Jump to content

MBAM (PRO) blocking 208.87.32.75 message several times a day


Recommended Posts

I use Malwarebytes Pro which hasn't detected anything even though I've run it several times. I've also been running Microsoft Security Essentials since forever and it does not seem to detect anything. Could someone please help me?

I followed all the steps on http://forums.malwarebytes.org/index.php?showtopic=9573 -

Here are my logs:

MBAM

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7362

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

8/3/2011 12:44:44 PM

mbam-log-2011-08-03 (12-44-44).txt

Scan type: Quick scan

Objects scanned: 240578

Time elapsed: 27 minute(s), 19 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

DDS.txt

.

DDS (Ver_2011-06-23.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by ester at 16:41:51 on 2011-08-03

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.283 [GMT -7:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

.

============== Running Processes ===============

.

C:\Program Files\VMware\VMware Tools\vmacthlp.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe

C:\WINDOWS\system32\ASTSRV.EXE

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\svchost.exe -k HPService

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\PROGRA~1\Veritas\NETBAC~1\bin\bpinetd.exe

C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\Program Files\VMware\VMware Tools\VMwareService.exe

C:\PROGRA~1\Veritas\NETBAC~1\bin\BPJAVA-msvc.EXE

C:\Program Files\VERITAS\VxPBX\bin\pbx_exchange.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\system32\svchost.exe -k netsvcs

C:\Program Files\Seagate Replica\bin\Seagate-Replica-Service.exe

C:\Program Files\Seagate Replica\bin\Seagate-Replica-SysMon.exe

C:\Program Files\VMware\VMware Tools\TPAutoConnSvc.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\VMware\VMware Tools\TPAutoConnect.exe

C:\Program Files\Seagate Replica\bin\Seagate-Replica-AutoPlay.exe

C:\Program Files\Seagate Replica\bin\Seagate-Replica-Tray.exe

C:\Program Files\VMware\VMware Tools\VMwareTray.exe

C:\Program Files\VMware\VMware Tools\VMwareUser.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe

C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\PROGRA~1\Discover\SOAN\DISCOV~1.EXE

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\Program Files\CalgooConnect\CalgooConnect.exe

C:\WINDOWS\system32\OBroker.exe

C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Documents and Settings\ester\Application Data\Dropbox\bin\Dropbox.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

.

============== Pseudo HJT Report ===============

.

uSearch Page = hxxp://www.google.com

uStart Page = hxxp://www.netvibes.com/

uSearch Bar = hxxp://www.google.com/ie

uInternet Settings,ProxyOverride = *.local

uInternet Settings,ProxyServer = 192.168.0.4:8080

uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

mSearchAssistant = hxxp://www.google.com/ie

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Secure Online Account Numbers Helper: {435eaa86-d32b-484f-869c-53745fcb1642} - c:\program files\discover\soan\DiscoverSOANHelper.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll

TB: Secure Online Account Numbers: {a8c7c2ca-6dfd-4e16-8458-592361564d38} - c:\program files\discover\soan\DiscoverSOANToolbar.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler

uRun: [Calgoo Connect] "c:\program files\calgooconnect\CalgooConnect.exe" -S

uRun: [Google Update] "c:\documents and settings\ester\local settings\application data\google\update\GoogleUpdate.exe" /c

mRun: [VMware Tools] "c:\program files\vmware\vmware tools\VMwareTray.exe"

mRun: [VMware User Process] "c:\program files\vmware\vmware tools\VMwareUser.exe"

mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup

mRun: [WinUtilities Quick Launcher] c:\program files\winutilities\WinUtil.exe /autorun

mRun: [AmazonGSDownloaderTray] "c:\program files\amazon\amazon games & software downloader\AmazonGSDownloaderTray.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [secure Online Account Numbers] "c:\progra~1\discover\soan\DISCOV~1.EXE" /dontopenmycards

mRun: [ulead AutoDetector v2] c:\program files\common files\ulead systems\autodetector\monitor.exe

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

StartupFolder: c:\docume~1\ester\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\ester\application data\dropbox\bin\Dropbox.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files\bonjour\ExplorerPlugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

LSP: c:\program files\vmware\vmware tools\vsock sdk\bin\win32\vsocklib.dll

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - hxxp://picasaweb.google.com/s/v/55.16/uploader2.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1231576270321

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

TCP: DhcpNameServer = 192.168.0.4 192.168.0.1

TCP: Interfaces\{1B33972D-F512-42E6-B7D4-ECA75C5EDE48} : DhcpNameServer = 192.168.0.4 192.168.0.1

Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll

Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll

Notify: TPSvc - TPSvc.dll

AppInit_DLLs: c:\progra~1\google\google~3\GOEC62~1.DLL

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

Hosts: 192.168.5.1 rainier

Hosts: 192.168.5.2 orlando

Hosts: 192.168.5.3 colorado

Hosts: 192.168.5.5 maui

Hosts: 192.168.5.25 queenie

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\ester\application data\mozilla\firefox\profiles\213gklny.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.protopage.com/gorgeous

FF - prefs.js: network.proxy.http - 192.168.0.4

FF - prefs.js: network.proxy.http_port - 8080

FF - prefs.js: network.proxy.type - 1

FF - component: c:\program files\discover\soan\components\SlimOrbAddonDiscoverSOAN.dll

FF - plugin: c:\documents and settings\ester\local settings\application data\google\update\1.3.21.65\npGoogleUpdate3.dll

FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll

FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll

.

============= SERVICES / DRIVERS ===============

.

R0 vmscsi;vmscsi;c:\windows\system32\drivers\vmscsi.sys [2009-1-10 17968]

R0 VSP;Veritas Snapshot Provider;c:\windows\system32\drivers\VSP.SYS [2006-5-4 51896]

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]

R1 MpKsl4b3f90a7;MpKsl4b3f90a7;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{358d38ee-85fa-4d81-a546-8c7fa96ce586}\MpKsl4b3f90a7.sys [2011-8-3 28752]

R1 MpKslc6d22bcd;MpKslc6d22bcd;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{358d38ee-85fa-4d81-a546-8c7fa96ce586}\MpKslc6d22bcd.sys [2011-8-2 28752]

R1 vmhgfs;vmhgfs;c:\windows\system32\drivers\vmhgfs.sys [2009-1-10 118576]

R2 Amazon Download Agent;Amazon Download Agent;c:\program files\amazon\amazon games & software downloader\AmazonGSDownloaderService.exe [2010-8-26 401920]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-2-14 366640]

R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\nitro pdf\professional\NitroPDFDriverService.exe [2009-10-5 188736]

R2 Seagate-Replica-Service;Seagate-Replica-Service;c:\program files\seagate replica\bin\Seagate-Replica-Service.exe [2010-3-10 1814016]

R2 Seagate-Replica-SysMon;Seagate-Replica-SysMon;c:\program files\seagate replica\bin\Seagate-Replica-SysMon.exe [2010-3-10 162256]

R2 VMMEMCTL;Memory Control Driver;c:\program files\vmware\vmware tools\drivers\memctl\vmmemctl.sys [2008-9-10 14384]

R2 VMTools;VMware Tools Service;c:\program files\vmware\vmware tools\VMwareService.exe [2008-9-10 539184]

R2 VMware Physical Disk Helper Service;VMware Physical Disk Helper Service;c:\program files\vmware\vmware tools\vmacthlp.exe [2008-9-10 358960]

R2 VRTSpbx;Symantec Private Branch Exchange;c:\windows\system32\cmd.exe [2003-7-16 389120]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-2-14 22712]

R3 TPAutoConnSvc;TP AutoConnect Service;c:\program files\vmware\vmware tools\TPAutoConnSvc.exe [2008-9-10 238832]

R3 vmci;VMware VMCI Bus Driver;c:\windows\system32\drivers\vmci.sys [2009-1-10 53424]

R3 vmmouse;VMware Pointing Device;c:\windows\system32\drivers\vmmouse.sys [2009-1-10 11696]

R3 vmx_svga;vmx_svga;c:\windows\system32\drivers\vmx_svga.sys [2009-1-10 63920]

R3 vmxnet;VMware Ethernet Adapter Driver;c:\windows\system32\drivers\vmxnet.sys [2009-1-10 36400]

S1 MpKsl0d79e836;MpKsl0d79e836;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f05d555a-3232-41b9-a7e6-c7b79c3d03fc}\mpksl0d79e836.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f05d555a-3232-41b9-a7e6-c7b79c3d03fc}\MpKsl0d79e836.sys [?]

