[Not curable - Sality] Message c0000013

Catzy · 2009/06/10

umm there is a problem i can't access my McAfee so i can't disable my antivirus there.

broni · 2009/06/10

That's fine. Run Combofix anyway.

Catzy · 2009/06/10

I got to the point where it said
" Do not run any programs until Combofix has Finished "
but then it said "drev_*.datThe filename, directory name, or volume label syntax is incorrect."
should i stay there as it is or exit it?

Catzy · 2009/06/10

never mined that the log has appear. so do i post everything in that log?

Catzy · 2009/06/10

ComboFix 09-06-09.06 - Catzy 06/10/2009 15:52.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.555 [GMT -4:00]
Running from: c:\documents and settings\Catzy\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Catzy\LOCALS~1\Temp\catchme.dll
c:\documents and settings\Catzy\Local Settings\Temp\catchme.dll
.
---- Previous Run -------
.

c:\windows\system32\proquota.exe was missing
Restored copy from - c:\windows\ServicePackFiles\i386\proquota.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SKYNETfpornset
-------\Legacy_ASC3360PR
-------\Service_asc3360pr
-------\Service_kungsfxllykjgw
-------\Legacy_ASC3360PR
-------\Service_asc3360pr

((((((((((((((((((((((((( Files Created from 2009-05-10 to 2009-06-10 )))))))))))))))))))))))))))))))
.

2009-06-10 19:41 . 2008-04-14 00:12 50176 -c--a-w- c:\windows\system32\dllcache\proquota.exe
2009-06-10 19:41 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2009-06-10 18:57 . 2009-06-10 18:57 -------- d-----w- c:\documents and settings\Catzy\Application Data\Malwarebytes
2009-06-10 18:57 . 2009-05-26 17:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-10 18:57 . 2009-06-10 18:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-10 18:57 . 2009-06-10 18:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-10 18:57 . 2009-05-26 17:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-10 02:08 . 2009-06-10 18:49 117760 ----a-w- c:\documents and settings\Catzy\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-06-10 02:08 . 2009-06-10 02:08 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-06-10 02:08 . 2009-06-10 02:08 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-06-10 02:08 . 2009-06-10 02:08 -------- d-----w- c:\documents and settings\Catzy\Application Data\SUPERAntiSpyware.com
2009-06-10 02:07 . 2009-06-10 02:07 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-10 00:04 . 2009-06-10 00:04 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-09 19:37 . 2009-06-09 19:37 -------- d-----w- C:\VundoFix Backups
2009-06-01 21:28 . 2009-06-01 22:55 -------- d-----w- c:\documents and settings\Catzy\Application Data\Hamachi
2009-05-27 23:53 . 2009-05-27 23:53 190976 ----a-w- c:\windows\system32\inst_n82.exe
2009-05-25 20:10 . 2009-05-25 20:10 -------- d-----w- c:\documents and settings\Catzy\Application Data\AdobeUM
2009-05-25 20:09 . 2009-05-25 20:09 -------- d-----w- c:\documents and settings\Catzy\Local Settings\Application Data\Adobe
2009-05-25 17:34 . 2009-05-25 17:34 -------- d-----w- c:\documents and settings\Catzy\Application Data\SampleView

