-w c:\windows\system32\wups2.dll

2008-10-16 20:08 34,328 ----a-w c:\windows\system32\wups.dll

2008-10-16 10:37 659,456 ----a-w c:\windows\system32\wininet.dll

2008-10-09 23:16 3,532 ----a-w C:\drmHeader.bin

2008-10-07 10:25 74,703 ----a-w c:\windows\system32\mfc45.dll

2008-10-03 10:15 247,326 ----a-w c:\windows\system32\strmdll.dll

2006-06-23 06:48 32,768 ----a-r c:\windows\inf\UpdateUSB.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="c:\program files\valve\steam\steam.exe" [2008-10-12 1410296]

"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]

"RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2008-07-08 2828184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]

"Ai Nap"="c:\program files\ASUS\Ai Suite\AiNap\AiNap.exe" [2007-09-06 1426432]

"CPU Power Monitor"="c:\program files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe" [2007-09-06 626688]

"Cpu Level Up help"="c:\program files\ASUS\Ai Suite\CpuLevelUpHelp.exe" [2007-09-11 880640]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-12 13672448]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]

"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-07-07 167936]

"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 1443072]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-11-12 86016]

"nwiz"="nwiz.exe" [2008-11-12 c:\windows\system32\nwiz.exe]

c:\documents and settings\Russ & Angela\Start Menu\Programs\Startup\

DesktopEarth AutoStart.lnk - c:\documents and settings\Russ & Angela\Application Data\Microsoft\Installer\{D87176E9-ECD0-48C6-8E8B-B0054781DFB4}\_2B52280D74B238E888B1F2.exe [2008-12-16 29926]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]

2007-09-23 09:10 229376 c:\program files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.l3acm"= l3codecp.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

--a------ 2006-12-23 17:05 143360 c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]

--a------ 2008-11-05 21:59 4347120 c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\id Software\\Enemy Territory - QUAKE Wars\\etqw.exe"=

"c:\\Program Files\\id Software\\Enemy Territory - QUAKE Wars\\etqwded.exe"=

"c:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"=

"c:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"=

"c:\\Program Files\\Synergy\\synergys.exe"=

"c:\\Program Files\\Vuze\\Azureus.exe"=

"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=

"c:\\Program Files\\eMule\\emule.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-12-17 28544]

R1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2008-02-20 33800]

R2 ekrn;Eset Service;"c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe" [2008-02-20 472320]

S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe /s c:\windows\nod32fixtemdono.reg [2004-08-04 3584]

*Newly Created Service* - PROCEXP90

.

- - - - ORPHANS REMOVED - - - -

BHO-{66f7b06a-67d5-4751-b871-b089453f59b5} - (no file)

BHO-{75F324ED-B35A-4240-8751-359723C61D62} - (no file)

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

FF - ProfilePath - c:\documents and settings\Russ & Angela\Application Data\Mozilla\Firefox\Profiles\s12rrqvs.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

FF - plugin: c:\program files\Yahoo!\Shared\npYState.dll

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-12-23 13:38:53

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(972)

c:\program files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll

.

Completion time: 2008-12-23 13:39:41

ComboFix-quarantined-files.txt 2008-12-23 19:39:24

Pre-Run: 313,680,052,224 bytes free

Post-Run: 313,879,318,528 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

173 --- E O F --- 2008-12-10 09:01:03

Link to post
Share on other sites

  • Staff

Thanks for getting that done and sorry for the lengthy time in between replies.

Please open Notepad then copy & paste all the following text located inside the code box.

File::c:\windows\system32\uybfehtk.tmp
Folder::c:\documents and settings\All Users\Application Data\iolo

Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe

Drag the .txt file into combofix.exe as displayed in this .gif image:

CFScriptB-4.gif

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Link to post
Share on other sites

ComboFix 08-12-23.01 - Russ & Angela 2008-12-24 6:50:30.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1395 [GMT -6:00]

Running from: c:\documents and settings\Russ & Angela\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Russ & Angela\Desktop\CFScript.txt