S1 MpKsl10ac8e75;MpKsl10ac8e75;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{24d53bca-18a9-4852-80df-ae6b1e83b5fa}\mpksl10ac8e75.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{24d53bca-18a9-4852-80df-ae6b1e83b5fa}\MpKsl10ac8e75.sys [?]

S1 MpKsl2fe9f741;MpKsl2fe9f741;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b80ad19f-1f48-4fa9-b021-a2f2095a899b}\mpksl2fe9f741.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b80ad19f-1f48-4fa9-b021-a2f2095a899b}\MpKsl2fe9f741.sys [?]

S1 MpKsle1b24590;MpKsle1b24590;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e1ed8d8e-8ef7-4561-a9eb-06302ecc26ac}\mpksle1b24590.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e1ed8d8e-8ef7-4561-a9eb-06302ecc26ac}\MpKsle1b24590.sys [?]

S1 MpKslf8bc5d4a;MpKslf8bc5d4a;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2a98144e-1f03-46de-96ad-6a2dd8e14b59}\mpkslf8bc5d4a.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2a98144e-1f03-46de-96ad-6a2dd8e14b59}\MpKslf8bc5d4a.sys [?]

S1 vmdebug;VMware Replay Debugging Helper;c:\windows\system32\drivers\vmdebug.sys [2008-9-10 19504]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-3 135664]

S2 NetBackup SAN Client Fibre Transport Service;NetBackup SAN Client Fibre Transport Service;c:\progra~1\veritas\netbac~1\bin\nbftclnt.exe [2009-5-1 804184]

S2 QuickBooksDB18;QuickBooksDB18;c:\progra~1\intuit\quickb~1\qbdbmgrn.exe -hvquickbooksdb18 --> c:\progra~1\intuit\quickb~1\QBDBMgrN.exe -hvQuickBooksDB18 [?]

S2 XobniService;XobniService;c:\program files\xobni\XobniService.exe [2009-11-20 55016]

S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-5-21 30192]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-3 135664]

.

=============== Created Last 30 ================

.

2011-08-03 23:31:16 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{358d38ee-85fa-4d81-a546-8c7fa96ce586}\MpKsl4b3f90a7.sys

2011-08-03 05:55:48 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{358d38ee-85fa-4d81-a546-8c7fa96ce586}\MpKslc6d22bcd.sys

2011-08-03 05:52:38 6881616 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{358d38ee-85fa-4d81-a546-8c7fa96ce586}\mpengine.dll

2011-07-30 07:05:49 -------- d-----w- c:\program files\ESET

2011-07-14 18:06:02 -------- d-----w- c:\program files\Webroot

2011-07-14 14:53:18 388096 ----a-r- c:\documents and settings\ester\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

2011-07-14 14:53:02 -------- d-----w- c:\program files\Trend Micro

.

==================== Find3M ====================

.

2011-07-07 02:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-07 02:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-24 04:07:25 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-06-12 02:51:30 74 --sh--r- c:\windows\FFSSET.BIN

2011-06-02 14:02:05 1858944 ------w- c:\windows\system32\win32k.sys

.

============= FINISH: 16:43:50.49 ===============

My computer is a Mac, but I'm running Windows under VMWware Fusion. I keep getting these messages in the Windows portion referring to MBAM successfully blocked access to 208.87.32.75 I have no idea why. I do not get redirects, everything else seems to be working pretty normal, but these pop-up notifications are driving me insane...

I would really appreciate any assistance you can offer. Thank you very much in advance!

attach.zip

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please post a protection log from MBAM.

Next, please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

Thank you very much for helping, Screen317 - I did all the steps you mentioned and while I was running Combofix I got a blue screen message that windows had encountered an error and had been shut down to prevent further damage to my computer. "Plug and Play detected an error most likely caused by a faulty driver" Siince this is the first time I see this kind of error I will restart the computer & check to see if Combofix had any logs already in which case I will post them - or I will re-run it & post once it's done... Just wanted to give you a heads up.

Link to post
Share on other sites

Ok, here goes everything you requested... I hope it helps, it's all Greek to me!! Thank you very much for your help!

MBAM Protection Log:

00:51:02 ester IP-BLOCK 208.87.32.75 (Type: outgoing)

01:51:32 ester IP-BLOCK 208.87.32.75 (Type: outgoing)

01:51:34 ester IP-BLOCK 208.87.32.75 (Type: outgoing)

02:51:38 ester IP-BLOCK 208.87.32.75 (Type: outgoing)

02:51:40 ester IP-BLOCK 208.87.32.75 (Type: outgoing)

03:52:16 ester IP-BLOCK 208.87.32.75 (Type: outgoing)

04:52:24 ester IP-BLOCK 208.87.32.75 (Type: outgoing)

04:52:26 ester IP-BLOCK 208.87.32.75 (Type: outgoing)

05:52:30 ester IP-BLOCK 208.87.32.75 (Type: outgoing)

05:52:32 ester IP-BLOCK 208.87.32.75 (Type: outgoing)

06:52:42 ester IP-BLOCK 208.87.32.75 (Type: outgoing)

06:52:45 ester IP-BLOCK 208.87.32.75 (Type: outgoing)

07:52:48 ester IP-BLOCK 208.87.32.75 (Type: outgoing)

07:52:50 ester IP-BLOCK 208.87.32.75 (Type: outgoing)

08:52:55 ester IP-BLOCK 208.87.32.75 (Type: outgoing)

08:52:57 ester IP-BLOCK 208.87.32.75 (Type: outgoing)

09:53:09 ester IP-BLOCK 208.87.32.75 (Type: outgoing)

09:53:12 ester IP-BLOCK 208.87.32.75 (Type: outgoing)

10:53:33 ester IP-BLOCK 208.87.32.75 (Type: outgoing)

10:53:36 ester IP-BLOCK 208.87.32.75 (Type: outgoing)

11:53:44 ester IP-BLOCK 208.87.32.75 (Type: outgoing)

11:53:47 ester IP-BLOCK 208.87.32.75 (Type: outgoing)

12:53:55 ester IP-BLOCK 208.87.32.75 (Type: outgoing)

12:54:00 ester IP-BLOCK 208.87.32.75 (Type: outgoing)

13:54:05 ester IP-BLOCK 208.87.32.75 (Type: outgoing)

13:54:07 ester IP-BLOCK 208.87.32.75 (Type: outgoing)

14:54:17 ester IP-BLOCK 208.87.32.75 (Type: outgoing)

14:54:20 ester IP-BLOCK 208.87.32.75 (Type: outgoing)

15:54:35 ester IP-BLOCK 208.87.32.75 (Type: outgoing)

15:54:38 ester IP-BLOCK 208.87.32.75 (Type: outgoing)

16:32:58 ester MESSAGE IP Protection stopped

16:42:30 ester MESSAGE Database updated successfully

16:42:32 ester MESSAGE IP Protection started successfully

16:56:15 ester IP-BLOCK 208.87.32.75 (Type: outgoing)

17:56:37 ester IP-BLOCK 208.87.32.75 (Type: outgoing)

17:56:42 ester IP-BLOCK 208.87.32.75 (Type: outgoing)

17:59:59 ester MESSAGE IP Protection stopped

19:23:41 ester MESSAGE Protection started successfully

19:23:46 ester MESSAGE IP Protection started successfully

I stopped the protection to be able to run Combofix, but I disconnected my computer from the internet at that time.

MBAM Log after Quick Scan:

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7390

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

8/5/2011 5:38:50 PM

mbam-log-2011-08-05 (17-38-49).txt

Scan type: Quick scan

Objects scanned: 241900

Time elapsed: 1 hour(s), 5 minute(s), 29 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Combofix Log:

ComboFix 11-08-05.02 - ester 08/05/2011 18:57:12.2.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.427 [GMT -7:00]

Running from: c:\documents and settings\ester\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\ester\WINDOWS

C:\install.exe

c:\windows\UNWISE.EXE

.

.