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-10 19:34 . 2005-01-08 01:07 131584 ----a-w- c:\windows\system32\HdAShCut.exe
2009-06-10 00:03 . 2009-02-15 01:16 -------- d-----w- c:\program files\Java
2009-06-01 21:27 . 2009-05-04 20:41 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2009-05-19 06:03 . 2009-02-17 04:57 -------- d-----w- c:\program files\CA Yahoo! Anti-Spy
2009-04-25 03:55 . 2009-04-25 03:55 715804 ----a-w- c:\windows\system32\rn.tmp
2009-04-22 04:48 . 2009-04-22 04:48 128 ----a-w- c:\documents and settings\Catzy\Local Settings\Application Data\fusioncache.dat
2009-04-22 04:47 . 2005-01-10 01:26 56856 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-21 05:21 . 2009-04-21 05:21 -------- d-----w- c:\documents and settings\Catzy\Application Data\Yahoo!
2009-04-21 03:35 . 2009-04-21 03:35 -------- d-----w- c:\documents and settings\Catzy\Application Data\Apple Computer
2009-04-18 16:07 . 2009-02-15 01:30 -------- d-----w- c:\program files\McAfee
2009-04-10 01:23 . 2009-01-10 01:23 124928 --sha-w- c:\windows\system32\zogonaha.exe
2009-04-06 21:08 . 2009-02-18 03:30 47896 ---ha-w- c:\windows\system32\mlfcache.dat
2009-03-25 15:06 . 2009-02-15 00:48 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-03-25 15:06 . 2009-02-15 00:48 79880 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-03-25 15:06 . 2009-02-15 00:48 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-03-25 15:06 . 2009-01-09 17:03 214024 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-03-25 15:05 . 2009-02-15 00:46 34216 ----a-w- c:\windows\system32\drivers\mferkdk.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray "= "c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2005-09-18 7204864]
"NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2005-09-18 86016]
"HostManager "= "c:\program files\Common Files\AOL\1234660972\EE\AOLHostManager.exe" [2004-11-03 203352]
"AOL Spyware Protection "= "c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-10-19 161368]
"readericon "= "c:\program files\Digital Media Reader\readericon45G.exe" [2009-06-10 208896]
"Recguard "= "c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 294912]
"MSKDetectorExe "= "c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-13 1121792]
"McENUI "= "c:\progra~1\McAfee\MHN\McENUI.exe" [2009-01-09 1254632]
"TkBellExe "= "c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-01 267792]
"SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2009-06-10 218520]
"nwiz "= "nwiz.exe" - c:\windows\system32\nwiz.exe [2005-09-18 1593344]
"CHotkey "= "zHotkey.exe" - c:\windows\zHotkey.exe [2004-12-09 550912]
"High Definition Audio Property Page Shortcut "= "HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2009-06-10 131584]
"RTHDCPL "= "RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2005-09-14 14820864]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress "= "NA" [X]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
BigFix.lnk - c:\program files\BigFix\bigfix.exe [2009-2-14 2168360]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-9-10 525664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA "= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost "= "c:\windows\system32\logonuiX.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=" "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=" "

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify "=dword:00000001
"UpdatesDisableNotify "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe "=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe "=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe "=
"c:\\Program Files\\America Online 9.0\\waol.exe "=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe "=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe "=
"c:\\Program Files\\Common Files\\AOL\\1234660972\\EE\\AOLServiceHost.exe "=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe "=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe "=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe "=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe "=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
"c:\\Program Files\\ACME\\ACME Elite Online\\AutoPatch.exe "=
"c:\\Program Files\\ACME\\ACME Elite Online\\Play.exe "=
"c:\\Program Files\\ACME\\ACME Elite Online\\logintool.exe "=
"c:\\My Backup -- 09-02-14 0433PM\\Program Files\\Eudemons Online\\soul.exe "=
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\Program Files\\MSN\\MSNCoreFiles\\Install\\msnsusii.exe "=
"c:\\WINDOWS\\system32\\logonuiX.exe "=
"c:\\WINDOWS\\zHotkey.exe "=
"c:\\Program Files\\Free Download Manager\\fdm.exe "=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe "=
"c:\\WINDOWS\\RTHDCPL.EXE "=
"c:\\Program Files\\BigFix\\bigfix.exe "=
"c:\\WINDOWS\\system32\\HDAShCut.exe "=
"c:\\WINDOWS\\system32\\nwiz.exe "=
"c:\\Program Files\\Real\\RealPlayer\\RealPlay.exe "=
"c:\\PROGRA~1\\COMMON~1\\AOL\\AOLSPY~1\\AOLSP Scheduler.exe "=
"c:\\PROGRA~1\\mcafee\\msc\\mcshell.exe "=
"c:\\Program Files\\Digital Media Reader\\readericon45G.exe "=
"c:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe "=
"c:\\WINDOWS\\ALCMTR.EXE "=
"c:\\Program Files\\McAfee\\SpamKiller\\MSKDetct.exe "=
"c:\\WINDOWS\\SMINST\\RECGUARD.EXE "=
"c:\\PROGRA~1\\FREEDO~1\\fdm.exe "=
"c:\\WINDOWS\\system32\\taskmgr.exe "=
"c:\\PROGRA~1\\McAfee\\MHN\\McENUI.exe "=
"c:\\My Backup -- 09-02-14 0433PM\\Program Files\\Safari\\Safari.exe "=
"c:\\PROGRA~1\\McAfee\\MSC\\mcmscsvc.exe "=
"c:\\PROGRA~1\\COMMON~1\\mcafee\\mna\\mcnasvc.exe "=
"c:\\DOCUME~1\\Catzy\\LOCALS~1\\Temp\\wingrex.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP "= 3389:TCP:*isabledxpsp2res.dll,-22009

