FatMagic

Members

View Profile See their activity

Posts
5
Joined
November 11, 2011
Last visited
July 12, 2013

Reputation

0 Neutral

Continuous Outgoing Blocks, Unable to Find the Source

FatMagic replied to FatMagic's topic in Resolved Malware Removal Logs

Put this request on hold. I no longer need assistance for now. The issues have been resolved. If they return I will post again. Sorry for the trouble.
- November 28, 2011
- 6 replies
Continuous Outgoing Blocks, Unable to Find the Source

FatMagic replied to FatMagic's topic in Resolved Malware Removal Logs

Yes I sure do! I bought 5 or 6 licenses (I work IT at a Medium/Large business), and this is one of my licenses for MBAM Pro.
- November 17, 2011
- 6 replies
Continuous Outgoing Blocks, Unable to Find the Source

FatMagic posted a topic in Resolved Malware Removal Logs

Hello! Here's my trouble, and what I've done. I'm working on a client's PC attempting to fully clean it without reformatting (this can be easiest, but not in this case). First it started with getting a Scareware pop up for Security something or other. I've seen these a million times. I have MalwareBytes PRO installed and running on the PC, although it seems as though it got disabled at some point. Re-enabled, fully scanned, cleared out a bunch of crap. But I am still getting outgoing blocks on MalwareBytes PRO. I then ran McAfee Enterprise 8.8 full scan after it was fully updated. Found a "rootkit" which it says was deleted... but afterwards still getting the outgoing blocks. And after finally running ComboFix, I'm still getting a browser redirection Defogger is still "enabled". So I'm a bit clueless as what to do next since my typical tools are failing me. And here are remaining log files as needed: MalwareBytes (Full Scan, Run yesterday - the Quick Scan I ran today AFTER ComboFix came back clean): Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Database version: 8132 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 11/10/2011 12:42:57 PM mbam-log-2011-11-10 (12-42-57).txt Scan type: Quick scan Objects scanned: 206270 Time elapsed: 12 minute(s), 49 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 8 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\documents and settings\all users\application data\158F.tmp (Exploit.Drop.Gen) -> Quarantined and deleted successfully. c:\documents and settings\all users\application data\2EFA.tmp (Exploit.Drop.Gen) -> Quarantined and deleted successfully. c:\documents and settings\all users\application data\43C8.tmp (Exploit.Drop.Gen) -> Quarantined and deleted successfully. c:\documents and settings\all users\application data\5922.tmp (Exploit.Drop.Gen) -> Quarantined and deleted successfully. c:\documents and settings\all users\application data\804F.tmp (Exploit.Drop.Gen) -> Quarantined and deleted successfully. c:\documents and settings\all users\application data\AFB1.tmp (Exploit.Drop.Gen) -> Quarantined and deleted successfully. c:\documents and settings\all users\application data\D91D.tmp (Exploit.Drop.Gen) -> Quarantined and deleted successfully. c:\documents and settings\all users\application data\privacy.exe (Exploit.Drop.Gen) -> Quarantined and deleted successfully. MalwareBytes (Protection Log from today 11/11/11): 08:33:25 mikesteiner MESSAGE Protection started successfully 08:33:29 mikesteiner MESSAGE IP Protection started successfully 08:38:04 mikesteiner IP-BLOCK 38.99.183.25 (Type: outgoing) 08:38:07 mikesteiner IP-BLOCK 38.99.183.25 (Type: outgoing) 08:38:13 mikesteiner IP-BLOCK 38.99.183.25 (Type: outgoing) 08:38:25 mikesteiner IP-BLOCK 38.99.183.32 (Type: outgoing) 08:38:28 mikesteiner IP-BLOCK 38.99.183.32 (Type: outgoing) 08:38:34 mikesteiner IP-BLOCK 38.99.183.32 (Type: outgoing) 08:38:46 mikesteiner IP-BLOCK 38.99.183.25 (Type: outgoing) (truncated for length, way too much of the same thing here) D.D.S: . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_29 Run by mikesteiner at 13:44:04 on 2011-11-11 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3317.2521 [GMT -5:00] . . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Intel\ASF Agent\ASFAgent.exe C:\Program Files\Intel\AMT\atchksrv.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Intel\AMT\LMS.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\WINDOWS\system32\mfevtps.exe C:\Program Files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\sqlservr.exe C:\UPS\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Intel\AMT\UNS.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\rdpclip.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Intel\AMT\atchk.exe C:\UPS\WSTD\UPSNA1Msgr.exe C:\Program Files\ACT\Act for Windows\Act.Outlook.Service.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE C:\Program Files\ACT\Act for Windows\Act.Outlook.Sync.exe C:\Program Files\Microsoft SQL Server\80\TOOLS\BINN\sqlmangr.exe C:\UPS\WSTD\WSTDMessaging.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe C:\WINDOWS\system32\SearchProtocolHost.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uSearch Bar = uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20111110161511.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile: {d5233fcd-d258-4903-89b8-fb1568e7413d} - mscoree.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe mRun: [IgfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [atchk] "c:\program files\intel\amt\atchk.exe" mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey mRun: [NA1Messenger] c:\ups\wstd\UPSNA1Msgr.exe mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [Act.Outlook.Service] "c:\program files\act\act for windows\Act.Outlook.Service.exe" mRun: [Act! Preloader] "c:\program files\act\act for windows\ActSage.exe" -preload mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE dRun: [jusched] c:\windows\temp\kjghsad.exe StartupFolder: c:\docume~1\mikest~1\startm~1\programs\startup\cyber-~1.lnk - c:\program files\sony\sony picture utility\volumewatcher\SPUVolumeWatcher.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\sageac~1.lnk - c:\program files\act\act for windows\Act.Outlook.Sync.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\servic~1.lnk - c:\program files\microsoft sql server\80\tools\binn\sqlmangr.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\upswor~2.lnk - c:\ups\wstd\WSTDMessaging.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\upswor~1.lnk - c:\ups\wstd\wstdPldReminder.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll LSP: mswsock.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab TCP: DhcpNameServer = 172.20.65.18 172.20.65.12 TCP: Interfaces\{97686254-0B42-4A33-A213-770E18FD2058} : NameServer = 8.8.8.8,8.8.4.4 TCP: Interfaces\{97686254-0B42-4A33-A213-770E18FD2058} : DhcpNameServer = 172.20.65.18 172.20.65.12 Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\mikesteiner\application data\mozilla\firefox\profiles\ggqnyac6.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - hxxp://easyfit.com/ FF - component: c:\program files\mozilla firefox\distribution\bundles\{d19ca586-dd6c-4a0a-96f8-14644f340d60}\components\scriptff.dll FF - plugin: c:\program files\adobe\acrobat 9.0\acrobat\air\nppdf32.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} . ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - true ============= SERVICES / DRIVERS =============== . R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-11-4 436728] R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-11-10 88544] R2 ASFAgent;ASF Agent;c:\program files\intel\asf agent\ASFAgent.exe [2007-1-23 133968] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-1-23 366152] R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2011-1-12 120128] R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-11-10 159320] R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2011-1-12 209760] R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-11-10 