Jump to content

Searches redirected AND auto-launch of IE


Recommended Posts

I got Windows XP Fix virus cleaned up using manual commands and MBAM. However, I screwed up and need help.

One forum I read when I started the cleanup instructed me to go to folder All Users/Application Programs and rename any folders with a series of numbers or letters (as these were virus folders.) Well, I realized AFTER I did this, that the instructions stated to do this ONLY for .exe files. I renamed about 8 other folders and files and now I have this problem:

My Start/All Programs list is all wrong. The few programs that are listed show EMPTY folders. I'm sure this is because I changed the folder names and there are either shortcut problems or the user reference is going nowhere. For example, MS Office under All Programs shows EMPTY (where it once showed options for Excel/Access/Word/etc.)

Anyone have suggestions how I can get the folders I changed back to their original file name or have this problem solved?

I did a system restore (no help really.)

If this helps, I cannot find most applications via search. But if I right click on a desktop file, I can see most programs (Firefox, Word, etc) as an option to open the file and then the application launches. So the applications are working fine, I just can't see them in their folders or get my user profile to appear as it should.

Thanks.

Yesterday, I used instructions (including MBAM)to rid the Windox XP Fix virus off my computer.

Two new problems (virus?) now are constant.

Any browser searches I do (I usually use Firefox)show good results but when clicking on any search result link, I get redirected repeatedly to some random site. The site is usually another site of random search results or tech-related mumbo jumbo. If I go back to search results and retry 5 or 6 times, I might eventually get to the correct webpage. I believe the redirect is also happening when I'm on any website and click on a link embedded on that site (I haven't used the web much since virus fix so I'm not 100% sure this redirect is happening.)

Is there a fix to this?

Also, Internet Explorer (which I normally never use) keeps opening automatically and going to the same website (tmz.com which I also never visit). I cannot find a way to shut this process down. If I close IE, it relaunches to same website in about 5 minutes. Can you help?

Thanks.

Here is MBAM log:

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

Database version: 7060

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18372

7/10/2011 6:53:33 PM

mbam-log-2011-07-10 (18-53-33).txt

Scan type: Quick scan

Objects scanned: 203641

Time elapsed: 12 minute(s), 4 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

If anyone can assist me, I am anxious for some help. I am trying to be patient as I know volunteers are busy.

Just want to make sure my post doesn't get lost after a couple days.

Thanks.

Link to post
Share on other sites

post-32477-1261866970.gif

Logs will be closed if you haven't replied within 3 days

Please don't attach the scans / logs for these tools, use "copy/paste".

What Windows version are you running?

Have you tried System Restore?

I am running Windows XP.

Yes, I tried System Restore and that's when everything got a little crazy. But it also kept asking for some original CD system disks that I don't believe I have anymore.

Link to post
Share on other sites

Download unhide.exe & save it to your windows folder:

Right click on unhide.exe and select Run as administrator (In case you have Vista or Win7)

Reboot

This will unhide folders/files that were set to be hidden by the infection you had.

Let me know if that unhide the programs other than the ones you renamed.

Link to post
Share on other sites

OK. A little progress. Yea!

Some folders were unhidden but not many. Also a few applications started to appear on my Start popup (since the windows xp fix, the list has remained empty).

However, I think way too many folders still appear empty even considering the fact that I did manually rename some folders that might have screwed things up.

But definitely better than before. Before this unhide.exe, when I clicked on c: it would be empty (no folders or apps). The only way I could even find the windows folder to put the unhide.exe into was to do a search.

OK, ready for next steps.

Link to post
Share on other sites

Try this:

Right-click on START

Select - Properties

Select Start Menu(tab)

be sure there is a dot mark in Start Menu

Press - Customize

ON the General(tab) about 6 items for programs on Start menu should be selected

Make a selection for

Internet

E-mail

Press Advanced(tab)

Make the selections that fit your preference

Recommendation: In Customized - Advance(tab) recommend to select to Show Run Command in Start Menu Items

Link to post
Share on other sites

OK. Did all that. I'm not sure that did much as everything you suggested seemed to be already checked or working. There are a couple more applications showing in Start Menu so maybe it did trigger a little.

FYI...that pesky Windows Fix XP shows up as an app in my Start Menu. I thought I was already past the point of having it deleted and we were working on the problems it caused elsewhere. But maybe I'm wrong. Just thought I would mention that it case its presence on the list indicates a problem we haven't yet addressed.

Thanks and keep helping me along if you can.

Link to post
Share on other sites

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  • Double click on ComboFix.exe & follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
    Note: If you have XP SP3, use the XP SP2 package.
    If Vista or Windows 7, skip the Recovery Console part
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

Completed Combo Fix.

FYI...it took a LONG time and deleted a significant number of files it seems.

Not sure what to report to you. The Start Menu program folders are still mostly EMPTY. No major feedback on how the computer is running. I wanted to get this reply sent to you but certainly the computer is better.

