Jump to content

Suspected Infection


Recommended Posts

I keep getting IP block notifications. I'm not sure why this came about. I'm not aware of any infection that led to this, it just started yesterday. Unfortunately, other users have used this system and of course no one is confessing to anything. Normally I would just wipe and reinstall, but I don't have the recovery disc and don't want to go through the chore of downloading all the drivers first.

MBAM (registered, have purchased multiple copies for all my systems) scan comes back with zero results. Using Microsoft Security Essentials for anti-virus also full scanning with zero results. Ran Trend Micro Housecall with zero results. I've followed forum instructions and my file is attached.

Thanks,

digiBob

attach.zip

Link to post
Share on other sites

:welcome:

Logs will be closed if you haven't replied within 3 days

Please don't attach the scans / logs from these scans, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

Note: Close all browsers before running ATF Cleaner: IE, FireFox, etc.

Please download ATF Cleaner by Atribune.

Download - ATF Cleaner»

Double-click ATF-Cleaner.exe to run the program.

Under Main choose: Select All

Click the Empty Selected button.

  • If you use Firefox browser
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

  • Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

It's normal after running ATF cleaner that the PC will be slower to boot the first time or two.

Next:

Note: Close all browsers before running ATF Cleaner: IE, FireFox, etc.

Please download GooredFix from one of the locations below and save it to your Desktop

Download Mirror #1

Download Mirror #2

  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • It doesn't take long to run, once it is finished move onto the next step

Next:

Note: if the Cure option is not there, please select 'Skip'.

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    TDSSKillermain.png
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
    TDSSKillerSuspicious.png
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

please post the contents of that log TDSSKiller log.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

a2011/07/18 23:52:19.0921 4980 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56

2011/07/18 23:52:20.0578 4980 ================================================================================

2011/07/18 23:52:20.0578 4980 SystemInfo:

2011/07/18 23:52:20.0578 4980

2011/07/18 23:52:20.0578 4980 OS Version: 5.1.2600 ServicePack: 3.0

2011/07/18 23:52:20.0578 4980 Product type: Workstation

2011/07/18 23:52:20.0578 4980 ComputerName: GEORGE

2011/07/18 23:52:20.0578 4980 UserName: Annie

2011/07/18 23:52:20.0578 4980 Windows directory: C:\WINDOWS

2011/07/18 23:52:20.0578 4980 System windows directory: C:\WINDOWS

2011/07/18 23:52:20.0578 4980 Processor architecture: Intel x86

2011/07/18 23:52:20.0578 4980 Number of processors: 2

2011/07/18 23:52:20.0578 4980 Page size: 0x1000

2011/07/18 23:52:20.0578 4980 Boot type: Normal boot

2011/07/18 23:52:20.0578 4980 ================================================================================

2011/07/18 23:52:23.0265 4980 Initialize success

2011/07/18 23:52:33.0062 5792 ================================================================================

2011/07/18 23:52:33.0062 5792 Scan started

2011/07/18 23:52:33.0062 5792 Mode: Manual;

2011/07/18 23:52:33.0062 5792 ================================================================================

2011/07/18 23:52:33.0734 5792 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

2011/07/18 23:52:33.0953 5792 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys

2011/07/18 23:52:34.0265 5792 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/07/18 23:52:34.0625 5792 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2011/07/18 23:52:34.0890 5792 ADIHdAudAddService (45e7a5e6963fa9d69cb85f50a271e3df) C:\WINDOWS\system32\drivers\ADIHdAud.sys

2011/07/18 23:52:35.0109 5792 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

2011/07/18 23:52:35.0500 5792 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2011/07/18 23:52:35.0781 5792 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys

2011/07/18 23:52:36.0156 5792 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

2011/07/18 23:52:36.0390 5792 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

2011/07/18 23:52:36.0609 5792 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

2011/07/18 23:52:36.0921 5792 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

2011/07/18 23:52:37.0156 5792 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

2011/07/18 23:52:37.0375 5792 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

2011/07/18 23:52:37.0625 5792 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

2011/07/18 23:52:37.0937 5792 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