((((((((((((((((((((((((( Files Created from 2011-07-06 to 2011-08-06 )))))))))))))))))))))))))))))))

.

.

2011-08-05 23:47 . 2011-07-13 03:39 6881616 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1C6704EA-9747-4D59-90F0-115A8310F0D8}\mpengine.dll

2011-07-30 07:05 . 2011-07-30 07:05 -------- d-----w- c:\program files\ESET

2011-07-22 03:21 . 2011-07-22 03:21 -------- d-----w- c:\documents and settings\QBDataServiceUser18

2011-07-14 18:06 . 2011-07-14 18:06 -------- d-----w- c:\program files\Webroot

2011-07-14 14:53 . 2011-07-14 14:53 388096 ----a-r- c:\documents and settings\ester\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-07-14 14:53 . 2011-07-14 14:53 -------- d-----w- c:\program files\Trend Micro

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-07-13 03:39 . 2009-06-25 18:34 6881616 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-07-07 02:52 . 2010-02-14 18:25 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-07 02:52 . 2010-02-14 18:25 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-24 04:07 . 2011-05-20 18:15 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-06-02 14:02 . 2003-07-16 16:45 1858944 ------w- c:\windows\system32\win32k.sys

2011-06-21 21:53 . 2011-05-20 16:01 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\documents and settings\ester\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\documents and settings\ester\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\documents and settings\ester\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\documents and settings\ester\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-20 68856]

"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]

"Calgoo Connect"="c:\program files\CalgooConnect\CalgooConnect.exe" [2008-09-06 6409216]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"VMware Tools"="c:\program files\VMware\VMware Tools\VMwareTray.exe" [2008-09-11 428592]

"VMware User Process"="c:\program files\VMware\VMware Tools\VMwareUser.exe" [2008-09-11 862768]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-21 30192]

"AmazonGSDownloaderTray"="c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe" [2009-10-23 326144]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-07 449584]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

.

c:\documents and settings\ester\Start Menu\Programs\Startup\

Dropbox.lnk - c:\documents and settings\ester\Application Data\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2008-2-27 972064]

Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TPSvc]

2008-09-11 00:52 423208 ------r- c:\windows\system32\TPSvc.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\CalgooConnect\\CalgooConnect.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

.

R0 vmscsi;vmscsi;c:\windows\system32\drivers\vmscsi.sys [1/10/2009 1:29 AM 17968]

R0 VSP;Veritas Snapshot Provider;c:\windows\system32\drivers\VSP.SYS [5/4/2006 4:16 PM 51896]

R1 vmhgfs;vmhgfs;c:\windows\system32\drivers\vmhgfs.sys [1/10/2009 1:29 AM 118576]

R2 Amazon Download Agent;Amazon Download Agent;c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [8/26/2010 8:35 PM 401920]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2/14/2010 11:25 AM 366640]

R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Nitro PDF\Professional\NitroPDFDriverService.exe [10/5/2009 10:08 AM 188736]

R2 Seagate-Replica-Service;Seagate-Replica-Service;c:\program files\Seagate Replica\bin\Seagate-Replica-Service.exe [3/10/2010 11:39 PM 1814016]

R2 Seagate-Replica-SysMon;Seagate-Replica-SysMon;c:\program files\Seagate Replica\bin\Seagate-Replica-SysMon.exe [3/10/2010 11:39 PM 162256]

R2 VMMEMCTL;Memory Control Driver;c:\program files\VMware\VMware Tools\Drivers\memctl\vmmemctl.sys [9/10/2008 5:53 PM 14384]

R2 VMTools;VMware Tools Service;c:\program files\VMware\VMware Tools\VMwareService.exe [9/10/2008 5:54 PM 539184]

R2 VMware Physical Disk Helper Service;VMware Physical Disk Helper Service;c:\program files\VMware\VMware Tools\vmacthlp.exe [9/10/2008 5:53 PM 358960]

R2 VRTSpbx;Symantec Private Branch Exchange;c:\windows\system32\cmd.exe [7/16/2003 9:19 AM 389120]

R2 XobniService;XobniService;c:\program files\Xobni\XobniService.exe [11/20/2009 10:13 AM 55016]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2/14/2010 11:25 AM 22712]

R3 TPAutoConnSvc;TP AutoConnect Service;c:\program files\VMware\VMware Tools\TPAutoConnSvc.exe [9/10/2008 5:52 PM 238832]

R3 vmci;VMware VMCI Bus Driver;c:\windows\system32\drivers\vmci.sys [1/10/2009 1:29 AM 53424]

R3 vmmouse;VMware Pointing Device;c:\windows\system32\drivers\vmmouse.sys [1/10/2009 1:29 AM 11696]

R3 vmx_svga;vmx_svga;c:\windows\system32\drivers\vmx_svga.sys [1/10/2009 1:29 AM 63920]

R3 vmxnet;VMware Ethernet Adapter Driver;c:\windows\system32\drivers\vmxnet.sys [1/10/2009 1:29 AM 36400]

S1 MpKsl0d79e836;MpKsl0d79e836;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F05D555A-3232-41B9-A7E6-C7B79C3D03FC}\MpKsl0d79e836.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F05D555A-3232-41B9-A7E6-C7B79C3D03FC}\MpKsl0d79e836.sys [?]

S1 MpKsl10ac8e75;MpKsl10ac8e75;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{24D53BCA-18A9-4852-80DF-AE6B1E83B5FA}\MpKsl10ac8e75.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{24D53BCA-18A9-4852-80DF-AE6B1E83B5FA}\MpKsl10ac8e75.sys [?]

S1 MpKsl2fe9f741;MpKsl2fe9f741;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B80AD19F-1F48-4FA9-B021-A2F2095A899B}\MpKsl2fe9f741.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B80AD19F-1F48-4FA9-B021-A2F2095A899B}\MpKsl2fe9f741.sys [?]

S1 MpKslc6d22bcd;MpKslc6d22bcd;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{358D38EE-85FA-4D81-A546-8C7FA96CE586}\MpKslc6d22bcd.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{358D38EE-85FA-4D81-A546-8C7FA96CE586}\MpKslc6d22bcd.sys [?]

S1 MpKsle1b24590;MpKsle1b24590;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E1ED8D8E-8EF7-4561-A9EB-06302ECC26AC}\MpKsle1b24590.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E1ED8D8E-8EF7-4561-A9EB-06302ECC26AC}\MpKsle1b24590.sys [?]

S1 MpKslf8bc5d4a;MpKslf8bc5d4a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2A98144E-1F03-46DE-96AD-6A2DD8E14B59}\MpKslf8bc5d4a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2A98144E-1F03-46DE-96AD-6A2DD8E14B59}\MpKslf8bc5d4a.sys [?]

S1 vmdebug;VMware Replay Debugging Helper;c:\windows\system32\drivers\vmdebug.sys [9/10/2008 5:54 PM 19504]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/3/2010 10:43 PM 135664]

S2 NetBackup SAN Client Fibre Transport Service;NetBackup SAN Client Fibre Transport Service;c:\progra~1\Veritas\NETBAC~1\bin\nbftclnt.exe [5/1/2009 5:10 AM 804184]

S2 QuickBooksDB18;QuickBooksDB18;c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB18 --> c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB18 [?]

S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [5/21/2009 10:46 PM 30192]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/3/2010 10:43 PM 135664]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

HPService REG_MULTI_SZ HPSLPSVC

hpdevmgmt REG_MULTI_SZ hpqcxs08

.

Contents of the 'Scheduled Tasks' folder

.

2011-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 05:43]

.

2011-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 05:43]

.

2011-08-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1058685564-607745707-111032338-1013Core.job

- c:\documents and settings\ester\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-28 18:33]

.

2011-08-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1058685564-607745707-111032338-1013UA.job

- c:\documents and settings\ester\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-28 18:33]

.

2011-08-06 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 20:26]

.