The redirect browser problem (virus) still exists. I get sent to crazy pages instead the actual link found in google searches. Not sure if the IE browser pops up randomly but will give you feedback on that in next replies.

Here is Combo Fix log:

ComboFix 11-07-15.01 - OD Customer 07/15/2011 13:20:30.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1348 [GMT -4:00]

Running from: c:\documents and settings\OD Customer\Desktop\ComboFix.exe

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Administrator\WINDOWS

c:\documents and settings\Administrator\WINDOWS\unhide(1).exe

c:\documents and settings\All Users\Application Data\124.exe

c:\documents and settings\Default User\WINDOWS

c:\documents and settings\Guest\WINDOWS

c:\documents and settings\Guest\WINDOWS\unhide(1).exe

c:\documents and settings\OD Customer\g2mdlhlpx.exe

c:\documents and settings\OD Customer\Local Settings\Application Data\{94F2AF82-752C-4328-8CDB-3D953C98FBE4}

c:\documents and settings\OD Customer\Local Settings\Application Data\{94F2AF82-752C-4328-8CDB-3D953C98FBE4}\chrome.manifest

c:\documents and settings\OD Customer\Local Settings\Application Data\{94F2AF82-752C-4328-8CDB-3D953C98FBE4}\chrome\content\_cfg.js

c:\documents and settings\OD Customer\Local Settings\Application Data\{94F2AF82-752C-4328-8CDB-3D953C98FBE4}\chrome\content\overlay.xul

c:\documents and settings\OD Customer\Local Settings\Application Data\{94F2AF82-752C-4328-8CDB-3D953C98FBE4}\install.rdf

c:\documents and settings\OD Customer\Start Menu\Programs\Windows XP Fix

c:\documents and settings\OD Customer\Start Menu\Programs\Windows XP Fix\Uninstall Windows XP Fix.lnk

c:\documents and settings\OD Customer\Start Menu\Programs\Windows XP Fix\Windows XP Fix.lnk

c:\documents and settings\OD Customer\WINDOWS

c:\documents and settings\OD Customer\WINDOWS\unhide(1).exe

c:\windows\esaniyan.dll

c:\windows\sretpu.exe

c:\windows\system32\_packet.dlluninstall

c:\windows\system32\config\systemprofile\WINDOWS

c:\windows\system32\scvideo.dll

c:\windows\system32\Thumbs.db

c:\windows\TEMP\logishrd\LVPrcInj01.dll

.

.

((((((((((((((((((((((((( Files Created from 2011-06-15 to 2011-07-15 )))))))))))))))))))))))))))))))

.

.

2011-07-15 17:01 . 2011-07-15 17:04 -------- d-----w- C:\32788R22FWJFW

2011-07-14 19:06 . 2011-07-14 19:06 -------- d-----w- c:\program files\MSECache

2011-07-14 01:17 . 2011-07-14 01:17 684297 ----a-w- c:\windows\unhide(1).exe

2011-07-10 10:10 . 2004-08-10 12:00 7168 -c--a-w- c:\windows\system32\dllcache\wamregps.dll

2011-07-10 10:10 . 2001-08-17 18:56 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll

2011-07-10 10:10 . 2004-08-10 12:00 7680 -c--a-w- c:\windows\system32\dllcache\inetmgr.exe

2011-07-10 10:10 . 2004-08-10 12:00 19968 -c--a-w- c:\windows\system32\dllcache\inetsloc.dll

2011-07-10 10:10 . 2004-08-10 12:00 169984 -c--a-w- c:\windows\system32\dllcache\iisui.dll

2011-07-10 10:10 . 2004-08-10 12:00 5632 -c--a-w- c:\windows\system32\dllcache\iisrstap.dll

2011-07-10 10:10 . 2004-08-10 12:00 14336 -c--a-w- c:\windows\system32\dllcache\iisreset.exe

2011-07-10 10:10 . 2004-08-10 12:00 6144 -c--a-w- c:\windows\system32\dllcache\ftpsapi2.dll

2011-07-10 09:54 . 2011-07-10 09:54 -------- d-----w- c:\windows\system32\wbem\Repository

2011-07-09 08:55 . 2011-07-10 03:22 -------- d-----w- c:\program files\GridinSoft Trojan Killer

2011-07-09 07:47 . 2011-07-09 08:19 -------- d-----w- c:\documents and settings\OD Customer\Local Settings\Application Data\Jaksta_Technologies_Pty_L

2011-07-09 07:46 . 2011-07-09 07:46 -------- d-----w- c:\program files\Applian Technologies

2011-07-09 07:45 . 2011-07-09 07:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Applian

2011-07-06 21:43 . 2011-07-06 21:46 -------- d-----w- c:\program files\WMR14

2011-07-06 21:29 . 2011-07-08 09:32 -------- d-----w- c:\program files\WMCap 5

2011-07-06 21:18 . 2011-07-06 21:21 -------- d-----w- C:\flashrip

2011-07-06 21:07 . 2011-07-06 21:07 -------- d-----w- c:\program files\WinPcap

2011-07-06 21:07 . 2011-07-06 21:23 -------- d-----w- c:\program files\FlashRip-Basic