2011/07/18 23:52:38.0156 5792 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

2011/07/18 23:52:38.0375 5792 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

2011/07/18 23:52:38.0593 5792 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

2011/07/18 23:52:38.0906 5792 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

2011/07/18 23:52:39.0140 5792 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/07/18 23:52:39.0375 5792 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/07/18 23:52:39.0828 5792 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/07/18 23:52:40.0140 5792 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/07/18 23:52:40.0421 5792 b57w2k (3a3a82ffd268bcfb7ae6a48cecf00ad9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys

2011/07/18 23:52:40.0656 5792 BCMTPM (647cea50bcaac1034f3d2d655b9825fa) C:\WINDOWS\system32\DRIVERS\btpmw32.sys

2011/07/18 23:52:40.0921 5792 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/07/18 23:52:41.0203 5792 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

2011/07/18 23:52:41.0406 5792 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/07/18 23:52:41.0609 5792 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

2011/07/18 23:52:41.0812 5792 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/07/18 23:52:42.0046 5792 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/07/18 23:52:42.0328 5792 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/07/18 23:52:42.0796 5792 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

2011/07/18 23:52:43.0078 5792 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

2011/07/18 23:52:43.0343 5792 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

2011/07/18 23:52:43.0625 5792 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

2011/07/18 23:52:43.0859 5792 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/07/18 23:52:44.0125 5792 DLABOIOM (35cbc02546335ea41a5d516da6626c8a) C:\WINDOWS\system32\DLA\DLABOIOM.SYS

2011/07/18 23:52:44.0359 5792 DLACDBHM (ec6ae8bc9f773382d2eed49e4dfdae2a) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS

2011/07/18 23:52:44.0546 5792 DLADResN (19e3db16de2bb3db81b172a78d140b03) C:\WINDOWS\system32\DLA\DLADResN.SYS

2011/07/18 23:52:44.0781 5792 DLAIFS_M (e4859ca5bd8412a9a60d62067a653522) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS

2011/07/18 23:52:45.0109 5792 DLAOPIOM (20c24a3d1cf0825487c93f806625805e) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS

2011/07/18 23:52:45.0312 5792 DLAPoolM (8a530da5dc81954bcf1966813f699b49) C:\WINDOWS\system32\DLA\DLAPoolM.SYS

2011/07/18 23:52:45.0546 5792 DLARTL_N (0605b66052f82b6f07204dbdb61c13ff) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS

2011/07/18 23:52:45.0859 5792 DLAUDFAM (7eda68af6a91bf64af6f301e39928ebf) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS

2011/07/18 23:52:46.0125 5792 DLAUDF_M (a18423bbc6d92b01fdf3c51e7510ee70) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS

2011/07/18 23:52:46.0671 5792 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2011/07/18 23:52:47.0218 5792 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2011/07/18 23:52:47.0484 5792 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/07/18 23:52:47.0812 5792 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2011/07/18 23:52:48.0078 5792 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

2011/07/18 23:52:48.0328 5792 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/07/18 23:52:48.0578 5792 DRVMCDB (48c7008d23dcfce0d0232f49307efced) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS

2011/07/18 23:52:48.0828 5792 DRVNDDM (05467e44a42c777dd1534bb4539b16d1) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS

2011/07/18 23:52:49.0375 5792 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys

2011/07/18 23:52:49.0671 5792 EGATHDRV (2d0fc676d159525f6cd74c3302c7a61c) C:\WINDOWS\SYSTEM32\EGATHDRV.SYS

2011/07/18 23:52:50.0031 5792 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/07/18 23:52:50.0312 5792 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

2011/07/18 23:52:50.0546 5792 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2011/07/18 23:52:50.0750 5792 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2011/07/18 23:52:51.0031 5792 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2011/07/18 23:52:51.0343 5792 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/07/18 23:52:51.0609 5792 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/07/18 23:52:51.0859 5792 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

2011/07/18 23:52:52.0125 5792 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/07/18 23:52:52.0406 5792 HdAudAddService (2a013e7530beab6e569faa83f517e836) C:\WINDOWS\system32\drivers\HdAudio.sys