2011-08-05 c:\windows\Tasks\User_Feed_Synchronization-{8AD08D0A-F078-4878-A192-399B31AF25A1}.job

- c:\windows\system32\msfeedssync.exe [2007-08-14 11:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.netvibes.com/

uInternet Settings,ProxyOverride = *.local

uInternet Settings,ProxyServer = 192.168.0.4:8080

uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html

LSP: c:\program files\VMware\VMware Tools\VSock SDK\bin\win32\vsocklib.dll

FF - ProfilePath - c:\documents and settings\ester\Application Data\Mozilla\Firefox\Profiles\213gklny.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.protopage.com/gorgeous

FF - prefs.js: network.proxy.http - 192.168.0.4

FF - prefs.js: network.proxy.http_port - 8080

FF - prefs.js: network.proxy.type - 1

.

- - - - ORPHANS REMOVED - - - -

.

HKLM-Run-WinUtilities Quick Launcher - c:\program files\WinUtilities\WinUtil.exe

HKLM-Run-Ulead AutoDetector v2 - c:\program files\Common Files\Ulead Systems\AutoDetector\monitor.exe

AddRemove-Group Mail - c:\windows\UNWISE.EXE

AddRemove-PRO50 - f:\pro25\Uninst.isu

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-08-05 19:16

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Seagate-Replica-Service]

"ImagePath"="c:\program files\Seagate Replica\bin\Seagate-Replica-Service.exe /startedbyscm:FE2355B7-40E2EE35-RebitSvcModule"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(688)

c:\windows\System32\vmhgfs.dll

.

- - - - - - - > 'explorer.exe'(2352)

c:\windows\system32\WININET.dll

c:\documents and settings\ester\Application Data\Dropbox\bin\DropboxExt.14.dll

c:\windows\system32\addressbar.dll

c:\windows\System32\vmhgfs.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll

c:\progra~1\SEAGAT~1\bin\SEAGAT~3.DLL

c:\progra~1\SEAGAT~1\bin\cqt.dll

c:\progra~1\SEAGAT~1\bin\zlib1.dll

c:\windows\system32\wpdshext.dll

c:\windows\system32\PortableDeviceApi.dll

c:\windows\system32\Audiodev.dll

c:\windows\system32\WMVCore.DLL

c:\windows\system32\WMASF.DLL

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe

c:\windows\system32\ASTSRV.EXE

c:\program files\Bonjour\mDNSResponder.exe

c:\progra~1\Veritas\NETBAC~1\bin\bpinetd.exe

c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

c:\progra~1\Veritas\NETBAC~1\bin\BPJAVA-msvc.EXE

c:\program files\VERITAS\VxPBX\bin\pbx_exchange.exe

c:\windows\system32\SearchIndexer.exe

c:\program files\VMware\VMware Tools\TPAutoConnect.exe

c:\program files\Seagate Replica\bin\Seagate-Replica-AutoPlay.exe

c:\program files\Seagate Replica\bin\Seagate-Replica-Tray.exe

c:\progra~1\Discover\SOAN\DISCOV~1.EXE

c:\windows\system32\OBroker.exe

.

**************************************************************************

.

Completion time: 2011-08-05 19:21:52 - machine was rebooted

ComboFix-quarantined-files.txt 2011-08-06 02:21

.

Pre-Run: 3,946,532,864 bytes free

Post-Run: 6,042,157,056 bytes free

.

- - End Of File - - 9BC91006107427EBF9F1D9EB1714134B

DDS.txt Log:

.

DDS (Ver_2011-06-23.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by ester at 19:37:08 on 2011-08-05

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.283 [GMT -7:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

.

============== Running Processes ===============

.

C:\Program Files\VMware\VMware Tools\vmacthlp.exe

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe

C:\WINDOWS\system32\ASTSRV.EXE

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\svchost.exe -k HPService

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\PROGRA~1\Veritas\NETBAC~1\bin\bpinetd.exe

C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\Program Files\VMware\VMware Tools\VMwareService.exe

C:\PROGRA~1\Veritas\NETBAC~1\bin\BPJAVA-msvc.EXE

C:\Program Files\VERITAS\VxPBX\bin\pbx_exchange.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\Xobni\XobniService.exe

C:\Program Files\Seagate Replica\bin\Seagate-Replica-Service.exe

C:\Program Files\Seagate Replica\bin\Seagate-Replica-SysMon.exe

C:\Program Files\VMware\VMware Tools\TPAutoConnSvc.exe

C:\Program Files\VMware\VMware Tools\TPAutoConnect.exe

C:\Program Files\Seagate Replica\bin\Seagate-Replica-AutoPlay.exe

C:\Program Files\Seagate Replica\bin\Seagate-Replica-Tray.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\VMware\VMware Tools\VMwareTray.exe

C:\Program Files\VMware\VMware Tools\VMwareUser.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\PROGRA~1\Discover\SOAN\DISCOV~1.EXE

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\Program Files\CalgooConnect\CalgooConnect.exe

C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\WINDOWS\system32\OBroker.exe

C:\Documents and Settings\ester\Application Data\Dropbox\bin\Dropbox.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.netvibes.com/

uInternet Settings,ProxyOverride = *.local

uInternet Settings,ProxyServer = 192.168.0.4:8080

uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Secure Online Account Numbers Helper: {435eaa86-d32b-484f-869c-53745fcb1642} - c:\program files\discover\soan\DiscoverSOANHelper.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll

TB: Secure Online Account Numbers: {a8c7c2ca-6dfd-4e16-8458-592361564d38} - c:\program files\discover\soan\DiscoverSOANToolbar.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler

uRun: [Calgoo Connect] "c:\program files\calgooconnect\CalgooConnect.exe" -S

mRun: [VMware Tools] "c:\program files\vmware\vmware tools\VMwareTray.exe"

mRun: [VMware User Process] "c:\program files\vmware\vmware tools\VMwareUser.exe"

mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup

mRun: [AmazonGSDownloaderTray] "c:\program files\amazon\amazon games & software downloader\AmazonGSDownloaderTray.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [secure Online Account Numbers] "c:\progra~1\discover\soan\DISCOV~1.EXE" /dontopenmycards

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

StartupFolder: c:\docume~1\ester\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\ester\application data\dropbox\bin\Dropbox.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files\bonjour\ExplorerPlugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

LSP: c:\program files\vmware\vmware tools\vsock sdk\bin\win32\vsocklib.dll

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - hxxp://picasaweb.google.com/s/v/55.16/uploader2.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1231576270321

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll

Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll

Notify: TPSvc - TPSvc.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\ester\application data\mozilla\firefox\profiles\213gklny.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.protopage.com/gorgeous

FF - prefs.js: network.proxy.http - 192.168.0.4

FF - prefs.js: network.proxy.http_port - 8080

FF - prefs.js: network.proxy.type - 1

.

============= SERVICES / DRIVERS ===============

.

R0 vmscsi;vmscsi;c:\windows\system32\drivers\vmscsi.sys [2009-1-10 17968]

R0 VSP;Veritas Snapshot Provider;c:\windows\system32\drivers\VSP.SYS [2006-5-4 51896]

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]

R1 MpKsle4983c18;MpKsle4983c18;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{21518747-4c55-48be-aa27-babf8ca1aaae}\MpKsle4983c18.sys [2011-8-5 28752]

R1 vmhgfs;vmhgfs;c:\windows\system32\drivers\vmhgfs.sys [2009-1-10 118576]

R2 Amazon Download Agent;Amazon Download Agent;c:\program files\amazon\amazon games & software downloader\AmazonGSDownloaderService.exe [2010-8-26 401920]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-2-14 366640]

R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\nitro pdf\professional\NitroPDFDriverService.exe [2009-10-5 188736]

R2 Seagate-Replica-Service;Seagate-Replica-Service;c:\program files\seagate replica\bin\Seagate-Replica-Service.exe [2010-3-10 1814016]

R2 Seagate-Replica-SysMon;Seagate-Replica-SysMon;c:\program files\seagate replica\bin\Seagate-Replica-SysMon.exe [2010-3-10 162256]

R2 VMMEMCTL;Memory Control Driver;c:\program files\vmware\vmware tools\drivers\memctl\vmmemctl.sys [2008-9-10 14384]

R2 VMTools;VMware Tools Service;c:\program files\vmware\vmware tools\VMwareService.exe [2008-9-10 539184]

R2 VMware Physical Disk Helper Service;VMware Physical Disk Helper Service;c:\program files\vmware\vmware tools\vmacthlp.exe [2008-9-10 358960]

R2 VRTSpbx;Symantec Private Branch Exchange;c:\windows\system32\cmd.exe [2003-7-16 389120]

R2 XobniService;XobniService;c:\program files\xobni\XobniService.exe [2009-11-20 55016]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-2-14 22712]

R3 TPAutoConnSvc;TP AutoConnect Service;c:\program files\vmware\vmware tools\TPAutoConnSvc.exe [2008-9-10 238832]

R3 vmci;VMware VMCI Bus Driver;c:\windows\system32\drivers\vmci.sys [2009-1-10 53424]

R3 vmmouse;VMware Pointing Device;c:\windows\system32\drivers\vmmouse.sys [2009-1-10 11696]

R3 vmx_svga;vmx_svga;c:\windows\system32\drivers\vmx_svga.sys [2009-1-10 63920]

R3 vmxnet;VMware Ethernet Adapter Driver;c:\windows\system32\drivers\vmxnet.sys [2009-1-10 36400]

S1 MpKsl0d79e836;MpKsl0d79e836;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f05d555a-3232-41b9-a7e6-c7b79c3d03fc}\mpksl0d79e836.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f05d555a-3232-41b9-a7e6-c7b79c3d03fc}\MpKsl0d79e836.sys [?]