2011-07-01 23:07 . 2011-07-01 23:07 -------- d-----w- c:\documents and settings\OD Customer\Application Data\Sling Media

2011-07-01 23:07 . 2011-07-01 23:07 -------- d-----w- c:\program files\Sling Media

2011-06-23 08:01 . 2011-07-15 06:29 0 ----a-w- c:\windows\Jpolageya.bin

2011-06-22 21:54 . 2011-06-22 21:54 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll

2011-06-22 21:54 . 2011-06-22 21:54 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll

2011-06-19 06:47 . 2011-06-19 06:47 -------- d-----w- c:\program files\iPod

2011-06-19 06:47 . 2011-06-19 06:48 -------- d-----w- c:\program files\iTunes

2011-06-16 18:45 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-06-16 06:02 . 2011-05-20 02:15 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-06-02 14:02 . 2006-02-15 14:04 1858944 ----a-w- c:\windows\system32\win32k.sys

2011-05-29 13:11 . 2011-05-19 23:10 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-21 02:13 . 2011-05-21 02:14 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-05-21 02:13 . 2010-05-20 19:54 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-05-19 23:02 . 2011-05-19 23:02 0 ----a-w- c:\documents and settings\OD Customer\Local Settings\Application Data\BIT11.tmp

2011-05-10 12:06 . 2010-09-08 01:05 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys

2011-05-10 12:06 . 2010-09-08 01:05 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll

2011-05-02 15:31 . 2006-02-15 15:36 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-04-29 17:25 . 2006-02-15 14:03 151552 ----a-w- c:\windows\system32\schannel.dll

2011-04-29 16:19 . 2006-02-15 14:03 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-04-26 11:07 . 2006-02-15 14:04 293376 ----a-w- c:\windows\system32\winsrv.dll

2011-04-26 11:07 . 2006-02-15 14:02 33280 ----a-w- c:\windows\system32\csrsrv.dll

2011-04-21 13:37 . 2006-02-15 14:03 105472 ----a-w- c:\windows\system32\drivers\mup.sys

2011-06-22 21:54 . 2011-03-23 18:27 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-22 68856]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CFSServ.exe"="CFSServ.exe -NoClient" [X]

"TFncKy"="TFncKy.exe" [bU]

"TDispVol"="TDispVol.exe" [2005-03-11 73728]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1343488]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]

"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2005-12-22 30208]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]

"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 352256]

"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-12-16 82009]

"AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 88203]

"NDSTray.exe"="NDSTray.exe" [bU]

"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2005-11-30 73728]

"TPSMain"="TPSMain.exe" [2005-06-01 282624]

"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-27 122880]

"dla"="c:\windows\system32\dla\DLACTRLW.exe" [2005-10-06 122940]

"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552]

"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]

"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]

"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]

"HPHUPD05"="c:\program files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe" [2005-07-08 49152]

"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]

"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2003-12-05 49152]

"HPHmon05"="c:\windows\system32\hphmon05.exe" [2005-07-08 491520]

"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2005-07-08 176128]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"HostManager"="c:\program files\Common Files\AOL\1147563008\ee\AOLSoftware.exe" [2008-06-24 41824]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-4-19 291896]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]

2005-12-22 04:42 40448 ----a-w- c:\windows\system32\psqlpwd.dll

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\America Online 9.0\\waol.exe"=

"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=

"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=

"c:\\Program Files\\Common Files\\AOL\\1147563008\\EE\\aolsoftware.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Opera\\Opera.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\AOL 9.0\\waol.exe"=

"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=

"c:\\Program Files\\Common Files\\AOL\\1147563008\\EE\\AOLServiceHost.exe"=

"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=

"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"=

"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"=

"c:\\Program Files\\AOL 9.0a\\waol.exe"=

"c:\\Program Files\\AOL 9.0b\\waol.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

R2 FdRedir;FdRedir;c:\program files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [12/22/2005 12:55 AM 13568]

R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\Common Files\Protector Suite QL\Drivers\filedisk.sys [12/22/2005 12:55 AM 33024]

R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [4/19/2011 2:44 AM 993848]

R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [4/19/2011 2:44 AM 399416]

R2 smihlp;SMI helper driver;c:\program files\Protector Suite QL\smihlp.sys [12/22/2005 12:25 AM 3456]

R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 4:30 AM 15544]

S2 gupdate1c96a0feed95de1;Google Update Service (gupdate1c96a0feed95de1);c:\program files\Google\Update\GoogleUpdate.exe [12/29/2008 7:48 PM 133104]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12/29/2008 7:48 PM 133104]

S3 IO_Memory;IO_Memory;\??\c:\sysprep\Drivers\ioport.sys --> c:\sysprep\Drivers\ioport.sys [?]

S3 McComponentHostService;McAfee Security Scan Component Host Service;"c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe" --> c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [?]