2011/07/18 23:52:52.0718 5792 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2011/07/18 23:52:53.0140 5792 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/07/18 23:52:53.0453 5792 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

2011/07/18 23:52:53.0765 5792 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/07/18 23:52:54.0078 5792 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

2011/07/18 23:52:54.0343 5792 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

2011/07/18 23:52:54.0625 5792 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/07/18 23:52:56.0687 5792 ialm (2aae7be67911f4aec9ad28e9cfb9096f) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys

2011/07/18 23:52:58.0765 5792 iaStor (309c4d86d989fb1fcf64bd30dc81c51b) C:\WINDOWS\system32\DRIVERS\iaStor.sys

2011/07/18 23:52:59.0281 5792 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/07/18 23:52:59.0625 5792 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

2011/07/18 23:52:59.0906 5792 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

2011/07/18 23:53:00.0125 5792 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2011/07/18 23:53:00.0343 5792 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2011/07/18 23:53:00.0609 5792 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/07/18 23:53:00.0859 5792 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/07/18 23:53:01.0125 5792 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/07/18 23:53:01.0406 5792 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/07/18 23:53:01.0640 5792 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/07/18 23:53:01.0906 5792 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/07/18 23:53:02.0156 5792 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/07/18 23:53:02.0375 5792 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2011/07/18 23:53:02.0671 5792 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2011/07/18 23:53:02.0937 5792 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/07/18 23:53:03.0312 5792 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys

2011/07/18 23:53:03.0625 5792 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys

2011/07/18 23:53:04.0031 5792 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys

2011/07/18 23:53:04.0265 5792 MBAMProtector (eca00eed9ab95489007b0ef84c7149de) C:\WINDOWS\system32\drivers\mbam.sys

2011/07/18 23:53:04.0781 5792 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/07/18 23:53:05.0140 5792 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2011/07/18 23:53:05.0546 5792 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/07/18 23:53:05.0781 5792 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2011/07/18 23:53:06.0093 5792 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/07/18 23:53:06.0390 5792 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\WINDOWS\system32\DRIVERS\MpFilter.sys

2011/07/18 23:53:06.0703 5792 MpKsl725a7e95 (5f53edfead46fa7adb78eee9ecce8fdf) C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F0D7A234-7770-4114-80F5-FD2FC83D3566}\MpKsl725a7e95.sys

2011/07/18 23:53:06.0781 5792 MpKsl747a992d (5f53edfead46fa7adb78eee9ecce8fdf) C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F0D7A234-7770-4114-80F5-FD2FC83D3566}\MpKsl747a992d.sys

2011/07/18 23:53:07.0265 5792 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

2011/07/18 23:53:07.0546 5792 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/07/18 23:53:07.0968 5792 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/07/18 23:53:08.0390 5792 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2011/07/18 23:53:08.0625 5792 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/07/18 23:53:08.0843 5792 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/07/18 23:53:09.0031 5792 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/07/18 23:53:09.0234 5792 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/07/18 23:53:09.0515 5792 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

2011/07/18 23:53:09.0859 5792 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2011/07/18 23:53:10.0140 5792 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/07/18 23:53:10.0343 5792 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/07/18 23:53:10.0625 5792 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/07/18 23:53:10.0875 5792 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/07/18 23:53:11.0125 5792 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/07/18 23:53:11.0406 5792 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/07/18 23:53:11.0703 5792 NPF (b9730495e0cf674680121e34bd95a73b) C:\WINDOWS\system32\drivers\npf.sys

2011/07/18 23:53:11.0937 5792 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2011/07/18 23:53:12.0343 5792 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/07/18 23:53:12.0750 5792 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/07/18 23:53:13.0500 5792 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2011/07/18 23:53:14.0250 5792 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/07/18 23:53:14.0500 5792 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/07/18 23:53:14.0765 5792 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

2011/07/18 23:53:15.0046 5792 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/07/18 23:53:15.0281 5792 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/07/18 23:53:15.0500 5792 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/07/18 23:53:15.0921 5792 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/07/18 23:53:16.0203 5792 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