S1 MpKsl10ac8e75;MpKsl10ac8e75;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{24d53bca-18a9-4852-80df-ae6b1e83b5fa}\mpksl10ac8e75.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{24d53bca-18a9-4852-80df-ae6b1e83b5fa}\MpKsl10ac8e75.sys [?]

S1 MpKsl2fe9f741;MpKsl2fe9f741;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b80ad19f-1f48-4fa9-b021-a2f2095a899b}\mpksl2fe9f741.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b80ad19f-1f48-4fa9-b021-a2f2095a899b}\MpKsl2fe9f741.sys [?]

S1 MpKslc6d22bcd;MpKslc6d22bcd;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{358d38ee-85fa-4d81-a546-8c7fa96ce586}\mpkslc6d22bcd.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{358d38ee-85fa-4d81-a546-8c7fa96ce586}\MpKslc6d22bcd.sys [?]

S1 MpKsle1b24590;MpKsle1b24590;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e1ed8d8e-8ef7-4561-a9eb-06302ecc26ac}\mpksle1b24590.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e1ed8d8e-8ef7-4561-a9eb-06302ecc26ac}\MpKsle1b24590.sys [?]

S1 MpKslf8bc5d4a;MpKslf8bc5d4a;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2a98144e-1f03-46de-96ad-6a2dd8e14b59}\mpkslf8bc5d4a.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2a98144e-1f03-46de-96ad-6a2dd8e14b59}\MpKslf8bc5d4a.sys [?]

S1 vmdebug;VMware Replay Debugging Helper;c:\windows\system32\drivers\vmdebug.sys [2008-9-10 19504]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-3 135664]

S2 NetBackup SAN Client Fibre Transport Service;NetBackup SAN Client Fibre Transport Service;c:\progra~1\veritas\netbac~1\bin\nbftclnt.exe [2009-5-1 804184]

S2 QuickBooksDB18;QuickBooksDB18;c:\progra~1\intuit\quickb~1\qbdbmgrn.exe -hvquickbooksdb18 --> c:\progra~1\intuit\quickb~1\QBDBMgrN.exe -hvQuickBooksDB18 [?]

S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-5-21 30192]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-3 135664]

.

=============== Created Last 30 ================

.

2011-08-06 02:25:01 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{21518747-4c55-48be-aa27-babf8ca1aaae}\MpKsle4983c18.sys

2011-08-06 02:24:22 6881616 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{21518747-4c55-48be-aa27-babf8ca1aaae}\mpengine.dll

2011-08-06 01:04:58 -------- d-sha-r- C:\cmdcons

2011-08-06 01:01:23 98816 ----a-w- c:\windows\sed.exe

2011-08-06 01:01:23 518144 ----a-w- c:\windows\SWREG.exe

2011-08-06 01:01:23 256000 ----a-w- c:\windows\PEV.exe

2011-08-06 01:01:23 208896 ----a-w- c:\windows\MBR.exe

2011-07-30 07:05:49 -------- d-----w- c:\program files\ESET

2011-07-14 18:06:02 -------- d-----w- c:\program files\Webroot

2011-07-14 14:53:18 388096 ----a-r- c:\documents and settings\ester\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

2011-07-14 14:53:02 -------- d-----w- c:\program files\Trend Micro

.

==================== Find3M ====================

.

2011-07-07 02:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-07 02:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-24 04:07:25 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-06-12 02:51:30 74 --sh--r- c:\windows\FFSSET.BIN

2011-06-02 14:02:05 1858944 ------w- c:\windows\system32\win32k.sys

.

============= FINISH: 19:37:54.66 ===============

Thanks again, I look forward to your reply!

attach.zip

Link to post
Share on other sites

  • Staff

Hi,

Please delete your copy of ComboFix, download the latest version from here, and save it to your Desktop. Do not run it yet.

Next, please open Notepad - don't use any other text editor than notepad or the script will fail.

Copy/paste the text in the box below into Notepad:

DDS::
uInternet Settings,ProxyServer = 192.168.0.4:8080

Save this as CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new DDS log.

-screen317

Link to post
Share on other sites

It did not reboot. Here are the logs:

Combofix.txt

ComboFix 11-08-08.03 - ester 08/09/2011 0:13.3.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.488 [GMT -7:00]

Running from: c:\documents and settings\ester\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\ester\Desktop\CFScript.txt

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

.

((((((((((((((((((((((((( Files Created from 2011-07-09 to 2011-08-09 )))))))))))))))))))))))))))))))

.

.

2011-08-09 02:35 . 2011-08-09 02:35 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6E4F3834-E71A-4221-B153-2C93DD00C02F}\MpKsld1f442ed.sys

2011-08-09 02:32 . 2011-07-13 03:39 6881616 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6E4F3834-E71A-4221-B153-2C93DD00C02F}\mpengine.dll

2011-07-30 07:05 . 2011-07-30 07:05 -------- d-----w- c:\program files\ESET

2011-07-22 03:21 . 2011-07-22 03:21 -------- d-----w- c:\documents and settings\QBDataServiceUser18

2011-07-14 18:06 . 2011-07-14 18:06 -------- d-----w- c:\program files\Webroot

2011-07-14 14:53 . 2011-07-14 14:53 388096 ----a-r- c:\documents and settings\ester\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-07-14 14:53 . 2011-07-14 14:53 -------- d-----w- c:\program files\Trend Micro

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-07-13 03:39 . 2009-06-25 18:34 6881616 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-07-07 02:52 . 2010-02-14 18:25 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-07 02:52 . 2010-02-14 18:25 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-24 04:07 . 2011-05-20 18:15 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-06-02 14:02 . 2003-07-16 16:45 1858944 ------w- c:\windows\system32\win32k.sys

2011-06-21 21:53 . 2011-05-20 16:01 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2011-08-06_02.16.14 )))))))))))))))))))))))))))))))))))))))))

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\documents and settings\ester\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\documents and settings\ester\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\documents and settings\ester\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\documents and settings\ester\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-20 68856]

"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"VMware Tools"="c:\program files\VMware\VMware Tools\VMwareTray.exe" [2008-09-11 428592]

"VMware User Process"="c:\program files\VMware\VMware Tools\VMwareUser.exe" [2008-09-11 862768]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-21 30192]

"AmazonGSDownloaderTray"="c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe" [2009-10-23 326144]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-07 449584]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

.

c:\documents and settings\ester\Start Menu\Programs\Startup\

Dropbox.lnk - c:\documents and settings\ester\Application Data\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2008-2-27 972064]

Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TPSvc]

2008-09-11 00:52 423208 ------r- c:\windows\system32\TPSvc.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\CalgooConnect\\CalgooConnect.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

.