S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [10/20/2009 2:19 PM 50704]

S3 SVRPEDRV;SVRPEDRV;\??\c:\sysprep\PEDrv.sys --> c:\sysprep\PEDrv.sys [?]

.

Contents of the 'Scheduled Tasks' folder

.

2011-02-16 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]

.

2011-07-15 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-04-29 08:18]

.

2011-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2008-12-29 17:05]

.

2011-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2008-12-29 17:05]

.

2011-07-14 c:\windows\Tasks\HP Usg Daily.job

- c:\program files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe [2010-04-06 04:55]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\documents and settings\OD Customer\Application Data\Mozilla\Firefox\Profiles\77bzkdwk.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=VUZTDF&PC=VUZE&q=

FF - prefs.js: browser.startup.homepage - www.google.com

FF - prefs.js: network.proxy.type - 0

FF - user.js: yahoo.homepage.dontask - true

.

- - - - ORPHANS REMOVED - - - -

.

HKCU-Run-Rmusesabe - c:\windows\aprvic.dll

HKLM-Run-PadTouch - c:\program files\TOSHIBA\Touch and Launch\PadExe.exe

HKLM-Run-Wrosuli - c:\windows\esaniyan.dll

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-07-15 14:03

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(900)

c:\windows\system32\psqlpwd.dll

c:\program files\Protector Suite QL\infra.dll

c:\program files\Protector Suite QL\homefus2.dll

c:\windows\system32\biologon.dll

c:\program files\Protector Suite QL\homepass.dll

c:\program files\Protector Suite QL\bio.dll

c:\program files\Protector Suite QL\remote.dll

c:\program files\Protector Suite QL\mysafe.dll

c:\program files\Protector Suite QL\crypto.dll

.

- - - - - - - > 'explorer.exe'(7104)

c:\windows\TEMP\logishrd\LVPrcInj01.dll

c:\windows\system32\TDispVol.dll

c:\windows\system32\ieframe.dll

c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll

c:\windows\system32\OneX.DLL

c:\windows\system32\eappprxy.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\program files\Common Files\aolshare\aolshcpy.dll

c:\program files\Protector Suite QL\mysafe.dll

c:\program files\Protector Suite QL\infra.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

c:\windows\system32\TPwrCfg.DLL

c:\windows\system32\TPwrReg.dll

c:\windows\system32\TPSTrace.DLL

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Intel\Wireless\Bin\EvtEng.exe

c:\program files\Intel\Wireless\Bin\S24EvMon.exe

c:\program files\Common Files\AOL\ACS\AOLAcsd.exe

c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe

c:\windows\system32\DVDRAMSV.exe

c:\windows\eHome\ehRecvr.exe

c:\windows\eHome\ehSched.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

c:\program files\Intel\Wireless\Bin\RegSrvc.exe

c:\program files\Smith Micro\StuffIt11\ArcNameService.exe

c:\toshiba\IVP\swupdate\swupdtmr.exe

c:\program files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\windows\ehome\mcrdsvc.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\windows\system32\dllhost.exe

c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\TDispVol.exe

c:\windows\AGRSMMSG.exe

c:\program files\TOSHIBA\ConfigFree\NDSTray.exe

c:\program files\Protector Suite QL\psqltray.exe

c:\windows\eHome\ehmsas.exe

c:\windows\system32\TPSBattM.exe

c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe

c:\windows\system32\HPZipm12.exe

c:\progra~1\Yahoo!\MESSEN~1\ymsgr_tray.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\Internet Explorer\IEXPLORE.EXE

c:\program files\Internet Explorer\IEXPLORE.EXE

.

**************************************************************************

.

Completion time: 2011-07-15 14:23:01 - machine was rebooted

ComboFix-quarantined-files.txt 2011-07-15 18:22

.

Pre-Run: 154,252,988,416 bytes free

Post-Run: 154,497,822,720 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

.

- - End Of File - - 5AED943BD3564D0AB7A252774F9BCBEF

Link to post
Share on other sites

Next:

Note: if the Cure option is not there, please select 'Skip'.

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    TDSSKillermain.png
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
    TDSSKillerSuspicious.png
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

please post the contents of that log TDSSKiller log.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

Thanks. It seems the search redirect virus may be gone now. I can't say 100% as I do only a handful of searches because I wanted to get this reply sent to you. Please note I have been on the road traveling so my response time and ability to do the next steps are a little slower than I would prefer.

The folders in my Start Menu remain mostly EMPTY. I'm unsure if that is something we will resolve as we continue in this forum. For example, I still struggle with finding MS Word/Excel (as one example). This also may be problematic because many of the folders in App Progroms that I renamed may be permanently lost? or damanged? or always appearing missing?