2011/07/18 23:53:17.0281 5792 pelmouse (e541a80cdffd6077c761b4578efc0450) C:\WINDOWS\system32\DRIVERS\pelmouse.sys

2011/07/18 23:53:17.0484 5792 pelusblf (6432858a4493e906a7d61b9b17a0672a) C:\WINDOWS\system32\DRIVERS\pelusblf.sys

2011/07/18 23:53:17.0718 5792 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

2011/07/18 23:53:17.0953 5792 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

2011/07/18 23:53:18.0203 5792 pmem (dedef40e1d05842639491365cb2c069e) C:\WINDOWS\System32\drivers\pmemnt.sys

2011/07/18 23:53:18.0515 5792 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/07/18 23:53:18.0671 5792 PrivateDisk (ebe579425ccb8377bfc7c0b50c05eb56) C:\Program Files\Lenovo\SafeGuard PrivateDisk\PrivateDiskM.sys

2011/07/18 23:53:19.0015 5792 PROCDD (6f9e6e874fd74ee6dd0bbecde9d3f795) C:\WINDOWS\system32\DRIVERS\PROCDD.SYS

2011/07/18 23:53:19.0265 5792 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

2011/07/18 23:53:19.0546 5792 psadd (fb4c54f3a168b178dabf15eebaed8276) C:\WINDOWS\system32\Drivers\psadd.sys

2011/07/18 23:53:19.0843 5792 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/07/18 23:53:20.0125 5792 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/07/18 23:53:20.0343 5792 PxHelp20 (f7bb4e7a7c02ab4a2672937e124e306e) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2011/07/18 23:53:20.0593 5792 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

2011/07/18 23:53:20.0875 5792 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

2011/07/18 23:53:21.0109 5792 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

2011/07/18 23:53:21.0343 5792 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

2011/07/18 23:53:21.0656 5792 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

2011/07/18 23:53:21.0890 5792 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/07/18 23:53:22.0125 5792 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/07/18 23:53:22.0343 5792 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/07/18 23:53:22.0625 5792 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/07/18 23:53:22.0890 5792 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/07/18 23:53:23.0156 5792 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/07/18 23:53:23.0421 5792 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2011/07/18 23:53:23.0750 5792 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/07/18 23:53:24.0078 5792 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/07/18 23:53:24.0359 5792 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/07/18 23:53:24.0593 5792 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2011/07/18 23:53:24.0812 5792 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

2011/07/18 23:53:25.0093 5792 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2011/07/18 23:53:25.0515 5792 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

2011/07/18 23:53:25.0609 5792 smi2 (3ba9d0c8a0fbd9fb4029b6cd87c8ce0b) C:\Program Files\SMI2\smi2.sys

2011/07/18 23:53:25.0906 5792 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

2011/07/18 23:53:26.0156 5792 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2011/07/18 23:53:26.0421 5792 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/07/18 23:53:26.0765 5792 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/07/18 23:53:27.0109 5792 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/07/18 23:53:27.0359 5792 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2011/07/18 23:53:27.0625 5792 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

2011/07/18 23:53:27.0875 5792 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

2011/07/18 23:53:28.0125 5792 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

2011/07/18 23:53:28.0343 5792 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

2011/07/18 23:53:28.0593 5792 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/07/18 23:53:28.0937 5792 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/07/18 23:53:29.0312 5792 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/07/18 23:53:29.0531 5792 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/07/18 23:53:29.0765 5792 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/07/18 23:53:30.0062 5792 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

2011/07/18 23:53:30.0312 5792 tvtfilter (dd957007df98aecffaaa2656d4b981e4) C:\WINDOWS\system32\drivers\tvtfilter.sys

2011/07/18 23:53:30.0578 5792 TVTPktFilter (0727cce3ff1a4446f4a1d507361567ab) C:\WINDOWS\system32\DRIVERS\tvtpktfilter.sys

2011/07/18 23:53:30.0843 5792 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2011/07/18 23:53:31.0125 5792 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

2011/07/18 23:53:31.0500 5792 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2011/07/18 23:53:31.0843 5792 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys

2011/07/18 23:53:32.0125 5792 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