* Created a new restore point

* Resident AV is active

FILE ::

c:\windows\system32\uybfehtk.tmp

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\All Users\Application Data\iolo

c:\documents and settings\All Users\Application Data\iolo\AntiVirus\iAVAbsEmailStatsData.xml

c:\documents and settings\All Users\Application Data\iolo\AntiVirus\iAVAbsStatsData.xml

c:\documents and settings\All Users\Application Data\iolo\AntiVirus\iAVDefinitionsInfo.xml

c:\documents and settings\All Users\Application Data\iolo\AntiVirus\iAVEmailSettings.xml

c:\documents and settings\All Users\Application Data\iolo\AntiVirus\iAVEmailTripStatsData.xml

c:\documents and settings\All Users\Application Data\iolo\AntiVirus\iAVLastFullScanStatsData.xml

c:\documents and settings\All Users\Application Data\iolo\AntiVirus\iAVOnDemandSettings.xml

c:\documents and settings\All Users\Application Data\iolo\AntiVirus\iAVSettingsData.xml

c:\documents and settings\All Users\Application Data\iolo\AntiVirus\iAVStatsData.xml

c:\documents and settings\All Users\Application Data\iolo\AntiVirus\iAVTripStatsData.xml

c:\documents and settings\All Users\Application Data\iolo\FileInfoList\IOLOFIL.FDB

c:\documents and settings\All Users\Application Data\iolo\FileInfoList\UnknownFiles.xml

c:\documents and settings\All Users\Application Data\iolo\IOLODB.FDB

c:\documents and settings\All Users\Application Data\iolo\Personal Firewall\iFW_acl.cfg

c:\documents and settings\All Users\Application Data\iolo\Personal Firewall\ioloFirewallConfig.xml

c:\documents and settings\All Users\Application Data\iolo\Personal Firewall\ioloFirewallEngineConfig.xml

c:\documents and settings\All Users\Application Data\iolo\Personal Firewall\ioloFirewallSettings.xml

c:\windows\system32\uybfehtk.tmp

.

((((((((((((((((((((((((( Files Created from 2008-11-24 to 2008-12-24 )))))))))))))))))))))))))))))))

.

2008-12-22 19:34 . 2008-12-22 19:34 <DIR> d-------- c:\program files\DAEMON Tools Pro

2008-12-21 21:07 . 2008-12-21 21:07 <DIR> d-------- c:\program files\2K Games

2008-12-19 05:22 . 2004-03-09 01:00 1,081,616 --a------ c:\windows\system32\MSCOMCTL.OCX

2008-12-17 18:54 . 2008-06-19 17:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys

2008-12-17 18:53 . 2008-12-17 18:53 <DIR> d-------- c:\program files\Panda Security

2008-12-17 18:52 . 2008-12-17 18:52 <DIR> d-------- c:\program files\Trend Micro

2008-12-16 19:21 . 2008-12-16 19:21 <DIR> d-------- c:\program files\DesktopEarth

2008-12-16 17:13 . 2008-12-16 17:13 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware

2008-12-16 17:13 . 2008-12-16 17:13 <DIR> d-------- c:\documents and settings\Russ & Angela\Application Data\Malwarebytes

2008-12-16 17:13 . 2008-12-16 17:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes

2008-12-16 17:13 . 2008-12-03 19:53 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2008-12-16 17:13 . 2008-12-03 19:53 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2008-12-16 15:03 . 2008-12-16 19:06 <DIR> d-------- c:\program files\Spyware Doctor

2008-12-16 15:03 . 2008-12-24 03:08 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP

2008-12-15 20:50 . 2008-12-15 20:50 <DIR> d-------- C:\VundoFix Backups

2008-12-15 17:13 . 2008-12-16 05:55 <DIR> d-------- c:\program files\a-squared Free

2008-12-15 17:09 . 2008-12-17 18:19 664 --a------ c:\windows\system32\d3d9caps.dat

2008-12-15 15:38 . 2008-12-15 15:38 <DIR> d---s---- c:\documents and settings\Russ & Angela\UserData

2008-12-14 20:59 . 2008-12-14 20:59 <DIR> d-------- c:\program files\Microsoft Windows OneCare Live

2008-12-14 09:42 . 2008-12-14 20:59 <DIR> d-------- c:\program files\Windows Live Safety Center

2008-12-14 09:30 . 2008-12-15 17:05 211 --a------ c:\windows\wininit.ini

2008-12-14 09:03 . 2008-12-14 09:03 <DIR> d-------- c:\program files\Spybot - Search & Destroy