145936] R2 MSSQL$ACT7;SQL Server (ACT7);c:\program files\microsoft sql server\mssql10_50.act7\mssql\binn\sqlservr.exe [2010-5-5 42884448] R2 MSSQL$UPSWSDBSERVER;MSSQL$UPSWSDBSERVER;c:\ups\wstd\mssql$upswsdbserver\binn\sqlservr.exe -supswsdbserver --> c:\ups\wstd\mssql$upswsdbserver\binn\sqlservr.exe -sUPSWSDBSERVER [?] R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\intel\amt\UNS.exe [2008-10-29 2521880] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-1-23 22216] R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-11-4 171296] R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-11-4 58456] S1 mferkdk;VSCore mferkdk;\??\c:\program files\mcafee\virusscan enterprise\mferkdk.sys --> c:\program files\mcafee\virusscan enterprise\mferkdk.sys [?] S2 Sage ACT! Scheduler;Sage ACT! Scheduler;c:\program files\act\act for windows\Act.Scheduler.exe [2010-11-11 81920] S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-11-10 85152] S3 SQLAgent$UPSWSDBSERVER;SQLAgent$UPSWSDBSERVER;c:\ups\wstd\mssql$upswsdbserver\binn\sqlagent.exe -i upswsdbserver --> c:\ups\wstd\mssql$upswsdbserver\binn\sqlagent.EXE -i UPSWSDBSERVER [?] S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2010-5-5 44896] S4 RsFx0150;RsFx0150 Driver;c:\windows\system32\drivers\RsFx0150.sys [2010-4-3 240608] S4 SQLAgent$ACT7;SQL Server Agent (ACT7);c:\program files\microsoft sql server\mssql10_50.act7\mssql\binn\SQLAGENT.EXE [2010-5-5 367456] . =============== File Associations =============== . .scr=DWGTrueViewScriptFile . =============== Created Last 30 ================ . 2011-11-10 21:16:21 -------- d-----w- c:\documents and settings\mikesteiner\application data\McAfee 2011-11-10 21:15:15 74848 ----a-w- c:\windows\system32\MfeOtlkAddin.dll 2011-11-10 21:15:15 22816 ----a-w- c:\windows\system32\MFEOtlk.dll 2011-11-10 21:15:11 24376 ----a-w- c:\program files\mozilla firefox\distribution\bundles\{d19ca586-dd6c-4a0a-96f8-14644f340d60}\components\scriptff.dll 2011-11-10 21:15:09 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys 2011-11-10 21:15:09 88544 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys 2011-11-10 21:15:09 85152 ----a-w- c:\windows\system32\drivers\mferkdet.sys 2011-11-10 21:15:09 145936 ----a-w- c:\windows\system32\mfevtps.exe 2011-11-08 06:53:34 6668624 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{45f50bb4-7dc6-4ea9-a475-72a9b6845617}\mpengine.dll . ==================== Find3M ==================== . 2011-11-11 18:42:21 1682 --sha-w- c:\documents and settings\all users\application data\KGyGaAvL.sys 2011-11-10 21:13:25 58456 ----a-w- c:\windows\system32\drivers\mfebopk.sys 2011-11-10 21:13:25 436728 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2011-11-10 21:13:25 171296 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2011-11-10 21:13:25 116104 ----a-w- c:\windows\system32\drivers\mfeapfk.sys 2011-10-20 12:20:14 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-10-03 10:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-10-03 07:37:52 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll 2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll 2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll 2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll 2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys 2011-08-31 22:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-08-17 21:32:17 832512 ----a-w- c:\windows\system32\wininet.dll 2011-08-17 21:32:16 78336 ----a-w- c:\windows\system32\ieencode.dll 2011-08-17 21:32:16 1830912 ------w- c:\windows\system32\inetcpl.cpl 2011-08-17 21:32:15 17408 ----a-w- c:\windows\system32\corpol.dll 2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys 2011-08-17 12:22:23 389120 ----a-w- c:\windows\system32\html.iec . ============= FINISH: 13:50:40.77 =============== ComboFix (ran this today): ComboFix 11-11-11.04 - mikesteiner 11/11/2011 15:05:03.