2011/07/18 23:53:32.0453 5792 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/07/18 23:53:32.0687 5792 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/07/18 23:53:32.0921 5792 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/07/18 23:53:33.0218 5792 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2011/07/18 23:53:33.0468 5792 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/07/18 23:53:33.0703 5792 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2011/07/18 23:53:33.0968 5792 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys

2011/07/18 23:53:34.0234 5792 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2011/07/18 23:53:34.0500 5792 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

2011/07/18 23:53:34.0750 5792 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

2011/07/18 23:53:35.0015 5792 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/07/18 23:53:35.0250 5792 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/07/18 23:53:35.0703 5792 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/07/18 23:53:36.0015 5792 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2011/07/18 23:53:36.0343 5792 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2011/07/18 23:53:36.0406 5792 MBR (0x1B8) (279e198636985a9be76967bd534e6ef6) \Device\Harddisk0\DR0

2011/07/18 23:53:36.0421 5792 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR3

2011/07/18 23:53:36.0453 5792 Boot (0x1200) (548e8de70cc5055f285dd084a216b2a9) \Device\Harddisk0\DR0\Partition0

2011/07/18 23:53:36.0453 5792 Boot (0x1200) (16a8a846156ce1f378aebdd329f96682) \Device\Harddisk1\DR3\Partition0

2011/07/18 23:53:36.0468 5792 ================================================================================

2011/07/18 23:53:36.0468 5792 Scan finished

2011/07/18 23:53:36.0468 5792 ================================================================================

2011/07/18 23:53:36.0468 5768 Detected object count: 0

2011/07/18 23:53:36.0468 5768 Actual detected object count: 0

Link to post
Share on other sites

Computer behavior: I'm not seeing the amount of IP blocking activity that I was seeing. Since posting the TDSSKiller log I've only seen one IP block message. Here is the MBAM protection log as of now:

00:16:07 Annie MESSAGE Protection started successfully

00:16:12 Annie MESSAGE IP Protection started successfully

00:17:43 Annie IP-BLOCK 218.7.219.10 (Type: outgoing)

Link to post
Share on other sites

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  • Double click on ComboFix.exe & follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
    Note: If you have XP SP3, use the XP SP2 package.
    If Vista or Windows 7, skip the Recovery Console part
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

ComboFix 11-07-19.01 - Annie 07/19/2011 10:16:44.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.282 [GMT -4:00]

Running from: c:\documents and settings\Annie\Desktop\Repair\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\SeekappSrch

c:\program files\filesubmit

c:\program files\filesubmit\georgeclooney\georgeclooney.exe

c:\program files\SeekappSrch

c:\program files\SeekappSrch\uninstall.exe

c:\windows\system32\Thumbs.db

F:\Autorun.inf

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_SeekappSrch_Service

-------\Service_SeekappSrch Service

.

.

((((((((((((((((((((((((( Files Created from 2011-06-19 to 2011-07-19 )))))))))))))))))))))))))))))))

.

.

2011-07-19 06:29 . 2011-06-07 12:55 7074640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{87AB2BC8-C710-4A11-B604-751B8F5CF079}\mpengine.dll

2011-07-17 19:52 . 2011-07-17 19:52 -------- d-----w- c:\program files\Sophos

2011-07-17 13:52 . 2011-07-17 13:53 -------- d-----w- c:\program files\WinPcap

2011-07-17 04:10 . 2011-07-17 04:10 -------- d-----w- c:\program files\Safer Networking

2011-07-16 18:57 . 2011-07-16 18:57 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-07-16 17:39 . 2011-07-16 17:39 -------- d-----w- c:\documents and settings\Annie\Local Settings\Application Data\tjnet

2011-07-12 20:18 . 2011-07-12 20:18 -------- d-----w- c:\program files\MSECache

2011-07-09 05:19 . 2011-07-09 05:19 -------- d-----w- c:\program files\Apple Software Update

2011-07-08 14:07 . 2011-07-08 14:07 -------- d-----w- c:\documents and settings\Annie\Local Settings\Application Data\magicJack