2008-12-14 09:03 . 2008-12-15 05:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2008-12-13 09:56 . 2008-12-13 09:56 <DIR> d-------- c:\windows\Sun

2008-12-09 05:30 . 2008-12-09 05:48 <DIR> d-------- c:\documents and settings\Russ & Angela\Application Data\LimeWire

2008-12-09 05:30 . 2008-12-09 05:30 410,984 --a------ c:\windows\system32\deploytk.dll

2008-12-03 05:21 . 2008-12-03 05:21 <DIR> d-------- c:\documents and settings\Russ & Angela\.thumbnails

2008-12-01 19:41 . 2008-12-05 04:57 <DIR> d-------- c:\documents and settings\Russ & Angela\.gimp-2.2

2008-12-01 19:39 . 2008-12-01 19:39 <DIR> d-------- c:\program files\GIMPshop

2008-11-25 05:10 . 2008-11-25 05:10 <DIR> d-------- c:\documents and settings\Russ & Angela\Application Data\Yahoo!

2008-11-25 05:10 . 2008-11-25 05:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo! Companion

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-12-24 12:49 --------- d-----w c:\program files\Vuze

2008-12-24 12:48 --------- d-----w c:\documents and settings\Russ & Angela\Application Data\Azureus

2008-12-22 03:07 --------- d--h--w c:\program files\InstallShield Installation Information

2008-12-17 11:21 47,360 ----a-w c:\documents and settings\Russ & Angela\Application Data\pcouffin.sys

2008-12-17 11:21 --------- d-----w c:\program files\VSO

2008-12-17 11:21 --------- d-----w c:\documents and settings\Russ & Angela\Application Data\Vso

2008-12-14 02:53 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys

2008-12-13 20:45 --------- d-----w c:\program files\Stardock

2008-11-18 02:45 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!

2008-11-18 02:44 --------- d-----w c:\program files\Yahoo!

2008-11-16 12:39 --------- d-----w c:\program files\ESET

2008-11-16 12:39 --------- d-----w c:\documents and settings\All Users\Application Data\ESET

2008-11-16 12:29 --------- d-----w c:\program files\RocketDock

2008-11-14 11:59 --------- d-----w c:\program files\eMule

2008-11-12 19:45 453,152 ----a-w c:\windows\system32\NVUNINST.EXE

2008-11-01 23:34 --------- d-----w c:\program files\AGEIA Technologies

2008-10-30 05:47 107,888 ----a-w c:\windows\system32\CmdLineExt.dll

2008-10-30 05:47 --------- d--h--r c:\documents and settings\Russ & Angela\Application Data\SecuROM

2008-10-30 05:39 22,328 ----a-w c:\documents and settings\Russ & Angela\Application Data\PnkBstrK.sys

2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys

2008-10-23 13:01 283,648 ----a-w c:\windows\system32\gdi32.dll

2008-10-16 20:13 202,776 ----a-w c:\windows\system32\wuweb.dll

2008-10-16 20:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll

2008-10-16 20:12 561,688 ----a-w c:\windows\system32\wuapi.dll

2008-10-16 20:12 323,608 ----a-w c:\windows\system32\wucltui.dll

2008-10-16 20:09 92,696 ----a-w c:\windows\system32\cdm.dll

2008-10-16 20:09 51,224 ----a-w c:\windows\system32\wuauclt.exe

2008-10-16 20:09 43,544 ----a-w c:\windows\system32\wups2.dll

2008-10-16 20:08 34,328 ----a-w c:\windows\system32\wups.dll

2008-10-16 10:37 659,456 ----a-w c:\windows\system32\wininet.dll

2008-10-09 23:16 3,532 ----a-w C:\drmHeader.bin

2008-10-07 10:25 74,703 ----a-w c:\windows\system32\mfc45.dll

2008-10-03 10:15 247,326 ----a-w c:\windows\system32\strmdll.dll

2006-06-23 06:48 32,768 ----a-r c:\windows\inf\UpdateUSB.exe

.