R0 vmscsi;vmscsi;c:\windows\system32\drivers\vmscsi.sys [1/10/2009 1:29 AM 17968]

R0 VSP;Veritas Snapshot Provider;c:\windows\system32\drivers\VSP.SYS [5/4/2006 4:16 PM 51896]

R1 MpKsld1f442ed;MpKsld1f442ed;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6E4F3834-E71A-4221-B153-2C93DD00C02F}\MpKsld1f442ed.sys [8/8/2011 7:35 PM 28752]

R1 vmhgfs;vmhgfs;c:\windows\system32\drivers\vmhgfs.sys [1/10/2009 1:29 AM 118576]

R2 Amazon Download Agent;Amazon Download Agent;c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [8/26/2010 8:35 PM 401920]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2/14/2010 11:25 AM 366640]

R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Nitro PDF\Professional\NitroPDFDriverService.exe [10/5/2009 10:08 AM 188736]

R2 Seagate-Replica-Service;Seagate-Replica-Service;c:\program files\Seagate Replica\bin\Seagate-Replica-Service.exe [3/10/2010 11:39 PM 1814016]

R2 Seagate-Replica-SysMon;Seagate-Replica-SysMon;c:\program files\Seagate Replica\bin\Seagate-Replica-SysMon.exe [3/10/2010 11:39 PM 162256]

R2 VMMEMCTL;Memory Control Driver;c:\program files\VMware\VMware Tools\Drivers\memctl\vmmemctl.sys [9/10/2008 5:53 PM 14384]

R2 VMTools;VMware Tools Service;c:\program files\VMware\VMware Tools\VMwareService.exe [9/10/2008 5:54 PM 539184]

R2 VMware Physical Disk Helper Service;VMware Physical Disk Helper Service;c:\program files\VMware\VMware Tools\vmacthlp.exe [9/10/2008 5:53 PM 358960]

R2 XobniService;XobniService;c:\program files\Xobni\XobniService.exe [11/20/2009 10:13 AM 55016]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2/14/2010 11:25 AM 22712]

R3 TPAutoConnSvc;TP AutoConnect Service;c:\program files\VMware\VMware Tools\TPAutoConnSvc.exe [9/10/2008 5:52 PM 238832]

R3 vmci;VMware VMCI Bus Driver;c:\windows\system32\drivers\vmci.sys [1/10/2009 1:29 AM 53424]

R3 vmmouse;VMware Pointing Device;c:\windows\system32\drivers\vmmouse.sys [1/10/2009 1:29 AM 11696]

R3 vmx_svga;vmx_svga;c:\windows\system32\drivers\vmx_svga.sys [1/10/2009 1:29 AM 63920]

R3 vmxnet;VMware Ethernet Adapter Driver;c:\windows\system32\drivers\vmxnet.sys [1/10/2009 1:29 AM 36400]

S1 MpKsl0d79e836;MpKsl0d79e836;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F05D555A-3232-41B9-A7E6-C7B79C3D03FC}\MpKsl0d79e836.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F05D555A-3232-41B9-A7E6-C7B79C3D03FC}\MpKsl0d79e836.sys [?]

S1 MpKsl10ac8e75;MpKsl10ac8e75;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{24D53BCA-18A9-4852-80DF-AE6B1E83B5FA}\MpKsl10ac8e75.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{24D53BCA-18A9-4852-80DF-AE6B1E83B5FA}\MpKsl10ac8e75.sys [?]

S1 MpKsl2fe9f741;MpKsl2fe9f741;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B80AD19F-1F48-4FA9-B021-A2F2095A899B}\MpKsl2fe9f741.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B80AD19F-1F48-4FA9-B021-A2F2095A899B}\MpKsl2fe9f741.sys [?]

S1 MpKslc6d22bcd;MpKslc6d22bcd;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{358D38EE-85FA-4D81-A546-8C7FA96CE586}\MpKslc6d22bcd.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{358D38EE-85FA-4D81-A546-8C7FA96CE586}\MpKslc6d22bcd.sys [?]

S1 MpKsle1b24590;MpKsle1b24590;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E1ED8D8E-8EF7-4561-A9EB-06302ECC26AC}\MpKsle1b24590.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E1ED8D8E-8EF7-4561-A9EB-06302ECC26AC}\MpKsle1b24590.sys [?]

S1 MpKslf8bc5d4a;MpKslf8bc5d4a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2A98144E-1F03-46DE-96AD-6A2DD8E14B59}\MpKslf8bc5d4a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2A98144E-1F03-46DE-96AD-6A2DD8E14B59}\MpKslf8bc5d4a.sys [?]

S1 vmdebug;VMware Replay Debugging Helper;c:\windows\system32\drivers\vmdebug.sys [9/10/2008 5:54 PM 19504]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/3/2010 10:43 PM 135664]

S2 NetBackup SAN Client Fibre Transport Service;NetBackup SAN Client Fibre Transport Service;c:\progra~1\Veritas\NETBAC~1\bin\nbftclnt.exe [5/1/2009 5:10 AM 804184]

S2 QuickBooksDB18;QuickBooksDB18;c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB18 --> c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB18 [?]

S2 VRTSpbx;Symantec Private Branch Exchange;c:\windows\system32\cmd.exe [7/16/2003 9:19 AM 389120]

S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [5/21/2009 10:46 PM 30192]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/3/2010 10:43 PM 135664]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - MPKSLBD39D90E

*NewlyCreated* - MPKSLD1F442ED

*NewlyCreated* - MPKSLE4983C18

*Deregistered* - MpKslbd39d90e

*Deregistered* - MpKsle4983c18

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

HPService REG_MULTI_SZ HPSLPSVC

hpdevmgmt REG_MULTI_SZ hpqcxs08

.

Contents of the 'Scheduled Tasks' folder

.

2011-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 05:43]

.

2011-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 05:43]

.

2011-08-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1058685564-607745707-111032338-1013Core.job

- c:\documents and settings\ester\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-28 18:33]

.

2011-08-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1058685564-607745707-111032338-1013UA.job

- c:\documents and settings\ester\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-28 18:33]

.

2011-08-07 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 20:26]

.

2011-08-09 c:\windows\Tasks\User_Feed_Synchronization-{8AD08D0A-F078-4878-A192-399B31AF25A1}.job

- c:\windows\system32\msfeedssync.exe [2007-08-14 11:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.netvibes.com/

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html

LSP: c:\program files\VMware\VMware Tools\VSock SDK\bin\win32\vsocklib.dll

TCP: DhcpNameServer = 192.168.0.4 192.168.0.1

FF - ProfilePath - c:\documents and settings\ester\Application Data\Mozilla\Firefox\Profiles\213gklny.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.protopage.com/gorgeous

FF - prefs.js: network.proxy.http - 192.168.0.4

FF - prefs.js: network.proxy.http_port - 8080

FF - prefs.js: network.proxy.type - 1

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-08-09 00:28

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Seagate-Replica-Service]

"ImagePath"="c:\program files\Seagate Replica\bin\Seagate-Replica-Service.exe /startedbyscm:FE2355B7-40E2EE35-RebitSvcModule"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(688)

c:\windows\System32\vmhgfs.dll

.

- - - - - - - > 'lsass.exe'(744)

c:\program files\Bonjour\mdnsNSP.dll

.

- - - - - - - > 'explorer.exe'(3792)

c:\windows\system32\WININET.dll

c:\documents and settings\ester\Application Data\Dropbox\bin\DropboxExt.14.dll

c:\windows\system32\addressbar.dll

c:\windows\System32\vmhgfs.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll

c:\progra~1\SEAGAT~1\bin\SEAGAT~3.DLL

c:\progra~1\SEAGAT~1\bin\cqt.dll

c:\progra~1\SEAGAT~1\bin\zlib1.dll

c:\windows\system32\wpdshext.dll

c:\windows\system32\PortableDeviceApi.dll

c:\windows\system32\Audiodev.dll

c:\windows\system32\WMVCore.DLL

c:\windows\system32\WMASF.DLL

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

.

Completion time: 2011-08-09 00:32:32

ComboFix-quarantined-files.txt 2011-08-09 07:32

ComboFix2.txt 2011-08-06 02:21

.

Pre-Run: 4,640,124,928 bytes free

Post-Run: 4,694,011,904 bytes free

.

- - End Of File - - 056DDA376B12C0237D155C54B914D8B2

DDS.txt

.

DDS (Ver_2011-06-23.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by ester at 0:38:28 on 2011-08-09

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.501 [GMT -7:00]

.

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

.

============== Running Processes ===============

.

