1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Active virus infection with sysregi.exe and welik.exe

Discussion in 'Malware and Virus Removal Archive' started by tom1kn, 2009/05/10.

  1. 2009/05/10
    tom1kn

    tom1kn Inactive Thread Starter

    Joined:
    2009/05/10
    Messages:
    1
    Likes Received:
    0
    [Active] virus infection with sysregi.exe and welik.exe

    I have managed to infect my system with a virus. TrendMicro PcCillian keeps saying that it has quaranted the files, but they keep reappearing. I have been finding referenced to NOD32 in my system registry, after I remove them they keep reappearing. Any suggestions would be appreciated. I don't really want to reformat and reinstall if I can help it.

    files follow:


    DDS (Ver_09-03-16.01) - NTFSx86
    Run by Owner at 12:22:48.00 on Sun 05/10/2009
    Internet Explorer: 7.0.5730.11
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.446.89 [GMT -7:00]

    AV: Trend Micro PC-cillin Internet Security 2007 *On-access scanning enabled* (Updated)
    FW: Trend Micro PC-cillin Internet Security (Firewall) *enabled*

    ============== Running Processes ===============

    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\System32\wltrysvc.exe
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
    C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    svchost.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\dllhost.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\system32\WLTRAY.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
    C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\rundll43.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\Owner.tomk-laptop\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uSearch Bar = hxxp://www.google.com/ie
    uStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX6422
    uSearch Page = hxxp://www.google.com
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-

    US&ie=utf8&oe=utf8
    uInternet Connection Wizard,ShellNext = hxxp://www.gateway.com/g/startpage.html?

    Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX6422
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    mSearchAssistant = hxxp://www.google.com/ie
    uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!

    \companion\installs\cpn\yt.dll
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!

    \companion\installs\cpn\yt.dll
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common

    files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
    BHO: EnigmaBHO Class: {5cfee306-e014-48a4-876d-06ff09ebb0f3} - c:\program files\ads plugins\Enigma.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google

    toolbar\GoogleToolbar.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program

    files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
    BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program

    files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
    BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\windows\system32\BAE.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6

    \bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6

    \lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!

    \companion\installs\cpn\YTSingleInstance.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!

    \companion\installs\cpn\yt.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google

    toolbar\GoogleToolbar.dll
    EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
    uRun: [OE] "c:\program files\trend micro\internet security 2007\tmas_oe\TMAS_OEMon.exe "
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [Hotfix-KB5504305] c:\windows\system32\rundll43.exe
    uRunServices: [Hotfix-KB5504305] c:\windows\system32\rundll43.exe
    mRun: [ehTray] c:\windows\ehome\ehtray.exe
    mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [Reminder] %WINDIR%\Creator\Remind_XP.exe
    mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
    mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
    mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY
    mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
    mRun: [pccguide.exe] "c:\program files\trend micro\internet security 2007\pccguide.exe "
    mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe "
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe "
    mRun: [StxTrayMenu] "c:\program files\seagate\systemtray\StxMenuMgr.exe "
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe "
    mRun: [WinampAgent] "c:\program files\winamp\winampa.exe "
    dRun: [Power2GoExpress] NA
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2

    \office11\REFIEBAR.DLL
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32

    \Shdocvw.dll
    DPF: {0C89E27C-DD69-44BB-A32E-4D093E859FB2} - hxxps://mcp.microsoft.com/MCP/tools/MCPTranscriptPrint.CAB
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
    DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-

    i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -

    hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {9F9D249E-A410-40BB-8CEB-0956D2B7D79B} - hxxp://www.camguest.com/activex/ClientAX.ocx
    DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} -

    hxxp://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install3.0/Installer.exe
    DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-

    i586.cab
    DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-

    i586.cab
    DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-

    i586.cab
    DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-

    i586.cab
    DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-

    i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-

    i586.cab
    DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-

    i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-

    i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} -

    hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
    TCP: {324B03B3-B711-4F50-BF9A-ED7C32B25DB9} = 85.255.112.225,85.255.112.199
    Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google

    toolbar\component\fastsearch_A8904FB862BD9564.dll
    Notify: AtiExtEvent - Ati2evxx.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