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5/26/2009 10:05 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/26/2009 10:05 AM 72944]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2/14/2009 8:50 PM 210216]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [6/10/2009 2:57 PM 40160]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/26/2009 10:05 AM 7408]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - ASC3360PR
.
Contents of the 'Scheduled Tasks' folder

2009-04-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-02-15 15:53]

2009-06-06 c:\windows\Tasks\MyComputer.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-02-15 15:53]
.
- - - - ORPHANS REMOVED - - - -

BHO-{7266a42d-7a69-4cef-a0c5-0cf5cdaaa433} - c:\windows\system32\suhalewo.dll
HKLM-Run-mcagent_exe - c:\program files\McAfee.com\Agent\mcagent.exe
HKLM-Run-LogonStudio - c:\program files\WinCustomize\LogonStudio\logonstudio.exe

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT4016
mStart Page = hxxp://www.yahoo.com/?.home=ytie
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Catzy\Application Data\Mozilla\Firefox\Profiles\x7psgod6.default\
FF - prefs.js: network.proxy.type - 1
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJPI150_02.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPOJI610.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-10 15:59
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(724)
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'Explorer.EXE'(1052)
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\HKNTDLL.dll
c:\program files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\windows\ehome\ehrecvr.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
c:\windows\ehome\ehSched.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\rundll32.exe
c:\windows\ehome\ehmsas.exe
c:\progra~1\COMMON~1\AOL\123466~1\EE\AOLServiceHost.exe
c:\my backup -- 09-02-14 0433pm\Program Files\Safari\Safari.exe
c:\docume~1\Catzy\LOCALS~1\temp\wingrex.exe
c:\windows\system32\taskmgr.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\program files\McAfee\MPF\MpfSrv.exe
.
**************************************************************************
.
Completion time: 2009-06-10 16:16 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-10 20:16

Pre-Run: 100,444,979,200 bytes free
Post-Run: 100,230,782,976 bytes free

250 --- E O F --- 2009-05-14 18:38

broni · 2009/06/10

Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders.

Please, upload following files to http://www.virustotal.com/ for security check:
zogonaha.exe located in c:\windows\system32
Post scan results.

=============================================================================================

Go to Add\Remove, and uninstall BigFix. This program is not functional anymore.

===========================================================================================

1. Please open Notepad

Click Start , then Run

Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
c:\windows\system32\rn.tmp
c:\documents and settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
c:\docume~1\Catzy\LOCALS~1\temp\wingrex.exe

Folder::

Driver::

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"c:\\Program Files\\BigFix\\bigfix.exe "=-
Click to expand...

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

A new HijackThis log.

Catzy · 2009/06/10

Here is the new log.

ComboFix 09-06-09.06 - Catzy 06/10/2009 16:51.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.539 [GMT -4:00]
Running from: c:\documents and settings\Catzy\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ASC3360PR

((((((((((((((((((((((((( Files Created from 2009-05-10 to 2009-06-10 )))))))))))))))))))))))))))))))
.