C:\Program Files\VMware\VMware Tools\vmacthlp.exe

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe

C:\WINDOWS\system32\ASTSRV.EXE

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\svchost.exe -k HPService

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\PROGRA~1\Veritas\NETBAC~1\bin\bpinetd.exe

C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\Program Files\VMware\VMware Tools\VMwareService.exe

C:\PROGRA~1\Veritas\NETBAC~1\bin\BPJAVA-msvc.EXE

C:\Program Files\VERITAS\VxPBX\bin\pbx_exchange.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\Xobni\XobniService.exe

C:\Program Files\VMware\VMware Tools\TPAutoConnSvc.exe

C:\Program Files\VMware\VMware Tools\TPAutoConnect.exe

C:\Program Files\VMware\VMware Tools\VMwareTray.exe

C:\Program Files\VMware\VMware Tools\VMwareUser.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\PROGRA~1\Discover\SOAN\DISCOV~1.EXE

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\WINDOWS\system32\OBroker.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Pidgin\pidgin.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Seagate Replica\bin\Seagate-Replica-SysMon.exe

C:\Program Files\Seagate Replica\bin\Seagate-Replica-AutoPlay.exe

C:\Program Files\Seagate Replica\bin\Seagate-Replica-Service.exe

C:\Program Files\Seagate Replica\bin\Seagate-Replica-Tray.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.netvibes.com/

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Secure Online Account Numbers Helper: {435eaa86-d32b-484f-869c-53745fcb1642} - c:\program files\discover\soan\DiscoverSOANHelper.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll

TB: Secure Online Account Numbers: {a8c7c2ca-6dfd-4e16-8458-592361564d38} - c:\program files\discover\soan\DiscoverSOANToolbar.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler

mRun: [VMware Tools] "c:\program files\vmware\vmware tools\VMwareTray.exe"

mRun: [VMware User Process] "c:\program files\vmware\vmware tools\VMwareUser.exe"

mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup

mRun: [AmazonGSDownloaderTray] "c:\program files\amazon\amazon games & software downloader\AmazonGSDownloaderTray.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [secure Online Account Numbers] "c:\progra~1\discover\soan\DISCOV~1.EXE" /dontopenmycards

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

StartupFolder: c:\docume~1\ester\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\ester\application data\dropbox\bin\Dropbox.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files\bonjour\ExplorerPlugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

LSP: c:\program files\vmware\vmware tools\vsock sdk\bin\win32\vsocklib.dll

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - hxxp://picasaweb.google.com/s/v/55.16/uploader2.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1231576270321

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

TCP: DhcpNameServer = 192.168.0.4 192.168.0.1

TCP: Interfaces\{1B33972D-F512-42E6-B7D4-ECA75C5EDE48} : DhcpNameServer = 192.168.0.4 192.168.0.1

Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll

Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll

Notify: TPSvc - TPSvc.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\ester\application data\mozilla\firefox\profiles\213gklny.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.protopage.com/gorgeous

FF - prefs.js: network.proxy.http - 192.168.0.4

FF - prefs.js: network.proxy.http_port - 8080

FF - prefs.js: network.proxy.type - 1

FF - plugin: c:\documents and settings\ester\local settings\application data\google\update\1.3.21.65\npGoogleUpdate3.dll

FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll

FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll

.

============= SERVICES / DRIVERS ===============

.

R0 vmscsi;vmscsi;c:\windows\system32\drivers\vmscsi.sys [2009-1-10 17968]

R0 VSP;Veritas Snapshot Provider;c:\windows\system32\drivers\VSP.SYS [2006-5-4 51896]

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]

R1 MpKsld1f442ed;MpKsld1f442ed;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6e4f3834-e71a-4221-b153-2c93dd00c02f}\MpKsld1f442ed.sys [2011-8-8 28752]

R1 vmhgfs;vmhgfs;c:\windows\system32\drivers\vmhgfs.sys [2009-1-10 118576]

R2 Amazon Download Agent;Amazon Download Agent;c:\program files\amazon\amazon games & software downloader\AmazonGSDownloaderService.exe [2010-8-26 401920]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-2-14 366640]

R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\nitro pdf\professional\NitroPDFDriverService.exe [2009-10-5 188736]

R2 Seagate-Replica-Service;Seagate-Replica-Service;c:\program files\seagate replica\bin\Seagate-Replica-Service.exe [2010-3-10 1814016]

R2 Seagate-Replica-SysMon;Seagate-Replica-SysMon;c:\program files\seagate replica\bin\Seagate-Replica-SysMon.exe [2010-3-10 162256]

R2 VMMEMCTL;Memory Control Driver;c:\program files\vmware\vmware tools\drivers\memctl\vmmemctl.sys [2008-9-10 14384]

R2 VMTools;VMware Tools Service;c:\program files\vmware\vmware tools\VMwareService.exe [2008-9-10 539184]

R2 VMware Physical Disk Helper Service;VMware Physical Disk Helper Service;c:\program files\vmware\vmware tools\vmacthlp.exe [2008-9-10 358960]

R2 XobniService;XobniService;c:\program files\xobni\XobniService.exe [2009-11-20 55016]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-2-14 22712]

R3 TPAutoConnSvc;TP AutoConnect Service;c:\program files\vmware\vmware tools\TPAutoConnSvc.exe [2008-9-10 238832]

R3 vmci;VMware VMCI Bus Driver;c:\windows\system32\drivers\vmci.sys [2009-1-10 53424]

R3 vmmouse;VMware Pointing Device;c:\windows\system32\drivers\vmmouse.sys [2009-1-10 11696]

R3 vmx_svga;vmx_svga;c:\windows\system32\drivers\vmx_svga.sys [2009-1-10 63920]

R3 vmxnet;VMware Ethernet Adapter Driver;c:\windows\system32\drivers\vmxnet.sys [2009-1-10 36400]

S1 MpKsl0d79e836;MpKsl0d79e836;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f05d555a-3232-41b9-a7e6-c7b79c3d03fc}\mpksl0d79e836.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f05d555a-3232-41b9-a7e6-c7b79c3d03fc}\MpKsl0d79e836.sys [?]

S1 MpKsl10ac8e75;MpKsl10ac8e75;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{24d53bca-18a9-4852-80df-ae6b1e83b5fa}\mpksl10ac8e75.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{24d53bca-18a9-4852-80df-ae6b1e83b5fa}\MpKsl10ac8e75.sys [?]

S1 MpKsl2fe9f741;MpKsl2fe9f741;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b80ad19f-1f48-4fa9-b021-a2f2095a899b}\mpksl2fe9f741.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b80ad19f-1f48-4fa9-b021-a2f2095a899b}\MpKsl2fe9f741.sys [?]

S1 MpKslc6d22bcd;MpKslc6d22bcd;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{358d38ee-85fa-4d81-a546-8c7fa96ce586}\mpkslc6d22bcd.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{358d38ee-85fa-4d81-a546-8c7fa96ce586}\MpKslc6d22bcd.sys [?]

S1 MpKsle1b24590;MpKsle1b24590;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e1ed8d8e-8ef7-4561-a9eb-06302ecc26ac}\mpksle1b24590.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e1ed8d8e-8ef7-4561-a9eb-06302ecc26ac}\MpKsle1b24590.sys [?]

S1 MpKslf8bc5d4a;MpKslf8bc5d4a;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2a98144e-1f03-46de-96ad-6a2dd8e14b59}\mpkslf8bc5d4a.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2a98144e-1f03-46de-96ad-6a2dd8e14b59}\MpKslf8bc5d4a.sys [?]

S1 vmdebug;VMware Replay Debugging Helper;c:\windows\system32\drivers\vmdebug.sys [2008-9-10 19504]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-3 135664]

S2 NetBackup SAN Client Fibre Transport Service;NetBackup SAN Client Fibre Transport Service;c:\progra~1\veritas\netbac~1\bin\nbftclnt.exe [2009-5-1 804184]

S2 QuickBooksDB18;QuickBooksDB18;c:\progra~1\intuit\quickb~1\qbdbmgrn.exe -hvquickbooksdb18 --> c:\progra~1\intuit\quickb~1\QBDBMgrN.exe -hvQuickBooksDB18 [?]

S2 VRTSpbx;Symantec Private Branch Exchange;c:\windows\system32\cmd.exe [2003-7-16 389120]

S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-5-21 30192]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-3 135664]

.