    ============= SERVICES / DRIVERS ===============

    R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
    R2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\trendm~1\intern~1\Tmntsrv.exe [2006-8-24 503808]
    R2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\trendm~1\intern~1\TmPfw.exe [2006-8-24 933949]
    R2 Tmpreflt;Tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2006-8-16 36368]
    R2 tmproxy;Trend Micro Proxy Service;c:\progra~1\trendm~1\intern~1\tmproxy.exe [2006-8-24 561220]
    R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]
    R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2006-6-27 200576]
    R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2006-8-24 281600]
    S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;c:\windows\system32\drivers\el575ND5.sys [2005-11

    -22 69692]

    =============== Created Last 30 ================

    2009-05-10 03:34 300,032 a------- c:\windows\welik.exe
    2009-05-10 01:46 116,224 ac------ c:\windows\system32\dllcache\xrxwiadr.dll
    2009-05-10 01:46 23,040 ac------ c:\windows\system32\dllcache\xrxwbtmp.dll
    2009-05-10 01:46 18,944 ac------ c:\windows\system32\dllcache\xrxscnui.dll
    2009-05-10 01:46 27,648 ac------ c:\windows\system32\dllcache\xrxftplt.exe
    2009-05-10 01:46 4,608 ac------ c:\windows\system32\dllcache\xrxflnch.exe
    2009-05-10 01:46 99,865 ac------ c:\windows\system32\dllcache\xlog.exe
    2009-05-10 01:46 16,970 ac------ c:\windows\system32\dllcache\xem336n5.sys
    2009-05-10 01:46 19,455 ac------ c:\windows\system32\dllcache\wvchntxx.sys
    2009-05-10 01:46 19,200 ac------ c:\windows\system32\dllcache\wstcodec.sys
    2009-05-10 01:46 12,063 ac------ c:\windows\system32\dllcache\wsiintxx.sys
    2009-05-10 01:46 8,192 ac------ c:\windows\system32\dllcache\wshirda.dll
    2009-05-10 01:45 8,832 ac------ c:\windows\system32\dllcache\wmiacpi.sys
    2009-05-10 01:45 154,624 ac------ c:\windows\system32\dllcache\wlluc48.sys
    2009-05-10 01:43 64,605 ac------ c:\windows\system32\dllcache\vvoice.sys
    2009-05-10 01:43 397,502 ac------ c:\windows\system32\dllcache\vpctcom.sys
    2009-05-10 01:43 604,253 ac------ c:\windows\system32\dllcache\vmodem.sys
    2009-05-10 01:43 249,402 ac------ c:\windows\system32\dllcache\vinwm.sys
    2009-05-10 01:43 24,576 ac------ c:\windows\system32\dllcache\viairda.sys
    2009-05-10 01:43 53,760 ac------ c:\windows\system32\dllcache\vfwwdm32.dll
    2009-05-10 01:43 687,999 ac------ c:\windows\system32\dllcache\usrwdxjs.sys
    2009-05-10 01:43 765,884 ac------ c:\windows\system32\dllcache\usrti.sys
    2009-05-10 01:43 113,762 ac------ c:\windows\system32\dllcache\usrpda.sys
    2009-05-10 01:43 7,556 ac------ c:\windows\system32\dllcache\usroslba.sys
    2009-05-10 01:43 224,802 ac------ c:\windows\system32\dllcache\usr1807a.sys
    2009-05-10 01:43 794,399 ac------ c:\windows\system32\dllcache\usr1806v.sys