Anyway, computer is better. Are there next steps. Here is the TDSSKiller log:

2011/07/17 01:10:15.0718 4196 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56

2011/07/17 01:10:16.0140 4196 ================================================================================

2011/07/17 01:10:16.0140 4196 SystemInfo:

2011/07/17 01:10:16.0140 4196

2011/07/17 01:10:16.0140 4196 OS Version: 5.1.2600 ServicePack: 3.0

2011/07/17 01:10:16.0140 4196 Product type: Workstation

2011/07/17 01:10:16.0140 4196 ComputerName: FLORIDA

2011/07/17 01:10:16.0140 4196 UserName: OD Customer

2011/07/17 01:10:16.0140 4196 Windows directory: C:\WINDOWS

2011/07/17 01:10:16.0140 4196 System windows directory: C:\WINDOWS

2011/07/17 01:10:16.0140 4196 Processor architecture: Intel x86

2011/07/17 01:10:16.0140 4196 Number of processors: 2

2011/07/17 01:10:16.0140 4196 Page size: 0x1000

2011/07/17 01:10:16.0140 4196 Boot type: Normal boot

2011/07/17 01:10:16.0140 4196 ================================================================================

2011/07/17 01:10:17.0703 4196 Initialize success

2011/07/17 01:10:22.0750 4580 ================================================================================

2011/07/17 01:10:22.0750 4580 Scan started

2011/07/17 01:10:22.0750 4580 Mode: Manual;

2011/07/17 01:10:22.0750 4580 ================================================================================

2011/07/17 01:10:25.0437 4580 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/07/17 01:10:25.0484 4580 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

2011/07/17 01:10:25.0562 4580 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2011/07/17 01:10:25.0640 4580 AegisP (12dafd934641dcf61e446313bc261ec2) C:\WINDOWS\system32\DRIVERS\AegisP.sys

2011/07/17 01:10:25.0718 4580 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys

2011/07/17 01:10:25.0875 4580 AgereSoftModem (b3192376c7a3814b5341efc2202022f8) C:\WINDOWS\system32\DRIVERS\AGRSM.sys

2011/07/17 01:10:26.0500 4580 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

2011/07/17 01:10:26.0906 4580 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys

2011/07/17 01:10:26.0953 4580 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/07/17 01:10:26.0984 4580 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/07/17 01:10:27.0015 4580 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/07/17 01:10:27.0046 4580 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/07/17 01:10:27.0109 4580 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/07/17 01:10:27.0328 4580 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/07/17 01:10:27.0640 4580 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

2011/07/17 01:10:27.0796 4580 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/07/17 01:10:27.0843 4580 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/07/17 01:10:27.0890 4580 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/07/17 01:10:27.0984 4580 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

2011/07/17 01:10:28.0015 4580 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

2011/07/17 01:10:28.0109 4580 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/07/17 01:10:28.0171 4580 DLABOIOM (ee4325becef51b8c32b4329097e4f301) C:\WINDOWS\system32\DLA\DLABOIOM.SYS

2011/07/17 01:10:28.0187 4580 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS

2011/07/17 01:10:28.0218 4580 DLADResN (1e6c6597833a04c2157be7b39ea92ce1) C:\WINDOWS\system32\DLA\DLADResN.SYS

2011/07/17 01:10:28.0406 4580 DLAIFS_M (752376e109a090970bfa9722f0f40b03) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS

2011/07/17 01:10:28.0453 4580 DLAOPIOM (62ee7902e74b90bf1ccc4643fc6c07a7) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS

2011/07/17 01:10:28.0515 4580 DLAPoolM (5c220124c5afeaee84a9bb89d685c17b) C:\WINDOWS\system32\DLA\DLAPoolM.SYS

2011/07/17 01:10:28.0593 4580 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS

2011/07/17 01:10:28.0609 4580 DLAUDFAM (4ebb78d9bbf072119363b35b9b3e518f) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS

2011/07/17 01:10:28.0640 4580 DLAUDF_M (333b770e52d2cea7bd86391120466e43) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS

2011/07/17 01:10:28.0796 4580 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2011/07/17 01:10:28.0875 4580 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2011/07/17 01:10:29.0046 4580 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/07/17 01:10:29.0109 4580 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2011/07/17 01:10:29.0156 4580 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/07/17 01:10:29.0171 4580 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS

2011/07/17 01:10:29.0203 4580 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS

2011/07/17 01:10:29.0250 4580 e1express (e1fa10ed8f9f700c1be1eae05a80ef57) C:\WINDOWS\system32\DRIVERS\e1e5132.sys

2011/07/17 01:10:29.0312 4580 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/07/17 01:10:29.0437 4580 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

2011/07/17 01:10:29.0578 4580 FdRedir (8affa5814b135417494e48eb9c0b6c5e) C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys

2011/07/17 01:10:29.0593 4580 FileDisk2 (6ed5c6a25174118036e978b42f0974d1) C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys

2011/07/17 01:10:29.0812 4580 FilterService (50104c5f1ee1e295781caf9521ca2e56) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys

2011/07/17 01:10:29.0843 4580 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2011/07/17 01:10:29.0859 4580 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

2011/07/17 01:10:29.0906 4580 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2011/07/17 01:10:29.0937 4580 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/07/17 01:10:29.0953 4580 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/07/17 01:10:30.0031 4580 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