2011-07-08 14:07 . 2011-07-08 14:07 -------- d-----w- c:\documents and settings\All Users\Application Data\magicJack

2011-07-08 14:06 . 2011-07-08 14:06 -------- d-----w- c:\documents and settings\Annie\Application Data\mjusbsp

2011-07-08 14:05 . 2008-04-13 18:45 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys

2011-07-08 14:05 . 2008-04-13 18:45 60032 ----a-w- c:\windows\system32\dllcache\usbaudio.sys

2011-06-25 19:50 . 2011-06-25 19:50 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll

2011-06-25 19:50 . 2011-06-25 19:50 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-07-17 04:00 . 2008-05-22 20:18 5427 ----a-w- c:\windows\system32\EGATHDRV.SYS

2011-07-06 23:52 . 2009-10-30 00:33 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-06 23:52 . 2009-10-30 00:33 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-07 12:55 . 2010-06-09 02:57 7074640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-06-02 14:02 . 2006-04-30 06:55 1858944 ------w- c:\windows\system32\win32k.sys

2011-05-10 12:06 . 2009-05-25 02:05 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll

2011-05-10 12:06 . 2009-05-25 02:05 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys

2011-05-02 15:31 . 2006-04-30 07:10 692736 ------w- c:\windows\system32\inetcomm.dll

2011-04-29 17:25 . 2006-04-30 06:55 151552 ----a-w- c:\windows\system32\schannel.dll

2011-04-29 16:19 . 2006-04-30 06:55 456320 ------w- c:\windows\system32\drivers\mrxsmb.sys

2011-04-26 11:07 . 2006-04-30 06:55 33280 ------w- c:\windows\system32\csrsrv.dll

2011-04-26 11:07 . 2006-04-30 06:55 293376 ----a-w- c:\windows\system32\winsrv.dll

2011-04-25 16:11 . 2006-04-30 06:56 916480 ----a-w- c:\windows\system32\wininet.dll

2011-04-25 16:11 . 2006-04-30 06:55 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-04-25 16:11 . 2006-04-30 06:55 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-04-25 12:01 . 2006-04-30 06:55 385024 ----a-w- c:\windows\system32\html.iec

2011-04-21 13:37 . 2006-04-30 06:55 105472 ------w- c:\windows\system32\drivers\mup.sys

2011-06-25 19:50 . 2011-05-06 03:03 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-11-12 323392]

"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]

"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

"cdloader"="c:\documents and settings\Annie\Application Data\mjusbsp\cdloader2.exe" [2011-05-16 50592]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-08 61952]

"Mouse Suite 98 Daemon"="ICO.EXE" [2005-04-13 49152]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]

"AMSG"="c:\program files\ThinkVantage\AMSG\Amsg.exe" [2005-11-14 487424]

"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2006-07-04 110592]

"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-02-02 122940]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]

"AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-06-18 69632]

"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2006-07-15 503808]

"PDService.exe"="c:\program files\Lenovo\SafeGuard PrivateDisk\pdservice.exe" [2006-03-13 41472]

"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2006-07-15 2341632]

"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-09-26 185640]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AwayNotify]

2006-06-18 17:06 49152 ------w- c:\program files\Lenovo\AwayTask\AwayNotify.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]

2009-09-29 00:34 87352 ----a-w- c:\windows\system32\LMIinit.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@=""

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan.lnk

backup=c:\windows\pss\McAfee Security Scan.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Sony\\Media Manager for PSP 2.5\\MediaManager.exe"=

"c:\\Program Files\\DNA\\btdna.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Documents and Settings\\Annie\\Application Data\\mjusbsp\\magicJack.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

.

R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [9/25/2009 11:32 PM 189736]

R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [8/11/2008 1:41 PM 12856]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/29/2009 8:33 PM 366640]

R2 PrivateDisk;PrivateDisk;c:\program files\Lenovo\SafeGuard PrivateDisk\privatediskm.sys [3/13/2006 7:05 PM 58368]

R2 smi2;smi2;c:\program files\SMI2\smi2.sys [7/14/2006 6:55 PM 3968]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/29/2009 8:33 PM 22712]

S1 MpKsl0d395151;MpKsl0d395151;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{95923F8D-EC3B-44BD-843A-3D7AB44F2292}\MpKsl0d395151.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{95923F8D-EC3B-44BD-843A-3D7AB44F2292}\MpKsl0d395151.sys [?]