    2009-05-10 01:43 793,598 ac------ c:\windows\system32\dllcache\usr1806.sys
    2009-05-10 01:41 11,520 ac------ c:\windows\system32\dllcache\twotrack.sys
    2009-05-10 01:41 166,784 ac------ c:\windows\system32\dllcache\tridxpm.sys
    2009-05-10 01:41 525,568 ac------ c:\windows\system32\dllcache\tridxp.dll
    2009-05-10 01:41 159,232 ac------ c:\windows\system32\dllcache\tridkbm.sys
    2009-05-10 01:41 440,576 ac------ c:\windows\system32\dllcache\tridkb.dll
    2009-05-10 01:41 222,336 ac------ c:\windows\system32\dllcache\trid3dm.sys
    2009-05-10 01:41 315,520 ac------ c:\windows\system32\dllcache\trid3d.dll
    2009-05-10 01:41 34,375 ac------ c:\windows\system32\dllcache\tpro4.sys
    2009-05-10 01:41 42,496 ac------ c:\windows\system32\dllcache\tp4res.dll
    2009-05-10 01:41 82,944 ac------ c:\windows\system32\dllcache\tp4mon.exe
    2009-05-10 01:41 31,744 ac------ c:\windows\system32\dllcache\tp4.dll
    2009-05-10 01:41 230,912 ac------ c:\windows\system32\dllcache\tosdvd03.sys
    2009-05-10 01:41 241,664 ac------ c:\windows\system32\dllcache\tosdvd02.sys
    2009-05-10 01:40 28,232 ac------ c:\windows\system32\dllcache\tos4mo.sys
    2009-05-10 01:40 123,995 ac------ c:\windows\system32\dllcache\tjisdn.sys
    2009-05-10 01:40 138,528 ac------ c:\windows\system32\dllcache\tgiulnt5.sys
    2009-05-10 01:40 81,408 ac------ c:\windows\system32\dllcache\tgiul50.dll
    2009-05-10 01:40 149,376 ac------ c:\windows\system32\dllcache\tffsport.sys
    2009-05-10 01:40 17,129 ac------ c:\windows\system32\dllcache\tdkcd31.sys
    2009-05-10 01:40 37,961 ac------ c:\windows\system32\dllcache\tdk100b.sys
    2009-05-10 01:40 30,464 ac------ c:\windows\system32\dllcache\tbatm155.sys
    2009-05-10 01:40 7,040 ac------ c:\windows\system32\dllcache\tandqic.sys
    2009-05-10 01:40 36,640 ac------ c:\windows\system32\dllcache\t2r4mini.sys
    2009-05-10 01:40 172,768 ac------ c:\windows\system32\dllcache\t2r4disp.dll
    2009-05-10 01:40 94,293 ac------ c:\windows\system32\dllcache\sxports.dll
    2009-05-10 01:38 61,824 ac------ c:\windows\system32\dllcache\speed.sys
    2009-05-10 01:37 16,000 ac------ c:\windows\system32\dllcache\smbbatt.sys
    2009-05-10 01:36 101,760 ac------ c:\windows\system32\dllcache\sis300ip.sys
    2009-05-10 01:36 161,568 ac------ c:\windows\system32\dllcache\sgsmusb.sys
    2009-05-10 01:36 18,400 ac------ c:\windows\system32\dllcache\sgsmld.sys
    2009-05-10 01:36 98,080 ac------ c:\windows\system32\dllcache\sgiulnt5.sys
    2009-05-10 01:36 386,560 ac------ c:\windows\system32\dllcache\sgiul50.dll
    2009-05-10 01:36 36,480 ac------ c:\windows\system32\dllcache\sfmanm.sys
    2009-05-10 01:36 6,784 ac------ c:\windows\system32\dllcache\serscan.sys
    2009-05-10 01:36 17,664 ac------ c:\windows\system32\dllcache\sermouse.sys
    2009-05-10 01:36 6,912 ac------ c:\windows\system32\dllcache\seaddsmc.sys
    2009-05-10 01:36 11,520 ac------ c:\windows\system32\dllcache\scsiscan.sys