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3317.2746 [GMT -5:00] Running from: c:\documents and settings\mikesteiner\My Documents\Downloads\ComboFix.exe . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\mikesteiner\Local Settings\Application Data\Windows Server c:\documents and settings\mikesteiner\Local Settings\Application Data\Windows Server\flags.ini c:\documents and settings\mikesteiner\Local Settings\Application Data\Windows Server\uses32.dat C:\feed.txt c:\windows\$NtUninstallKB15253$ c:\windows\$NtUninstallKB15253$\1697734308\@ c:\windows\$NtUninstallKB15253$\1697734308\bckfg.tmp c:\windows\$NtUninstallKB15253$\1697734308\cfg.ini c:\windows\$NtUninstallKB15253$\1697734308\Desktop.ini c:\windows\$NtUninstallKB15253$\1697734308\keywords c:\windows\$NtUninstallKB15253$\1697734308\kwrd.dll c:\windows\$NtUninstallKB15253$\1697734308\L\rohepcid c:\windows\$NtUninstallKB15253$\1697734308\lsflt7.ver c:\windows\$NtUninstallKB15253$\1697734308\U\00000001.@ c:\windows\$NtUninstallKB15253$\1697734308\U\00000002.@ c:\windows\$NtUninstallKB15253$\1697734308\U\00000004.@ c:\windows\$NtUninstallKB15253$\1697734308\U\80000000.@ c:\windows\$NtUninstallKB15253$\1697734308\U\80000004.@ c:\windows\$NtUninstallKB15253$\1697734308\U\80000032.@ c:\windows\$NtUninstallKB15253$\402726942 c:\windows\system32\drivers\etc\lmhosts . Infected copy of c:\windows\system32\drivers\serial.sys was found and disinfected Restored copy from - The cat found it c:\windows\system32\ws2_32.dll . . . is infected!! . . ((((((((((((((((((((((((( Files Created from 2011-10-11 to 2011-11-11 ))))))))))))))))))))))))))))))) . . 2011-11-11 19:27 . 2008-04-14 12:00 64512 ----a-w- c:\windows\system32\drivers\serial.sys 2011-11-11 19:07 . 2011-11-11 19:07 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google 2011-11-10 21:16 . 2011-11-10 21:16 -------- d-----w- c:\documents and settings\mikesteiner\Application Data\McAfee 2011-11-10 21:15 . 2011-11-10 21:13 74848 ----a-w- c:\windows\system32\MfeOtlkAddin.dll 2011-11-10 21:15 . 2011-11-10 21:13 22816 ----a-w- c:\windows\system32\MFEOtlk.dll 2011-11-10 21:15 . 2011-11-10 21:13 24376 ----a-w- c:\program files\Mozilla Firefox\distribution\bundles\{D19CA586-DD6C-4a0a-96F8-14644F340D60}\components\scriptff.dll 2011-11-10 21:15 . 2011-11-10 21:13 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys 2011-11-10 21:15 . 2011-11-10 21:13 88544 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys 2011-11-10 21:15 . 2011-11-10 21:13 85152 ----a-w- c:\windows\system32\drivers\mferkdet.sys 2011-11-10 21:15 . 2011-11-10 21:13 145936 ----a-w- c:\windows\system32\mfevtps.exe 2011-11-10 07:24 . 2011-11-10 07:24 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe 2011-11-08 06:53 . 2011-10-07 03:48 6668624 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{45F50BB4-7DC6-4EA9-A475-72A9B6845617}\mpengine.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-11 18:42 . 2010-12-21 18:47 1682 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys 2011-11-10 21:13 . 2008-11-04 15:47 58456 ----a-w- c:\windows\system32\drivers\mfebopk.sys 2011-11-10 21:13 . 2008-11-04 15:47 436728 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2011-11-10 21:13 . 2008-11-04 15:47 171296 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2011-11-10 21:13 . 2008-11-04 15:47 116104 ----a-w- c:\windows\system32\drivers\mfeapfk.sys 2011-10-20 12:20 . 2011-06-21 12:43 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-10-10 14:22 . 2008-04-25 21:27 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-10-07 03:48 . 2008-11-04 15:52 6668624 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll 2011-10-03 10:06 . 2010-05-20 19:01 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-10-03 07:37 . 2008-10-29 15:57 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-09-26 15:41 . 2008-04-25 16:16 220160 ----a-w- c:\windows\system32\oleacc.dll 2011-09-26 15:41 . 