S1 MpKsl28759763;MpKsl28759763;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{511AD2F3-07B6-44D5-BDA6-D062CC996017}\MpKsl28759763.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{511AD2F3-07B6-44D5-BDA6-D062CC996017}\MpKsl28759763.sys [?]

S1 MpKsl3fd3aff9;MpKsl3fd3aff9;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FC4D53A7-DFC2-4531-A10F-1C1D0E07B747}\MpKsl3fd3aff9.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FC4D53A7-DFC2-4531-A10F-1C1D0E07B747}\MpKsl3fd3aff9.sys [?]

S1 MpKsl5e008d00;MpKsl5e008d00;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7A471382-37DF-462E-9AEB-8C4E033F7885}\MpKsl5e008d00.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7A471382-37DF-462E-9AEB-8C4E033F7885}\MpKsl5e008d00.sys [?]

S1 MpKsl67c71fcc;MpKsl67c71fcc;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7EA6C3E0-AAD1-4C18-A55F-D5F7BADA44F2}\MpKsl67c71fcc.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7EA6C3E0-AAD1-4C18-A55F-D5F7BADA44F2}\MpKsl67c71fcc.sys [?]

S1 MpKsl6b768626;MpKsl6b768626;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{87AB2BC8-C710-4A11-B604-751B8F5CF079}\MpKsl6b768626.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{87AB2BC8-C710-4A11-B604-751B8F5CF079}\MpKsl6b768626.sys [?]

S1 MpKsla45fce3f;MpKsla45fce3f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{601B0067-E585-4334-A163-D15F56822DE9}\MpKsla45fce3f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{601B0067-E585-4334-A163-D15F56822DE9}\MpKsla45fce3f.sys [?]

S1 MpKslbb2bf167;MpKslbb2bf167;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2DB5311D-4738-4546-A49F-FD16CA8D9EBB}\MpKslbb2bf167.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2DB5311D-4738-4546-A49F-FD16CA8D9EBB}\MpKslbb2bf167.sys [?]

S1 MpKslbe478431;MpKslbe478431;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F0D7A234-7770-4114-80F5-FD2FC83D3566}\MpKslbe478431.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F0D7A234-7770-4114-80F5-FD2FC83D3566}\MpKslbe478431.sys [?]

S1 MpKslcdba00ae;MpKslcdba00ae;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{21CF683D-6383-4CD2-87E0-C4B4D4483605}\MpKslcdba00ae.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{21CF683D-6383-4CD2-87E0-C4B4D4483605}\MpKslcdba00ae.sys [?]

S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\17.tmp --> c:\windows\system32\17.tmp [?]

S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [10/20/2009 2:19 PM 50704]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

getPlusHelper REG_MULTI_SZ getPlusHelper

.

Contents of the 'Scheduled Tasks' folder

.

2011-07-13 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]

.

2011-07-19 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job

- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 22:54]

.

2011-07-19 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 16:26]

.

2011-07-19 c:\windows\Tasks\User_Feed_Synchronization-{87C0BD37-6FDB-470A-9A70-698AD0A20D45}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/

mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com

IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\documents and settings\Annie\Application Data\Mozilla\Firefox\Profiles\hofa9ohe.default\

FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=zpwhtygjntrz&scc=1&ltmpl=default&ltmplcache=2&hl=en|http://www.7is7.com/otto/countdown.html|http://riotclitshave.livejournal.com/|http://www.youtube.com/|http://www.slate.com/

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)

Toolbar-{3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)

HKLM-Run-AppleSyncNotifier - c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

HKLM-Run-AVG8_TRAY - c:\progra~1\AVG\AVG8\avgtray.exe

Notify-avgrsstarter - (no file)

Notify-NavLogon - (no file)

AddRemove-SeekappSrch - c:\program files\SeekappSrch\uninstall.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-07-19 10:28

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]

"ImagePath"="\??\c:\windows\system32\17.tmp"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(940)

c:\windows\system32\LMIinit.dll

c:\program files\Lenovo\AwayTask\AwayNotify.dll

.