    2009-05-10 01:36 11,648 ac------ c:\windows\system32\dllcache\scsiprnt.sys
    2009-05-10 01:36 17,280 ac------ c:\windows\system32\dllcache\scr111.sys
    2009-05-10 01:36 16,640 ac------ c:\windows\system32\dllcache\scmstcs.sys
    2009-05-10 01:34 82,432 ac------ c:\windows\system32\dllcache\rwia450.dll
    2009-05-10 01:33 3,328 ac------ c:\windows\system32\dllcache\qv2kux.sys
    2009-05-10 01:32 75,776 ac------ c:\windows\system32\dllcache\philcam1.sys
    2009-05-10 01:31 20,480 ac------ c:\windows\system32\dllcache\ovcomc.dll
    2009-05-10 01:30 9,344 ac------ c:\windows\system32\dllcache\ntapm.sys
    2009-05-10 01:30 7,552 ac------ c:\windows\system32\dllcache\nsmmc.sys
    2009-05-10 01:30 28,672 ac------ c:\windows\system32\dllcache\nscirda.sys
    2009-05-10 01:27 87,040 ac------ c:\windows\system32\dllcache\nm6wdm.sys
    2009-05-10 01:27 126,080 ac------ c:\windows\system32\dllcache\nm5a2wdm.sys
    2009-05-10 01:27 32,840 ac------ c:\windows\system32\dllcache\ngrpci.sys
    2009-05-10 01:27 132,695 ac------ c:\windows\system32\dllcache\netwlan5.sys
    2009-05-10 01:25 19,968 ac------ c:\windows\system32\dllcache\mxicfg.dll
    2009-05-10 01:24 235,648 ac------ c:\windows\system32\dllcache\mgaud.dll
    2009-05-10 01:23 70,730 ac------ c:\windows\system32\dllcache\lne100tx.sys
    2009-05-10 01:22 38,784 ac------ c:\windows\system32\dllcache\io8.sys
    2009-05-10 01:21 702,845 ac------ c:\windows\system32\dllcache\i81xdnt5.dll
    2009-05-10 01:20 5,760 ac------ c:\windows\system32\dllcache\hpt4qic.sys
    2009-05-10 01:19 59,136 ac------ c:\windows\system32\dllcache\gckernel.sys
    2009-05-10 01:18 11,850 ac------ c:\windows\system32\dllcache\f3ab18xj.sys
    2009-05-10 01:17 19,996 ac------ c:\windows\system32\dllcache\em556n4.sys
    2009-05-10 01:16 31,305 ac------ c:\windows\system32\dllcache\disrvpp.dll
    2009-05-10 01:15 14,848 ac------ c:\windows\system32\dllcache\cyclom-y.sys
    2009-05-10 01:14 236,032 ac------ c:\windows\system32\dllcache\camext20.dll
    2009-05-10 01:13 13,696 ac------ c:\windows\system32\dllcache\avcstrm.sys
    2009-05-10 01:11 66,048 ac------ c:\windows\system32\dllcache\s3legacy.dll
    2009-05-09 16:14 2,148 a------- c:\windows\system32\wpa.dbl
    2009-05-08 21:29 65,536 ---shr-- c:\windows\system32\rundll43.exe
    2009-05-03 19:37 129,520 -------- c:\windows\system32\pxafs.dll
    2009-05-03 19:33 7,680 a------- c:\windows\system32\ff_vfw.dll
    2009-05-03 19:33 547 a------- c:\windows\system32\ff_vfw.dll.manifest
    2009-05-03 19:33 60,273 a------- c:\windows\system32\pthreadGC2.dll
    2009-05-03 19:33 <DIR> --d----- c:\program files\ffdshow
    2009-05-03 19:30 <DIR> --d----- c:\program files\Vodei
    2009-05-03 12:00 <DIR> --d----- c:\program files\uTorrent
    2009-05-03 12:00 <DIR> --d----- c:\docume~1\owner~1.tom\applic~1\uTorrent
    2009-04-14 10:18 2,560 -------- c:\windows\system32\xpsp4res.dll