2007-10-09 18:03 611328 ----a-w- c:\windows\system32\uiautomationcore.dll 2011-09-26 15:41 . 2008-04-25 16:16 20480 ----a-w- c:\windows\system32\oleaccrc.dll 2011-09-09 09:12 . 2008-04-25 16:16 599040 ----a-w- c:\windows\system32\crypt32.dll 2011-09-06 13:20 . 2008-04-25 16:16 1858944 ----a-w- c:\windows\system32\win32k.sys 2011-08-31 22:00 . 2009-01-23 15:54 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-08-17 21:32 . 2008-04-25 16:16 832512 ----a-w- c:\windows\system32\wininet.dll 2011-08-17 21:32 . 2008-04-25 16:16 78336 ----a-w- c:\windows\system32\ieencode.dll 2011-08-17 21:32 . 2008-04-25 16:16 1830912 ------w- c:\windows\system32\inetcpl.cpl 2011-08-17 21:32 . 2008-04-25 16:16 17408 ----a-w- c:\windows\system32\corpol.dll 2011-08-17 13:49 . 2008-04-25 16:16 138496 ----a-w- c:\windows\system32\drivers\afd.sys 2011-08-17 12:22 . 2008-04-25 16:16 389120 ----a-w- c:\windows\system32\html.iec . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2008-04-14 . E2D3EDE34F7C01F3666442474487A1F8 . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll . [-] 1601-01-01 00:00 . !HASH: COULD NOT OPEN FILE !!!!! . 0 . . [------] . . c:\windows\system32\drivers\acpiec.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-09-25 1036288] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-28 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-28 162328] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-28 137752] "atchk"="c:\program files\Intel\AMT\atchk.exe" [2007-06-12 408344] "McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2011-01-12 161088] "NA1Messenger"="c:\ups\WSTD\UPSNA1Msgr.exe" [2008-12-04 24576] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] "Act.Outlook.Service"="c:\program files\ACT\Act for Windows\Act.Outlook.Service.exe" [2010-11-11 28672] "Act! Preloader"="c:\program files\ACT\Act for Windows\ActSage.exe" [2010-11-11 337224] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2011-01-12 215360] . c:\documents and settings\mikesteiner\Start Menu\Programs\Startup\ Cyber-shot Viewer Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2009-5-14 155648] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Sage ACT! Outlook Sync.lnk - c:\program files\ACT\Act for Windows\Act.Outlook.Sync.exe [2010-11-11 91136] Service Manager.lnk - c:\program files\Microsoft SQL Server\80\TOOLS\BINN\sqlmangr.exe [2005-5-3 81920] UPS WorldShip Messaging Utility.lnk - c:\ups\WSTD\WSTDMessaging.exe [2008-12-4 393216] UPS WorldShip PLD Reminder Utility.lnk - c:\ups\WSTD\wstdPldReminder.exe [2008-12-2 31744] Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0] 2010-09-22 22:11 640440 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher] 2011-09-07 19:53 40376 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif] 2007-10-03 19:44 178712 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv] 2008-02-26 14:57 128296 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "FirewallOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 . R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [11/10/2011 4:15 PM 88544] R2 ASFAgent;ASF Agent;c:\program files\Intel\ASF Agent\ASFAgent.exe [1/23/2007 2:58 AM 133968] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/23/2009 10:54 AM 366152] R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [11/10/2011 4:15 PM 145936] R2 MSSQL$ACT7;SQL Server (ACT7);c:\program files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\sqlservr.exe [5/5/2010 9:40 PM 42884448] R2 MSSQL$UPSWSDBSERVER;MSSQL$UPSWSDBSERVER;c:\ups\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe -sUPSWSDBSERVER --> c:\ups\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe -sUPSWSDBSERVER [?] R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\Intel\AMT\UNS.exe [10/29/2008 10:57 AM 2521880] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/23/2009 10:54 AM 22216] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/11/2011 2:07 PM 136176] S2 Sage ACT! Scheduler;Sage ACT! Scheduler;c:\program