- - - - - - - > 'explorer.exe'(2556)

c:\windows\system32\WININET.dll

c:\windows\system32\PROCHLP.DLL

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

c:\windows\system32\pelscrll.dll

c:\windows\system32\PELCOMM.dll

c:\windows\system32\PELHOOKS.dll

c:\windows\system32\LMIRfsClientNP.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe

c:\windows\system32\IPSSVC.EXE

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\LogMeIn\x86\RaMaint.exe

c:\program files\LogMeIn\x86\LogMeIn.exe

c:\program files\LogMeIn\x86\LMIGuardian.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe

c:\program files\lenovo\system update\suservice.exe

c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

c:\program files\Lenovo\Client Security Solution\tvttcsd.exe

c:\program files\Lenovo\Rescue and Recovery\rrservice.exe

c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe

c:\program files\Lenovo\Rescue and Recovery\ADM\IUService.exe

c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe

c:\program files\Common Files\Lenovo\Logger\logmon.exe

c:\program files\Windows Media Player\WMPNetwk.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\ICO.EXE

c:\windows\system32\FSRremoS.EXE

c:\windows\system32\Pelmiced.exe

c:\progra~1\MI3AA1~1\rapimgr.exe

c:\program files\iPod\bin\iPodService.exe

.

**************************************************************************

.

Completion time: 2011-07-19 10:36:07 - machine was rebooted

ComboFix-quarantined-files.txt 2011-07-19 14:36

.

Pre-Run: 6,424,907,776 bytes free

Post-Run: 6,505,426,944 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

[spybotsd]

timeout.old=30

.

- - End Of File - - 7DBCE626630AF0307E1D2C93E457B43C

Link to post
Share on other sites

Computer behavior has not changed.

10:42:23 Annie MESSAGE Protection started successfully

10:42:27 Annie MESSAGE IP Protection started successfully

10:42:44 Annie IP-BLOCK 83.128.17.94 (Type: outgoing)

10:44:06 Annie IP-BLOCK 89.28.29.129 (Type: outgoing)

10:48:14 Annie IP-BLOCK 89.28.30.37 (Type: incoming)

Link to post
Share on other sites

I did not touch System Restore so it is active, monitoring the drive, and periodically creating restore points.

I'm using a Belkin router. This computer and another desktop are connected to it using network cable. There are 4 laptops that access it on wireless (along with mobile devices). This computer is the only one with the IP blocking issue.

Link to post
Share on other sites

Copy/paste the text in the Codebox below into notepad:

Here's how to do that:

Click Start > Run type Notepad click OK.

This will open an empty notepad file:

Take your mouse, and place your cursor at the beginning of the text in the box below, then click and hold the left mouse button, while pulling your mouse over the text. This should highlight the text. Now release the left mouse button. Now, with the cursor over the highlighted text, right click the mouse for options, and select 'copy'. Now over the empty Notepad box, right click your mouse again, and select 'paste' and you will have copied and pasted the text.

KillAll::

FireFox::
FF - ProfilePath - c:\documents and settings\Annie\Application Data\Mozilla\Firefox\Profiles\hofa9ohe.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=zpwhtygjntrz&scc=1&ltmpl=default&ltmplcache=2&hl=en|http://www.7is7.com/otto/countdown.html|http://riotclitshave.livejournal.com/|http://www.youtube.com/|http://www.slate.com/

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;

2.Click Save As... Change the directory to your desktop;

3.Change the Save as type to "All Files";

4.Type in the file name: CFScript

5.Click Save ...

CFScriptB-4.gif

Drag CFScript.txt into ComboFix.exe

Then post the results log using Copy / Paste

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

I'm unable to run this. Nothing seems to be working at all now and the computer is dreadfully slow, so I'm caving in and wiping the hard drive on that computer.

I really appreciate your help and I apologize for putting you through all this just to end up with this result. Thank you very much, Larry Tate!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.