    ==================== Find3M ====================

    2009-03-09 05:19 410,984 a------- c:\windows\system32\deploytk.dll
    2009-03-06 07:22 284,160 a------- c:\windows\system32\pdh.dll
    2009-03-02 17:18 826,368 a------- c:\windows\system32\wininet.dll
    2009-02-20 11:09 78,336 a------- c:\windows\system32\ieencode.dll
    2006-10-03 13:12 0 ac------ c:\docume~1\owner~1.tom\applic~1\wklnhst.dat
    2008-04-13 17:12 300,032 ---shr-- c:\windows\system32\sysregi.exe
    2008-07-31 01:07 32,768 a--sh--- c:\windows\system32\config\systemprofile\local

    settings\history\history.ie5\mshist012008073120080801\index.dat

    ============= FINISH: 12:23:33.54 ===============

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_09-03-16.01)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 8/6/2006 5:33:58 PM
    System Uptime: 5/10/2009 8:52:22 AM (4 hours ago)

    Motherboard: Gateway | |


    Processor: Mobile AMD Sempron(tm) Processor 3100+ | Socket 754 | 1578/200mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 33 GiB total, 15.978 GiB free.
    D: is FIXED (FAT32) - 7 GiB total, 4.768 GiB free.
    E: is CDROM ()
    F: is FIXED (NTFS) - 15 GiB total, 10.367 GiB free.
    G: is FIXED (NTFS) - 10 GiB total, 4.143 GiB free.
    H: is FIXED (NTFS) - 10 GiB total, 7.777 GiB free.

    ==== Disabled Device Manager Items =============

    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Marvell Yukon 88E8036 PCI-E Fast Ethernet Controller
    Device ID: PCI\VEN_11AB&DEV_4351&SUBSYS_0300107B&REV_10\4&1F6619AB&0&0030
    Manufacturer: Marvell
    Name: Marvell Yukon 88E8036 PCI-E Fast Ethernet Controller
    PNP Device ID: PCI\VEN_11AB&DEV_4351&SUBSYS_0300107B&REV_10\4&1F6619AB&0&0030
    Service: yukonwxp

    ==== System Restore Points ===================

    RP349: 4/6/2009 10:59:21 PM - System Checkpoint
    RP350: 4/8/2009 11:00:21 AM - Software Distribution Service 3.0
    RP351: 4/11/2009 5:56:58 PM - System Checkpoint
    RP352: 4/12/2009 8:05:58 PM - System Checkpoint
    RP353: 4/14/2009 11:43:41 AM - Software Distribution Service 3.0
    RP354: 4/15/2009 12:21:50 PM - System Checkpoint
    RP355: 4/17/2009 9:22:40 AM - System Checkpoint
    RP356: 4/22/2009 11:34:19 PM - System Checkpoint
    RP357: 4/24/2009 2:31:48 PM - System Checkpoint
    RP358: 4/25/2009 6:35:33 PM - System Checkpoint
    RP359: 4/26/2009 4:16:49 AM - Installed Java(TM) 6 Update 13
    RP360: 5/1/2009 1:31:21 PM - System Checkpoint
    RP361: 5/2/2009 7:06:08 PM - Software Distribution Service 3.0
    RP362: 5/4/2009 2:51:02 AM - System Checkpoint
    RP363: 5/6/2009 11:09:04 PM - Configured AutoBackup
    RP364: 5/8/2009 5:07:53 PM - System Checkpoint
    RP365: 5/10/2009 4:30:37 AM - System Checkpoint