files\ACT\Act for Windows\Act.Scheduler.exe [11/11/2010 1:00 AM 81920] S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [11/11/2011 2:07 PM 136176] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [11/10/2011 4:15 PM 85152] S3 SQLAgent$UPSWSDBSERVER;SQLAgent$UPSWSDBSERVER;c:\ups\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlagent.EXE -i UPSWSDBSERVER --> c:\ups\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlagent.EXE -i UPSWSDBSERVER [?] S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [5/5/2010 9:41 PM 44896] S4 RsFx0150;RsFx0150 Driver;c:\windows\system32\drivers\RsFx0150.sys [4/3/2010 11:02 AM 240608] S4 SQLAgent$ACT7;SQL Server Agent (ACT7);c:\program files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\SQLAGENT.EXE [5/5/2010 9:40 PM 367456] . --- Other Services/Drivers In Memory --- . *Deregistered* - mfeavfk01 . Contents of the 'Scheduled Tasks' folder . 2011-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-11-11 19:07] . 2011-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-11-11 19:07] . 2011-11-10 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 172.20.65.18 172.20.65.12 TCP: Interfaces\{97686254-0B42-4A33-A213-770E18FD2058}: NameServer = 8.8.8.8,8.8.4.4 FF - ProfilePath - c:\documents and settings\mikesteiner\Application Data\Mozilla\Firefox\Profiles\ggqnyac6.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - hxxp://easyfit.com/ FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} FF - user.js: yahoo.homepage.dontask - true . . ------- File Associations ------- . .scr=DWGTrueViewScriptFile . - - - - ORPHANS REMOVED - - - - . MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-11-11 15:50 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(376) c:\windows\system32\WININET.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll c:\windows\system32\msi.dll c:\windows\system32\ieframe.dll c:\program files\McAfee\Common Framework\McTrayLegacySupportPlugin.dll c:\program files\McAfee\Common Framework\McTrayInterfaceLib.dll c:\program files\McAfee\Common Framework\McAfeeWin32GUISupportDLL.dll c:\windows\system32\WPDShServiceObj.dll c:\program files\Roxio\Drag-to-Disc\Shellex.dll c:\program files\Common Files\Roxio Shared\9.0\DLLShared\DLAAPI_W.DLL c:\program files\Roxio\Drag-to-Disc\ShellRes.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\windows\system32\hccutils.DLL c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Intel\AMT\atchksrv.exe c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Intel\AMT\LMS.exe c:\program files\McAfee\Common Framework\FrameworkService.exe c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe c:\program files\McAfee\Common Framework\naPrdMgr.exe c:\program files\McAfee\VirusScan Enterprise\mfeann.exe c:\ups\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe c:\program files\Common Files\Protexis\License Service\PsiService_2.exe c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\windows\system32\SearchIndexer.exe c:\windows\system32\igfxsrvc.exe c:\program files\Common Files\McAfee\SystemCore\mcshield.exe c:\program files\McAfee\Common Framework\McTray.exe c:\windows\system32\rdpclip.exe c:\program files\Internet Explorer\IEXPLORE.EXE c:\program files\Trend Micro\HiJackThis\HiJackThis.exe . ************************************************************************** . Completion time: 2011-11-11 16:31:54 - machine was rebooted ComboFix-quarantined-files.txt 2011-11-11 21:24 . Pre-Run: 135,139,557,376 bytes free Post-Run: 135,820,328,960 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - 5AAEC72E82C75B1DA4E1633CE0148D56 attach.zip
- November 11, 2011
- 6 replies

Sign In

FatMagic

Posts

Joined

Last visited

Reputation

Continuous Outgoing Blocks, Unable to Find the Source

Continuous Outgoing Blocks, Unable to Find the Source

Continuous Outgoing Blocks, Unable to Find the Source

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information