2009-06-10 19:41 . 2008-04-14 00:12 50176 -c--a-w- c:\windows\system32\dllcache\proquota.exe
2009-06-10 19:41 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2009-06-10 18:57 . 2009-06-10 18:57 -------- d-----w- c:\documents and settings\Catzy\Application Data\Malwarebytes
2009-06-10 18:57 . 2009-05-26 17:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-10 18:57 . 2009-06-10 18:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-10 18:57 . 2009-06-10 18:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-10 18:57 . 2009-05-26 17:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-10 02:08 . 2009-06-10 18:49 117760 ----a-w- c:\documents and settings\Catzy\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-06-10 02:08 . 2009-06-10 02:08 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-06-10 02:08 . 2009-06-10 02:08 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-06-10 02:08 . 2009-06-10 02:08 -------- d-----w- c:\documents and settings\Catzy\Application Data\SUPERAntiSpyware.com
2009-06-10 02:07 . 2009-06-10 02:07 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-10 00:04 . 2009-06-10 00:04 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-09 19:37 . 2009-06-09 19:37 -------- d-----w- C:\VundoFix Backups
2009-06-01 21:28 . 2009-06-01 22:55 -------- d-----w- c:\documents and settings\Catzy\Application Data\Hamachi
2009-05-27 23:53 . 2009-05-27 23:53 190976 ----a-w- c:\windows\system32\inst_n82.exe
2009-05-25 20:10 . 2009-05-25 20:10 -------- d-----w- c:\documents and settings\Catzy\Application Data\AdobeUM
2009-05-25 20:09 . 2009-05-25 20:09 -------- d-----w- c:\documents and settings\Catzy\Local Settings\Application Data\Adobe
2009-05-25 17:34 . 2009-05-25 17:34 -------- d-----w- c:\documents and settings\Catzy\Application Data\SampleView

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-10 20:59 . 2009-02-15 01:27 -------- d-----w- c:\program files\BigFix
2009-06-10 19:34 . 2005-01-08 01:07 131584 ----a-w- c:\windows\system32\HdAShCut.exe
2009-06-10 00:03 . 2009-02-15 01:16 -------- d-----w- c:\program files\Java
2009-06-01 21:27 . 2009-05-04 20:41 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2009-05-19 06:03 . 2009-02-17 04:57 -------- d-----w- c:\program files\CA Yahoo! Anti-Spy
2009-04-25 03:55 . 2009-04-25 03:55 715804 ----a-w- c:\windows\system32\rn.tmp
2009-04-22 04:48 . 2009-04-22 04:48 128 ----a-w- c:\documents and settings\Catzy\Local Settings\Application Data\fusioncache.dat
2009-04-22 04:47 . 2005-01-10 01:26 56856 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-21 05:21 . 2009-04-21 05:21 -------- d-----w- c:\documents and settings\Catzy\Application Data\Yahoo!
2009-04-21 03:35 . 2009-04-21 03:35 -------- d-----w- c:\documents and settings\Catzy\Application Data\Apple Computer
2009-04-18 16:07 . 2009-02-15 01:30 -------- d-----w- c:\program files\McAfee
2009-04-10 01:23 . 2009-01-10 01:23 124928 --sha-w- c:\windows\system32\zogonaha.exe
2009-04-06 21:08 . 2009-02-18 03:30 47896 ---ha-w- c:\windows\system32\mlfcache.dat
2009-03-25 15:06 . 2009-02-15 00:48 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-03-25 15:06 . 2009-02-15 00:48 79880 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-03-25 15:06 . 2009-02-15 00:48 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-03-25 15:06 . 2009-01-09 17:03 214024 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-03-25 15:05 . 2009-02-15 00:46 34216 ----a-w- c:\windows\system32\drivers\mferkdk.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-06-10_19.59.20 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-10 21:02 . 2009-06-10 21:02 19456 c:\windows\Temp\winjboow.exe
+ 2009-06-10 21:01 . 2009-06-10 21:01 16384 c:\windows\Temp\Perflib_Perfdata_a10.dat
+ 2009-06-10 21:02 . 2009-06-10 21:02 8704 c:\windows\Temp\wuxh.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray "= "c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2005-09-18 7204864]
"NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2005-09-18 86016]
"HostManager "= "c:\program files\Common Files\AOL\1234660972\EE\AOLHostManager.exe" [2004-11-03 203352]
"AOL Spyware Protection "= "c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-10-19 161368]
"readericon "= "c:\program files\Digital Media Reader\readericon45G.exe" [2009-06-10 208896]
"Recguard "= "c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 294912]
"MSKDetectorExe "= "c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-13 1121792]
"McENUI "= "c:\progra~1\McAfee\MHN\McENUI.exe" [2009-01-09 1254632]
"TkBellExe "= "c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-01 267792]
"SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2009-06-10 218520]
"nwiz "= "nwiz.exe" - c:\windows\system32\nwiz.exe [2005-09-18 1593344]
"CHotkey "= "zHotkey.exe" - c:\windows\zHotkey.exe [2004-12-09 550912]
"High Definition Audio Property Page Shortcut "= "HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2009-06-10 131584]
"RTHDCPL "= "RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2005-09-14 14820864]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress "= "NA" [X]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-9-10 525664]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost "= "c:\windows\system32\logonuiX.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@= "Driver Group "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@= "Driver "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@= "DiskDrive "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@= "Hdc "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@= "Keyboard "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@= "Mouse "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@= "System "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@= "Volume "