    ==== Installed Programs ======================

    µTorrent
    Adobe Reader 8.1.4
    Adobe Shockwave Player 11
    Adobe® Photoshop® Album Starter Edition 3.2
    Apple Software Update
    ATI - Software Uninstall Utility
    ATI Control Panel
    ATI Display Driver
    Boson NetSim LE for McGraw-Hill
    Broadcom 802.11 Network Adapter
    Browser Address Error Redirector
    Conexant AC-Link Audio
    Critical Update for Windows Media Player 11 (KB959772)
    DVD Solution
    ffdshow [rev 1723] [2007-12-24]
    FreeAgent Pro Tools
    Google Toolbar for Internet Explorer
    Harry Potter (TM) Demo
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 10 (KB903157)
    Hotfix for Windows Media Player 10 (KB910393)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB952287)
    InterActual Player
    J2SE Runtime Environment 5.0 Update 2
    J2SE Runtime Environment 5.0 Update 6
    Java(TM) 6 Update 13
    Java(TM) 6 Update 2
    Java(TM) 6 Update 3
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Hotfix (KB928366)
    Microsoft .NET Framework 2.0 Service Pack 1
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Digital Image Library 9 - Blocker
    Microsoft Digital Image Starter Edition 2006
    Microsoft Digital Image Starter Edition 2006 Editor
    Microsoft Digital Image Starter Edition 2006 Library
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Money 2006
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Standard Edition 2003
    Microsoft Press Readiness Review 70-290
    Microsoft Silverlight
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Works
    MSXML 4.0 SP2 (KB925672)
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    Napster Burn Engine
    Netflix Movie Viewer
    PartitionMagic
    PowerDVD
    PowerQuest PartitionMagic 8.0
    QuickTime
    RealPlayer Basic
    Recovery Software Suite Gateway
    Security Update for CAPICOM (KB931906)
    Security Update for Windows Internet Explorer 7 (KB937143)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB961373)
    Self Test Practice Test Engine
    Self Test Software: Exam 70-290
    Soft Data Fax Modem with SmartCP
    Sonic Encoders
    Spybot - Search & Destroy 1.4
    Synaptics Pointing Device Driver
    TechSkills TestPrep
    Texas Instruments PCIxx21/x515/xx12 drivers.
    TIPCI
    Trend Micro PC-cillin Internet Security 2007
    Update for Windows Media Player 10 (KB913800)
    Update for Windows Media Player 10 (KB926251)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update Rollup 2 for Windows XP Media Center Edition 2005
    Viewpoint Media Player
    Vodei Multimedia Processor 2.10
    WebFldrs XP
    Winamp
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 7
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows XP Media Center Edition 2005 KB925766
    Windows XP Service Pack 3
    XAce Plus v2.6
    Yahoo! Install Manager
    Yahoo! Software Update
    Yahoo! Toolbar

    ==== Event Viewer Messages From Past Week ========

    5/9/2009 4:15:59 PM, error: Service Control Manager [7000] - The Media Center

    Extender Service service failed to start due to the following error: Access is

    denied.
    5/8/2009 9:52:49 PM, error: Service Control Manager [7011] - Timeout (30000

    milliseconds) waiting for a transaction response from the stisvc service.
    5/8/2009 9:50:52 PM, error: NetBT [4311] - Initialization failed because the

    driver device could not be created.
    5/8/2009 10:24:20 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to

    start the service wuauserv with arguments " " in order to run the server:

    {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    5/8/2009 10:23:38 PM, error: sr [1] - The System Restore filter encountered the

    unexpected error '0xC0000001' while processing the file '' on the volume

    'HarddiskVolume1'. It has stopped monitoring the volume.
    5/8/2009 10:08:21 PM, error: Service Control Manager [7026] - The following

    boot-start or system-start driver(s) failed to load: AFD AmdK8 Fips IPSec MRxSmb

    NetBIOS NetBT RasAcd Rdbss Tcpip tmtdi
    5/8/2009 10:08:21 PM, error: Service Control Manager [7001] - The Trend Micro

    Proxy Service service depends on the Trend Micro TDI Driver service which failed

    to start because of the following error: A device attached to the system is not

    functioning.
    5/8/2009 10:08:21 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS

    Helper service depends on the AFD service which failed to start because of the

    following error: A device attached to the system is not functioning.
    5/8/2009 10:08:21 PM, error: Service Control Manager [7001] - The IPSEC Services

    service depends on the IPSEC driver service which failed to start because of the

    following error: A device attached to the system is not functioning.
    5/8/2009 10:08:21 PM, error: Service Control Manager [7001] - The DNS Client

    service depends on the TCP/IP Protocol Driver service which failed to start

    because of the following error: A device attached to the system is not

    functioning.
    5/8/2009 10:08:21 PM, error: Service Control Manager [7001] - The DHCP Client

    service depends on the NetBios over Tcpip service which failed to start because

    of the following error: A device attached to the system is not functioning.
    5/8/2009 10:08:06 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to

    start the service EventSystem with arguments " " in order to run the server:

    {1BE1F766-5536-11D1-B726-00C04FB926AF}
    5/8/2009 10:08:04 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to

    start the service netman with arguments " " in order to run the server: {BA126AE5

    -2166-11D1-B1D0-00805FC1270E}
    5/3/2009 7:16:00 PM, error: Service Control Manager [7009] - Timeout (30000

    milliseconds) waiting for the HTTP SSL service to connect.
    5/3/2009 7:16:00 PM, error: Service Control Manager [7000] - The HTTP SSL

    service failed to start due to the following error: The service did not respond

    to the start or control request in a timely fashion.
    5/3/2009 7:14:56 PM, error: Service Control Manager [7009] - Timeout (30000

    milliseconds) waiting for the Google Software Updater service to connect.
    5/3/2009 7:14:56 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to

    start the service gusvc with arguments " " in order to run the server: {89DAE4CD-

    9F17-4980-902A-99BA84A8F5C8}
    5/10/2009 1:49:19 AM, information: Windows File Protection [64017] - Windows

    File Protection file scan completed successfully.
    5/10/2009 1:49:18 AM, information: Windows File Protection [64021] - The system

    file c:\windows\ehome\snchk.exe could not be copied into the DLL cache. The

    specific error code is 0x000004c7 [The operation was canceled by the user. ].

    This file is necessary to maintain system stability.
    5/10/2009 1:49:07 AM, information: Windows File Protection [64021] - The system

    file c:\windows\ehome\ehituner.dll could not be copied into the DLL cache. The

    specific error code is 0x000004c7 [The operation was canceled by the user. ].

    This file is necessary to maintain system stability.
    5/10/2009 1:49:01 AM, information: Windows File Protection [64021] - The system

    file c:\windows\ehome\ehiepg.dll could not be copied into the DLL cache. The

    specific error code is 0x000004c7 [The operation was canceled by the user. ].

    This file is necessary to maintain system stability.
    5/10/2009 1:48:45 AM, information: Windows File Protection [64021] - The system

    file c:\windows\ehome\ko\ehepgdat.resources.dll could not be copied into the DLL

    cache. The specific error code is 0x000004c7 [The operation was canceled by the

    user. ]. This file is necessary to maintain system stability.
    5/10/2009 1:48:41 AM, information: Windows File Protection [64021] - The system

    file c:\windows\ehome\ja\ehepgdat.resources.dll could not be copied into the DLL

    cache. The specific error code is 0x000004c7 [The operation was canceled by the

    user. ]. This file is necessary to maintain system stability.
    5/10/2009 1:48:33 AM, information: Windows File Protection [64021] - The system

    file c:\windows\ehome\fr\ehepgdat.resources.dll could not be copied into the DLL

    cache. The specific error code is 0x000004c7 [The operation was canceled by the

    user. ]. This file is necessary to maintain system stability.
    5/10/2009 1:48:28 AM, information: Windows File Protection [64021] - The system

    file c:\windows\ehome\de\ehepgdat.resources.dll could not be copied into the DLL

    cache. The specific error code is 0x000004c7 [The operation was canceled by the

    user. ]. This file is necessary to maintain system stability.
    5/10/2009 1:48:24 AM, information: Windows File Protection [64021] - The system

    file c:\windows\ehome\zh-chs\ehepgdat.resources.dll could not be copied into the

    DLL cache. The specific error code is 0x000004c7 [The operation was canceled by

    the user. ]. This file is necessary to maintain system stability.
    5/10/2009 1:48:02 AM, information: Windows File Protection [64021] - The system

    file c:\windows\ehome\ehcircl.dll could not be copied into the DLL cache. The

    specific error code is 0x000004c7 [The operation was canceled by the user. ].