2011/07/17 01:10:30.0140 4580 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/07/17 01:10:30.0187 4580 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2011/07/17 01:10:30.0265 4580 HPZid412 (5faba4775d4c61e55ec669d643ffc71f) C:\WINDOWS\system32\DRIVERS\HPZid412.sys

2011/07/17 01:10:30.0281 4580 HPZipr12 (a3c43980ee1f1beac778b44ea65dbdd4) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

2011/07/17 01:10:30.0296 4580 HPZius12 (2906949bd4e206f2bb0dd1896ce9f66f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

2011/07/17 01:10:30.0531 4580 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/07/17 01:10:30.0734 4580 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/07/17 01:10:30.0937 4580 ialm (bc1f1ff8d5800398937966cdb0a97fdc) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

2011/07/17 01:10:32.0187 4580 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/07/17 01:10:32.0671 4580 IntcAzAudAddService (b12a9fc49cd2765a43829d834f518aed) C:\WINDOWS\system32\drivers\RtkHDAud.sys

2011/07/17 01:10:32.0796 4580 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2011/07/17 01:10:32.0875 4580 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2011/07/17 01:10:33.0015 4580 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/07/17 01:10:33.0078 4580 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/07/17 01:10:33.0187 4580 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/07/17 01:10:33.0218 4580 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/07/17 01:10:33.0265 4580 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/07/17 01:10:33.0312 4580 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/07/17 01:10:33.0343 4580 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/07/17 01:10:33.0390 4580 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2011/07/17 01:10:33.0406 4580 KR10N (00c1ea8decf810b8eccb5c5a8186a96e) C:\WINDOWS\system32\drivers\KR10N.sys

2011/07/17 01:10:33.0500 4580 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/07/17 01:10:33.0843 4580 LVPr2Mon (a6919138f29ae45e90e99fa94737e04c) C:\WINDOWS\system32\Drivers\LVPr2Mon.sys

2011/07/17 01:10:33.0968 4580 LVRS (b895839b8743e400d7c7dae156f74e7e) C:\WINDOWS\system32\DRIVERS\lvrs.sys

2011/07/17 01:10:34.0093 4580 LVUSBSta (23f8ef78bb9553e465a476f3cee5ca18) C:\WINDOWS\system32\drivers\LVUSBSta.sys

2011/07/17 01:10:34.0406 4580 LVUVC (8bc0d5f6e3898f465a94c6d03afb5a20) C:\WINDOWS\system32\DRIVERS\lvuvc.sys

2011/07/17 01:10:34.0781 4580 meiudf (7efac183a25b30fb5d64cc9d484b1eb6) C:\WINDOWS\system32\Drivers\meiudf.sys

2011/07/17 01:10:34.0921 4580 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys

2011/07/17 01:10:34.0984 4580 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/07/17 01:10:35.0156 4580 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2011/07/17 01:10:35.0265 4580 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/07/17 01:10:35.0359 4580 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/07/17 01:10:35.0687 4580 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/07/17 01:10:35.0953 4580 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/07/17 01:10:36.0031 4580 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2011/07/17 01:10:36.0078 4580 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/07/17 01:10:36.0109 4580 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/07/17 01:10:36.0125 4580 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/07/17 01:10:36.0156 4580 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/07/17 01:10:36.0187 4580 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

2011/07/17 01:10:36.0265 4580 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

2011/07/17 01:10:36.0312 4580 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

2011/07/17 01:10:36.0328 4580 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2011/07/17 01:10:36.0359 4580 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

2011/07/17 01:10:36.0390 4580 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/07/17 01:10:36.0468 4580 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/07/17 01:10:36.0515 4580 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/07/17 01:10:36.0546 4580 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/07/17 01:10:36.0812 4580 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/07/17 01:10:36.0875 4580 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/07/17 01:10:36.0968 4580 Netdevio (1265eb253ed4ebe4acb3bd5f548ff796) C:\WINDOWS\system32\DRIVERS\netdevio.sys

2011/07/17 01:10:37.0062 4580 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

2011/07/17 01:10:37.0171 4580 NPF (b9730495e0cf674680121e34bd95a73b) C:\WINDOWS\system32\drivers\npf.sys

2011/07/17 01:10:37.0234 4580 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2011/07/17 01:10:37.0359 4580 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/07/17 01:10:37.0421 4580 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/07/17 01:10:37.0453 4580 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/07/17 01:10:37.0500 4580 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/07/17 01:10:37.0578 4580 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

2011/07/17 01:10:37.0671 4580 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys

2011/07/17 01:10:37.0734 4580 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/07/17 01:10:37.0828 4580 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/07/17 01:10:37.0937 4580 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/07/17 01:10:38.0156 4580 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/07/17 01:10:38.0234 4580 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

2011/07/17 01:10:38.0406 4580 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/07/17 01:10:38.0453 4580 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/07/17 01:10:38.0531 4580 PSI (d24dfd16a1e2a76034df5aa18125c35d) C:\WINDOWS\system32\DRIVERS\psi_mf.sys