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify "=dword:00000001
"UpdatesDisableNotify "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe "=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe "=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe "=
"c:\\Program Files\\America Online 9.0\\waol.exe "=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe "=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe "=
"c:\\Program Files\\Common Files\\AOL\\1234660972\\EE\\AOLServiceHost.exe "=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe "=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe "=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe "=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe "=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
"c:\\Program Files\\ACME\\ACME Elite Online\\AutoPatch.exe "=
"c:\\Program Files\\ACME\\ACME Elite Online\\Play.exe "=
"c:\\Program Files\\ACME\\ACME Elite Online\\logintool.exe "=
"c:\\My Backup -- 09-02-14 0433PM\\Program Files\\Eudemons Online\\soul.exe "=
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\Program Files\\MSN\\MSNCoreFiles\\Install\\msnsusii.exe "=
"c:\\WINDOWS\\system32\\logonuiX.exe "=
"c:\\WINDOWS\\zHotkey.exe "=
"c:\\Program Files\\Free Download Manager\\fdm.exe "=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe "=
"c:\\WINDOWS\\RTHDCPL.EXE "=
"c:\\WINDOWS\\system32\\HDAShCut.exe "=
"c:\\WINDOWS\\system32\\nwiz.exe "=
"c:\\Program Files\\Real\\RealPlayer\\RealPlay.exe "=
"c:\\PROGRA~1\\COMMON~1\\AOL\\AOLSPY~1\\AOLSP Scheduler.exe "=
"c:\\PROGRA~1\\mcafee\\msc\\mcshell.exe "=
"c:\\Program Files\\Digital Media Reader\\readericon45G.exe "=
"c:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe "=
"c:\\WINDOWS\\ALCMTR.EXE "=
"c:\\Program Files\\McAfee\\SpamKiller\\MSKDetct.exe "=
"c:\\WINDOWS\\SMINST\\RECGUARD.EXE "=
"c:\\PROGRA~1\\FREEDO~1\\fdm.exe "=
"c:\\WINDOWS\\system32\\taskmgr.exe "=
"c:\\PROGRA~1\\McAfee\\MHN\\McENUI.exe "=
"c:\\My Backup -- 09-02-14 0433PM\\Program Files\\Safari\\Safari.exe "=
"c:\\PROGRA~1\\McAfee\\MSC\\mcmscsvc.exe "=
"c:\\PROGRA~1\\COMMON~1\\mcafee\\mna\\mcnasvc.exe "=
"c:\\WINDOWS\\ehome\\ehtray.exe "=
"c:\\WINDOWS\\TEMP\\winjboow.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP "= 3389:TCP:*isabledxpsp2res.dll,-22009

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5/26/2009 10:05 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/26/2009 10:05 AM 72944]
R3 asc3360pr;asc3360pr;\??\c:\windows\system32\drivers\epvjhj.sys --> c:\windows\system32\drivers\epvjhj.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [6/10/2009 2:57 PM 40160]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/26/2009 10:05 AM 7408]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - ASC3360PR
.
Contents of the 'Scheduled Tasks' folder

2009-04-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-02-15 15:53]

2009-06-06 c:\windows\Tasks\MyComputer.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-02-15 15:53]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT4016
mStart Page = hxxp://www.yahoo.com/?.home=ytie
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Catzy\Application Data\Mozilla\Firefox\Profiles\x7psgod6.default\
FF - prefs.js: network.proxy.type - 1
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJPI150_02.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPOJI610.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-10 17:00
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(736)
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'explorer.exe'(2732)
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Common Files\aolshare\aolshcpy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\McAfee\SiteAdvisor\McSACore.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\rundll32.exe
c:\windows\ehome\ehmsas.exe
c:\progra~1\COMMON~1\AOL\123466~1\EE\AOLServiceHost.exe
c:\windows\Temp\winjboow.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
.
**************************************************************************
.
Completion time: 2009-06-10 17:11 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-10 21:11
ComboFix2.txt 2009-06-10 20:16

Pre-Run: 100,608,458,752 bytes free
Post-Run: 100,517,171,200 bytes free

249 --- E O F --- 2009-05-14 18:38

Catzy · 2009/06/10

http://www.virustotal.com/ <----- this link does not seem to connect for me i don't know why.

broni · 2009/06/10

Try this site: http://virusscan.jotti.org/en

At the same time....