    This file is necessary to maintain system stability.
    5/10/2009 1:46:03 AM, information: Windows File Protection [64021] - The system

    file c:\program files\windows media player\wmpns.dll could not be copied into the

    DLL cache. The specific error code is 0x000004c7 [The operation was canceled by

    the user. ]. This file is necessary to maintain system stability.
    5/10/2009 1:30:53 AM, information: Windows File Protection [64021] - The system

    file c:\program files\windows media player\npdrmv2.dll could not be copied into

    the DLL cache. The specific error code is 0x000004c7 [The operation was canceled

    by the user. ]. This file is necessary to maintain system stability.
    5/10/2009 1:13:13 AM, information: Windows File Protection [64021] - The system

    file c:\program files\windows media player\npwmsdrm.dll could not be copied into

    the DLL cache. The specific error code is 0x000004c7 [The operation was canceled

    by the user. ]. This file is necessary to maintain system stability.
    5/10/2009 1:13:06 AM, information: Windows File Protection [64021] - The system

    file c:\program files\windows media player\npdsplay.dll could not be copied into

    the DLL cache. The specific error code is 0x000004c7 [The operation was canceled

    by the user. ]. This file is necessary to maintain system stability.
    5/10/2009 1:12:55 AM, information: Windows File Protection [64021] - The system

    file c:\program files\windows media player\mplayer2.exe could not be copied into

    the DLL cache. The specific error code is 0x000004c7 [The operation was canceled

    by the user. ]. This file is necessary to maintain system stability.
    5/10/2009 1:10:18 AM, information: Windows File Protection [64016] - Windows

    File Protection file scan was started.

    ==== End Of File ===========================
     
    tom1kn,
    #1
  2. 2009/05/14
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Print these instructions out.

    NOTE. If any of the programs listed below refuse to run, try renaming executive file to something else; for instance, rename hijackthis.exe to scanner.exe

    STEP 1. Download SUPERAntiSpyware Free for Home Users:
    http://www.superantispyware.com/

    * Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    * An icon will be created on your desktop. Double-click that icon to launch the program.
    * If asked to update the program definitions, click "Yes ". If not, update the definitions before scanning by selecting "Check for Updates ". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
    * Close SUPERAntiSpyware.

    PHYSICALLY DISCONNECT FROM THE INTERNET

    Restart computer in Safe Mode.
    To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; select Safe Mode; you'll see "Safe Mode" in all four corners of your screen

    * Open SUPERAntiSpyware.
    * Under Configuration and Preferences, click the Preferences button.
    * Under General and Startup tab, make sure, Start SUPERAntiSpyware when Windows starts option is UN-checked.
    * Click the Scanning Control tab.
    * Under Scanner Options make sure the following are checked (leave all others unchecked):
    - Close browsers before scanning.
    - Scan for tracking cookies.
    - Terminate memory threats before quarantining.
    * Click the Close button to leave the control center screen.
    * Back on the main screen, under Scan for Harmful Software click Scan your computer.
    * On the left, make sure you check C:\Fixed Drive.
    * On the right, under Complete Scan, choose Perform Complete Scan.
    * Click Next to start the scan. Please be patient while it scans your computer.
    * After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click OK.
    * Make sure everything has a checkmark next to it and click Next.
    * A notification will appear that Quarantine and Removal is Complete. Click OK and then click the Finish button to return to the main menu.
    * If asked if you want to reboot, click Yes.
    * To retrieve the removal information after reboot, launch SUPERAntispyware again.
    - Click Preferences, then click the Statistics/Logs tab.
    - Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    - If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    - Please copy and paste the Scan Log results in your next reply.
    * Click Close to exit the program.
    Post SUPERAntiSpyware log.
    NOTE: Tracking cookies may be omitted from the log.

    RECONNECT TO THE INTERNET

    RESTART COMPUTER!

    STEP 2. Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php to your desktop.
    (Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform full scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    RESTART COMPUTER!

    STEP 3. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
    Alternative downloads:
    - http://majorgeeks.com/GMER_d5198.html
    - http://www.softpedia.com/get/Interne...ers/GMER.shtml
    Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
    When scan is completed, click Save button, and save the results as gmer.log
    Warning ! Please, do not select the "Show all" checkbox during the scan.
    Post the log to your next reply.

    RESTART COMPUTER

    STEP 4. Download HijackThis:
    http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
    by clicking on Download HijackThis Installer
    Install, and run it.
    Post HijackThis log.
    Do NOT attempt to "fix" anything!


    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #2


  3. to hide this advert.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...