2011/07/17 01:10:38.0546 4580 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/07/17 01:10:38.0593 4580 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2011/07/17 01:10:38.0734 4580 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/07/17 01:10:38.0812 4580 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/07/17 01:10:38.0875 4580 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/07/17 01:10:38.0890 4580 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/07/17 01:10:38.0953 4580 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/07/17 01:10:39.0015 4580 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/07/17 01:10:39.0078 4580 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2011/07/17 01:10:39.0156 4580 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/07/17 01:10:39.0281 4580 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/07/17 01:10:39.0390 4580 s24trans (1cc074e0d48383d4e9bffc6a26c2a58a) C:\WINDOWS\system32\DRIVERS\s24trans.sys

2011/07/17 01:10:39.0453 4580 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys

2011/07/17 01:10:39.0515 4580 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/07/17 01:10:39.0609 4580 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys

2011/07/17 01:10:39.0750 4580 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys

2011/07/17 01:10:39.0859 4580 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys

2011/07/17 01:10:39.0890 4580 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys

2011/07/17 01:10:39.0937 4580 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

2011/07/17 01:10:40.0093 4580 smihlp (aef89571c4e567575db8bdf120765b6c) C:\Program Files\Protector Suite QL\smihlp.sys

2011/07/17 01:10:40.0328 4580 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2011/07/17 01:10:40.0515 4580 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/07/17 01:10:40.0593 4580 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/07/17 01:10:40.0671 4580 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

2011/07/17 01:10:40.0750 4580 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/07/17 01:10:40.0859 4580 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2011/07/17 01:10:41.0031 4580 SynTP (cfb41bf11ae95c26133bae3ec2e334bd) C:\WINDOWS\system32\DRIVERS\SynTP.sys

2011/07/17 01:10:41.0062 4580 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/07/17 01:10:41.0265 4580 tbiosdrv (7147b0575bcc93a6ab7d5c90f47c0b9f) C:\WINDOWS\system32\DRIVERS\tbiosdrv.sys

2011/07/17 01:10:41.0359 4580 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/07/17 01:10:41.0437 4580 TcUsb (fc6fe02f400308606a911640e72326b5) C:\WINDOWS\system32\Drivers\tcusb.sys

2011/07/17 01:10:41.0484 4580 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/07/17 01:10:41.0578 4580 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/07/17 01:10:41.0625 4580 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/07/17 01:10:41.0656 4580 tifm21 (244cfbffdefb77f3df571a8cd108fc06) C:\WINDOWS\system32\drivers\tifm21.sys

2011/07/17 01:10:41.0718 4580 tosrfec (cc069342ee0eae55b32a0ae99cf6185c) C:\WINDOWS\system32\DRIVERS\tosrfec.sys

2011/07/17 01:10:41.0750 4580 TVALD (676db15ddf2e0ff6ec03068dea428b8b) C:\WINDOWS\system32\DRIVERS\NBSMI.sys

2011/07/17 01:10:41.0796 4580 Tvs (cc6763889198ef975b143d49789bcfa9) C:\WINDOWS\system32\DRIVERS\Tvs.sys

2011/07/17 01:10:41.0968 4580 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2011/07/17 01:10:42.0078 4580 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2011/07/17 01:10:42.0156 4580 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys

2011/07/17 01:10:42.0281 4580 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

2011/07/17 01:10:42.0343 4580 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/07/17 01:10:42.0468 4580 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/07/17 01:10:42.0593 4580 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/07/17 01:10:42.0656 4580 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2011/07/17 01:10:42.0750 4580 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2011/07/17 01:10:42.0781 4580 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/07/17 01:10:42.0828 4580 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2011/07/17 01:10:42.0843 4580 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2011/07/17 01:10:42.0890 4580 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/07/17 01:10:43.0062 4580 w39n51 (b1f126e7e28877106d60e6ff3998d033) C:\WINDOWS\system32\DRIVERS\w39n51.sys

2011/07/17 01:10:43.0359 4580 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/07/17 01:10:43.0437 4580 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys

2011/07/17 01:10:43.0484 4580 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/07/17 01:10:43.0593 4580 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

2011/07/17 01:10:43.0656 4580 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2011/07/17 01:10:43.0687 4580 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2011/07/17 01:10:43.0765 4580 MBR (0x1B8) (6f9a1d528242bc09104b85e0becf5554) \Device\Harddisk0\DR0

2011/07/17 01:10:43.0765 4580 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.a (0)

2011/07/17 01:10:43.0765 4580 Boot (0x1200) (24143623f38212098139056e3850dfc4) \Device\Harddisk0\DR0\Partition0

2011/07/17 01:10:43.0781 4580 ================================================================================

2011/07/17 01:10:43.0781 4580 Scan finished

2011/07/17 01:10:43.0781 4580 ================================================================================

2011/07/17 01:10:43.0796 4572 Detected object count: 1

2011/07/17 01:10:43.0796 4572 Actual detected object count: 1

2011/07/17 01:10:52.0406 4572 \Device\Harddisk0\DR0 (Rootkit.Boot.SST.a) - will be cured after reboot

2011/07/17 01:10:52.0406 4572 \Device\Harddisk0\DR0 - ok

2011/07/17 01:10:52.0406 4572 Rootkit.Boot.SST.a(\Device\Harddisk0\DR0) - User select action: Cure

2011/07/17 01:11:02.0921 1124 Deinitialize success

Link to post
Share on other sites

The only thing I can suggest for the renamed programs is to re-install them, rename them back to what they were or create shortcuts.