Download SafeBoot.zip to your desktop.
Double click on downloaded file to uzipt it.
Double click on SafeBoot-for-Windows-XP-SP3.reg, and allow registry merge.
Restart computer.

Catzy · 2009/06/10

I got cannot import C:\ Documents and Settings\Catzy\Desktop\SafeBoot-for-Window-XP-SP3.reg: Error accessing the registry when i 2x click on the SP3 file.
Also i can't access that site either ( im using Safari if that change anything)

broni · 2009/06/10

Download, and install AVP Tool.
After installation, leave all settings as they're, and simply click on Scan button.
When scan is done, and any objects are found, click on Neutralize all button.
Next, click Reports... button, then Save to file....
Save the file to know location as report.txt.
Open report.txt in Notepad, copy all content, and post it in your next reply.

NOTE. If the file is very large, please, try to attach it.
If that doesn't work either, upload it here: http://www.filedropper.com/
Post download link.

Catzy · 2009/06/10

I got to go somewhere for like 25-30 min ill be back till then. Mean while ill let the scan run it gonna take long still 1% after 7 min >.<

broni · 2009/06/10

No problem

Catzy · 2009/06/10

ok im back. Question : how long does this scan take ? It been 25 min and still at 1%

broni · 2009/06/10

Stop the scan.

1. Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php to your desktop.
(Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

RESTART COMPUTER!

2. Download HijackThis:
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
by clicking on Download HijackThis Installer
Install, and run it.
Post HijackThis log.
Do NOT attempt to "fix" anything!

Catzy · 2009/06/10

Should i Neutralize All and then Click on report or just exit it ?

broni · 2009/06/10

Did it actually find anything?
If so, click "Neutralize all ", and see, if you can get report.
If so, post it back here.

Catzy · 2009/06/10

ya it got some file http://www.filedropper.com/report

broni · 2009/06/10

Oh boy, I was afraid, this may be the case.
You're infected with Sality virus.
Unfortunately, there is no known cure for this virus.
Your only choice is full format, and fresh Windows install.
If you want to backup some data, you can, EXCEPT FOR this type of files:
.exe/.scr/.htm/.html/.xml/.zip/.rar/.asp/.php
Other files should be fine.

I'm sorry

Catzy · 2009/06/10

*sigh* ok i see. well anyway thanks for time and help .

Log in or Sign up

[Not curable - Sality] Message c0000013

Catzy Inactive Thread Starter

broni Moderator Malware Analyst

Catzy Inactive Thread Starter

Catzy Inactive Thread Starter

Catzy Inactive Thread Starter

broni Moderator Malware Analyst

Catzy Inactive Thread Starter

Catzy Inactive Thread Starter

broni Moderator Malware Analyst

Catzy Inactive Thread Starter

broni Moderator Malware Analyst

Catzy Inactive Thread Starter

broni Moderator Malware Analyst

Catzy Inactive Thread Starter

broni Moderator Malware Analyst

Catzy Inactive Thread Starter

broni Moderator Malware Analyst

Catzy Inactive Thread Starter

broni Moderator Malware Analyst

Catzy Inactive Thread Starter

Share This Page

Log in or Sign up

[Not curable - Sality] Message c0000013

Catzy Inactive Thread Starter

broni Moderator Malware Analyst

Catzy Inactive Thread Starter

Catzy Inactive Thread Starter

Catzy Inactive Thread Starter

broni Moderator Malware Analyst

Catzy Inactive Thread Starter

Catzy Inactive Thread Starter

broni Moderator Malware Analyst

Catzy Inactive Thread Starter

broni Moderator Malware Analyst

Catzy Inactive Thread Starter

broni Moderator Malware Analyst

Catzy Inactive Thread Starter

broni Moderator Malware Analyst

Catzy Inactive Thread Starter

broni Moderator Malware Analyst

Catzy Inactive Thread Starter

broni Moderator Malware Analyst

Catzy Inactive Thread Starter

Share This Page

Useful Searches