=============== Created Last 30 ================

.

2011-08-09 02:35:45 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6e4f3834-e71a-4221-b153-2c93dd00c02f}\MpKsld1f442ed.sys

2011-08-09 02:32:01 6881616 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6e4f3834-e71a-4221-b153-2c93dd00c02f}\mpengine.dll

2011-08-06 01:04:58 -------- d-sha-r- C:\cmdcons

2011-08-06 01:01:23 98816 ----a-w- c:\windows\sed.exe

2011-08-06 01:01:23 518144 ----a-w- c:\windows\SWREG.exe

2011-08-06 01:01:23 256000 ----a-w- c:\windows\PEV.exe

2011-08-06 01:01:23 208896 ----a-w- c:\windows\MBR.exe

2011-07-30 07:05:49 -------- d-----w- c:\program files\ESET

2011-07-14 18:06:02 -------- d-----w- c:\program files\Webroot

2011-07-14 14:53:18 388096 ----a-r- c:\documents and settings\ester\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

2011-07-14 14:53:02 -------- d-----w- c:\program files\Trend Micro

.

==================== Find3M ====================

.

2011-07-07 02:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-07 02:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-24 04:07:25 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-06-12 02:51:30 74 --sh--r- c:\windows\FFSSET.BIN

2011-06-02 14:02:05 1858944 ------w- c:\windows\system32\win32k.sys

.

============= FINISH: 0:39:23.45 ===============

What do you think I have? Am I/Was I infected?

Any info is appreciated, I do thank you for helping me out!!

attach.zip

Link to post
Share on other sites

  • Staff

Looks like there was a malicious proxy set but we removed it.

Let's check for any leftovers.

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

Do you have any idea how long the malicious proxy would have been there or how it got in? I've always had MS Security Essentials and MBAM Pro so I wonder how this thing got through...

Here's the ESET log:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6528

# api_version=3.0.2

# EOSSerial=e2a7508a0a66d840ad3527f44fc5151e

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-07-30 10:46:49

# local_time=2011-07-30 03:46:49 (-0800, Pacific Daylight Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 433418 433418 0 0

# compatibility_mode=5891 16776869 42 87 0 23104262 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=116586

# found=0

# cleaned=0

# scan_time=12610

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6528

# api_version=3.0.2

# EOSSerial=e2a7508a0a66d840ad3527f44fc5151e

# end=stopped

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-08-10 10:16:43

# local_time=2011-08-10 03:16:43 (-0800, Pacific Daylight Time)

# country="United States"

# lang=9

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 1436842 1436842 0 0

# compatibility_mode=5891 16776869 42 87 0 24107686 0 0

# compatibility_mode=8192 67108863 100 0 82475 82475 0 0

# scanned=1579

# found=0

# cleaned=0

# scan_time=984

esets_scanner_update returned -1 esets_gle=53251

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6528

# api_version=3.0.2

# EOSSerial=e2a7508a0a66d840ad3527f44fc5151e

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-08-11 03:17:00

# local_time=2011-08-10 08:17:00 (-0800, Pacific Daylight Time)

# country="United States"

# lang=9

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 1437967 1437967 0 0

# compatibility_mode=5891 16776869 42 87 0 24108811 0 0

# compatibility_mode=8192 67108863 100 0 83600 83600 0 0

# scanned=115413

# found=0

# cleaned=0

# scan_time=17874

Here's the log of the security check: (I had disabled bot MS Security Essentials and MBAM prior to running this program)

Results of screen317's Security Check version 0.99.18

Windows XP Service Pack 3

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!

Windows Firewall Disabled!

ESET Online Scanner v3

Microsoft Security Essentials

Antivirus up to date! (On Access scanning disabled!)

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

Adobe Flash Player 10.3.181.26

Mozilla Firefox (x86 en-US..)

````````````````````````````````

Process Check:

objlist.exe by Laurent

Windows Defender MSMpEng.exe

Malwarebytes' Anti-Malware mbamservice.exe

Malwarebytes' Anti-Malware mbamgui.exe

Microsoft Security Essentials msseces.exe

Microsoft Security Client Antimalware MsMpEng.exe

``````````End of Log````````````

Actually the notification of that 208.87.32.75 being blocked successfully by MBAM Pro, stopped after we ran Combofix the first time around but I wanted to run through the whole process and follow your instructions. Is my PC cured? Any ideas on how to avoid getting reinfected? If I remember correctly Combofix identified 2 items (GroupMail and Pro50) as being in quarantine or needing to be. These are actually 2 programs I use, PRO50 is an accounting program by a company called SBT and GroupMail is a program I purchased years ago from a reputable company called Infacta and which allows me to send emails to my customers. Is there any way to avoid having these 2 items deleted or disabled? They are not malicious.

Thanks again for all your help!!

Link to post
Share on other sites

  • Staff

Not sure how it got there.

Could've been something that was present before you installed Microsoft Security Essentials and MBAM PRO. If you think about it though, you were being protected since MBAM was blocking all of its attempts to do anything.

With Microsoft Security Essentials and MBAM PRO, you should be in good shape. :)

I don't see anything related to those programs that ComboFix deleted based on the ComboFix logs you posted. Can you reinstall those programs?

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program (if present):

ESET Online Scanner v3

Restart your computer.

Let me know what issues remain.

-screen317

Link to post
Share on other sites

Thanks for your reply, before I remove Combofix, I'd like to say I don't have a way to reinstall the accounting program and the email program is quite old and has been updated to the point where now they want you to pay a yearly subscription so I'd rather stick tot he old version which still works for me...

The files I was referring to seem to be in C:\Qoobox\Quarantine\Registry_backups there are some files called: AddRemove-Group Mail.reg.dat also AddRemove-Pro50.reg.dat not sure if once Combofix is removed it will affect the functionality of my programs...

The ComboFix-quarantined-files.txt reads:

2011-08-09 07:13:29 . 2011-08-09 07:13:29 0 ----a-w- C:\Qoobox\Quarantine\catchme.txt

2011-08-06 02:20:16 . 2011-08-06 02:20:16 434 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-PRO50.reg.dat

2011-08-06 02:20:16 . 2011-08-06 02:20:16 704 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Group Mail.reg.dat

2011-08-06 02:19:37 . 2011-08-06 02:19:37 80 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-Ulead AutoDetector v2.reg.dat

2011-08-06 02:19:36 . 2011-08-06 02:19:36 80 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-WinUtilities Quick Launcher.reg.dat

2011-08-06 02:05:10 . 2011-08-09 07:23:48 7,155 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg

2011-08-06 01:01:07 . 2011-08-09 07:08:29 153 ----a-w- C:\Qoobox\Quarantine\catchme.log

2009-10-17 04:53:32 . 2002-07-27 00:02:06 153,088 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\UNWISE.EXE.vir

2007-11-07 15:03:18 . 2007-11-07 15:03:18 562,688 ----a-w- C:\Qoobox\Quarantine\C\install.exe.vir

Don't know if this means anything to you... Please let me know and I'll gladly follow your instructions! :-)

Link to post
Share on other sites

The files read:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\Group Mail]

"DisplayName"="Group Mail"

"UninstallString"="C:\\WINDOWS\\UNWISE.EXE C:\\WINDOWS\\ungm31pl.log"

"RegCompany"=""

"RegOwner"="My Name replaced with this string for privacy reasons"

"Publisher"="infacta Ltd."

"URLInfoAbout"="http://www.infacta.com/support.asp"

and

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\PRO50]

"UninstallString"="C:\\WINDOWS\\IsUninst.exe -ff:\\pro25\\Uninst.isu"

"DisplayName"="PRO50"

I definitely would not want to uninstall the accounting program or the mail program if possible.

I did replace my name on the first file as I do not feel comfortable broadcasting my info, but will be glad to message you the info if needed. Thank you very much for your help.

Link to post
Share on other sites

Sorry for the delay: I did merge those files with the registry as you said. Should I now go back to this sequence you posted before?

"Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program (if present):

ESET Online Scanner v3

Restart your computer."

Please let me know, I'll follow your instructions once I know what to do.

Thank you again!!

Link to post
Share on other sites

  • 4 weeks later...
  • 2 weeks later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.