Example:

When you find Excel, Right Click on it and select Send to Desktop Create shortcut.

You can delete TDSSKiller and do the following.

Good job thumbup.gif

The following will implement some cleanup procedures as well as reset System Restore points:

For XP:

  • Click START run
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

For Vista / Windows 7

  • Click START Search
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

If you used DeFogger

To re-enable your Emulation drivers, double click DeFogger to run the tool.

  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled.

Here's my usual all clean post

To be on the safe side, I would also change all my passwords.

This infection appears to have been cleaned, but as the malware could be configured to run any program a remote attacker requires, it's impossible to be 100% sure that any machine is clean.

Log looks good :D

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    1. From within Internet Explorer click on the Tools menu and then click on Options.
    2. Click once on the Security tab
    3. Click once on the Internet icon so it becomes highlighted.
    4. Click once on the Custom Level button.
    5. Change the Download signed ActiveX controls to Prompt
    6. Change the Download unsigned ActiveX controls to Disable
    7. Change the Initialize and script ActiveX controls not marked as safe to Disable
    8. Change the Installation of desktop items to Prompt
    9. Change the Launching programs and files in an IFRAME to Prompt
    10. Change the Navigate sub-frames across different domains to Prompt
    11. When all these settings have been made, click on the OK button.
    12. If it prompts you as to whether or not you want to save the settings, press the Yes button.
    13. Next press the Apply button and then the OK to exit the Internet Properties page.

    [*]Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week

    (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

    [*]Use a Firewall - I can not stress how important it is that you use a Firewall on your computer.

    Without a firewall your computer is succeptible to being hacked and taken over.

    I am very serious about this and see it happen almost every day with my clients.

    Simply using a Firewall in its default configuration can lower your risk greatly.

    [*]Using a secure browser plugin M86 SecureBrowsing makes it safe to search, surf and socialize online. This free browser plug-in displays security icons next to links on search engines and social networking sites like Facebook, Twitter and LinkedIn, so you'll know which pages are safe and which ones to avoid.

    •Free browser plug-in for Internet Explorer and Firefox

    •Real-time safety ratings

    •Ideal for Facebook, Twitter and LinkedIn

    [*] JAVA Click this link and click on the Free JAVA Download

    [*]Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly.

    This will ensure your computer has always the latest security updates available installed on your computer.

    If there are new updates to install, install them immediately, reboot your computer, and revisit the site

    until there are no more critical updates.

Only run one Anti-Virus and Firewall program.

I would suggest you read:

PC Safety and Security--What Do I Need?.

How to Prevent Malware:

The full version of Malwarebytes' Anti-Malware could have helped protect your computer against this threat.

We use different ways of protecting your computer(s):

  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention

Save yourself the hassle and get protected.

Link to post
Share on other sites

Thanks for everything. My computer is running much better and I'm getting MBAM full version once I return home from this trip.

Can you offer final insight to these issues after all this cleanup?:

I reset (as instructed in an earlier reply) my Start Menu recent applications # to 7 (where it shows my most recent apps/documents used). However, it continues to show only 3 or 4 and a test I just did (opening iTunes, Excel, Calculator and Taxcut)....none of these showed up. Since I followed your advice days ago, the list has never increased beyond 4 and is always the same 4 now.

And....final thoughts on why nearly every folder showing up in my Start Menu still shows EMPTY when you hover over it. Of the 50 or so programs/files listed, only 2 show content (Accessories and ICUII---which I have not used in over 2 years). Maybe I mentioned this before but when I right click on a file, I do get several programs (Excel, Opera, Windows Picture, Media Player, Google Chrome, etc) listed as options to open it. This puzzles me because all of these program folders show up empty under START MENU. I don't understand why they don't start getting listed (as content in the folder instead of EMPTY) once I use them after all this virus cleanup.

If you have comments on these last 2 things, it is a bonus for me at this point. I am very happy that the viruses are gone and a little war damage from all this isn't that bad to deal with if we can't figure out these last couple of problems.

thanks!

Link to post
Share on other sites

This infection caused it.

You renamed the folders / programs which you shouldn't have.

You could create a new user but if you renamed them under All Users, I don't think that would help either.

The only thing I can suggest for the renamed programs is to re-install them, rename them back to what they were or create shortcuts.

Example:

When you find Excel, Right Click on it and select Send to Desktop Create shortcut.

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.