((((((((((((((((((((((((((((( snapshot@2008-12-23_13.39.09.31 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-10-16 10:37:05 3,059,712 -c--a-w c:\windows\system32\dllcache\mshtml.dll

+ 2008-12-12 17:33:23 3,060,224 -c--a-w c:\windows\system32\dllcache\mshtml.dll

- 2008-10-16 10:37:05 3,059,712 ----a-w c:\windows\system32\mshtml.dll

+ 2008-12-12 17:33:23 3,060,224 ----a-w c:\windows\system32\mshtml.dll

- 2007-07-27 15:41:40 16,760 ------w c:\windows\system32\spmsg.dll

+ 2007-11-30 12:39:22 17,272 ------w c:\windows\system32\spmsg.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="c:\program files\valve\steam\steam.exe" [2008-10-12 1410296]

"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]

"RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2008-07-08 2828184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]

"Ai Nap"="c:\program files\ASUS\Ai Suite\AiNap\AiNap.exe" [2007-09-06 1426432]

"CPU Power Monitor"="c:\program files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe" [2007-09-06 626688]

"Cpu Level Up help"="c:\program files\ASUS\Ai Suite\CpuLevelUpHelp.exe" [2007-09-11 880640]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-12 13672448]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]

"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-07-07 167936]

"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 1443072]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-11-12 86016]

"nwiz"="nwiz.exe" [2008-11-12 c:\windows\system32\nwiz.exe]

c:\documents and settings\Russ & Angela\Start Menu\Programs\Startup\

DesktopEarth AutoStart.lnk - c:\documents and settings\Russ & Angela\Application Data\Microsoft\Installer\{D87176E9-ECD0-48C6-8E8B-B0054781DFB4}\_2B52280D74B238E888B1F2.exe [2008-12-16 29926]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]

2007-09-23 09:10 229376 c:\program files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.l3acm"= l3codecp.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

--a------ 2006-12-23 17:05 143360 c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]

--a------ 2008-11-05 21:59 4347120 c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\id Software\\Enemy Territory - QUAKE Wars\\etqw.exe"=

"c:\\Program Files\\id Software\\Enemy Territory - QUAKE Wars\\etqwded.exe"=

"c:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"=

"c:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"=

"c:\\Program Files\\Synergy\\synergys.exe"=

"c:\\Program Files\\Vuze\\Azureus.exe"=

"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=

"c:\\Program Files\\eMule\\emule.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-12-17 28544]

R1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2008-02-20 33800]

R2 ekrn;Eset Service;"c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe" [2008-02-20 472320]

S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe /s c:\windows\nod32fixtemdono.reg [2004-08-04 3584]

S3 cpuz129;cpuz129;\??\c:\program files\PC Wizard 2008\pcwiz32.sys [2008-09-01 9600]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

FF - ProfilePath - c:\documents and settings\Russ & Angela\Application Data\Mozilla\Firefox\Profiles\s12rrqvs.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

FF - plugin: c:\program files\Yahoo!\Shared\npYState.dll

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-12-24 06:51:48

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(972)

c:\program files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll

.

Completion time: 2008-12-24 6:52:29

ComboFix-quarantined-files.txt 2008-12-24 12:52:20

ComboFix2.txt 2008-12-23 19:39:42

Pre-Run: 313,164,853,248 bytes free

Post-Run: 313,157,926,912 bytes free

189 --- E O F --- 2008-12-24 09:00:47

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:01:22 AM, on 1/1/2002

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\savedump.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\userinit.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe

C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe

C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe

C:\Program Files\PowerISO\PWRISOVM.EXE

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\program files\valve\steam\steam.exe

C:\Program Files\RocketDock\RocketDock.exe

C:\Program Files\Registry Mechanic\RegMech.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\DesktopEarth\DesktopEarth.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe"

O4 - HKLM\..\Run: [CPU Power Monitor] "C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe"

O4 - HKLM\..\Run: [Cpu Level Up help] C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [steam] "c:\program files\valve\steam\steam.exe" -silent

O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"

O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H

O4 - Startup: DesktopEarth AutoStart.lnk = ?

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--

End of file - 4176 bytes

Link to post
Share on other sites

  • Staff

Last logs look good, couple of minor things we can fix with HJT, no threats tho. How's the machine running at this point?

Open HJT, run a scan and have all widows and browsers closed, place a tick next to the following lines, if present then hit 'the '[Fix checked] button:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

Reboot, run another scan with HJT and if the lines above are no longer displayed in the resultant scan, then no need to post another HJT log

Link to post
Share on other sites

  • 2 weeks later...
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.