C:\WINDOWS\system32\drivers\core.cache.dsk . . . . failed to delete

BOBAMET · Jan 28, 2008

I will start a new thread on this. I need help . i ran the combofix here is the log. what do i need to do next

ComboFix 08-01-23.1C - Gregg 2008-01-27 16:16:23.2 - NTFSx86
Running from: C:\Documents and Settings\Gregg\Local Settings\Temporary Internet Files\Content.IE5\EIGN4I2E\ComboFix[1].exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drivers\core.cache.dsk . . . . failed to delete
.
---- Previous Run -------
.
C:\Documents and Settings\Gregg\Application Data\WinTouch
C:\Documents and Settings\Gregg\g2mdlhlpx.exe
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
C:\Program Files\Common Files\Yazzle1281OinAdmin.exe
C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
C:\Program Files\inetget2
C:\Program Files\inetget2\MTE3MTk6ODoxNg.exe
C:\Program Files\network monitor
C:\Program Files\Router
C:\Program Files\Temporary
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\temp\tn3
C:\Temp\tpBe12
C:\WINDOWS\b103.exe
C:\WINDOWS\b104.exe
C:\WINDOWS\b116.exe
C:\WINDOWS\b122.exe
C:\WINDOWS\b128.exe
C:\WINDOWS\b138.exe
C:\WINDOWS\b149.exe
C:\WINDOWS\b151.exe
C:\WINDOWS\mrofinu572.exe
C:\WINDOWS\system32\atmtd.dll
C:\WINDOWS\system32\atmtd.dll._
C:\WINDOWS\system32\hpsgfnrv.dll
C:\WINDOWS\system32\iifgdax.dll
C:\WINDOWS\system32\ineWc01
C:\WINDOWS\system32\ineWc01\ineWc011065.exe
C:\WINDOWS\system32\lmnnvvnm.dll
C:\WINDOWS\SYSTEM32\npqss.ini
C:\WINDOWS\SYSTEM32\npqss.ini2
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\qgantiqq.dll
C:\WINDOWS\SYSTEM32\qqitnagq.ini
C:\WINDOWS\SYSTEM32\qtstv.ini
C:\WINDOWS\SYSTEM32\qtstv.ini2
C:\WINDOWS\system32\urqpnoo.dll
C:\WINDOWS\system32\vtstq.dll
C:\WINDOWS\SYSTEM32\yyadd.ini
C:\WINDOWS\SYSTEM32\yyadd.ini2
C:\WINDOWS\uninstall_nmon.vbs
C:\WINDOWS\system32\drivers\core.cache.dsk . . . . failed to delete

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\LEGACY_CMDSERVICE

((((((((((((((((((((((((( Files Created from 2007-12-28 to 2008-01-28 )))))))))))))))))))))))))))))))
.

2008-01-27 15:36 . 2008-01-27 16:20 2,048 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\356DDBAC-B610-4745-80F7-242891DF20C1.cxv
2008-01-27 09:23 . 2008-01-27 13:02 2,048 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\4628B4D4-91AA-41CE-BF89-82FEE08AEE19.cxv
2008-01-27 07:46 . 2008-01-27 07:46 1,024 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\A774CA4A-0753-4B3B-B196-30EB7137240B.cxv
2008-01-27 06:40 . 2008-01-27 06:40 1,024 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\187EA6B5-4E28-4E4E-805F-204791C578CA.cxv
2008-01-27 05:34 . 2008-01-27 05:34 1,024 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\EA6D215C-B69B-4B2C-B1CE-D6FBD0828A70.cxv
2008-01-26 19:15 . 2008-01-27 00:51 2,048 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\638FFCC9-53CC-467C-89CE-81EBBFF60B65.cxv
2008-01-26 10:21 . 2008-01-26 10:21 <DIR> d-------- C:\Program Files\PC Optimizer
2008-01-26 07:10 . 2008-01-26 07:10 2,048 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\433902EF-6981-4FA0-A60D-758561AF1B4C.cxv
2008-01-26 07:08 . 2008-01-26 19:17 <DIR> d-------- C:\Program Files\STOPzilla!
2008-01-26 07:08 . 2008-01-26 07:08 <DIR> d-------- C:\Program Files\Common Files\iS3
2008-01-24 17:27 . 2004-08-04 03:00 36,656 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\dosapp.fon
2008-01-24 08:14 . 2008-01-24 08:14 <DIR> d-------- C:\Program Files\CCleaner
2008-01-24 07:23 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-24 06:14 . 2008-01-24 06:21 16,144 --a------ C:\WINDOWS\BM2b4f1190.xml
2008-01-24 06:14 . 2008-01-24 07:11 21 --a------ C:\WINDOWS\pskt.ini
2008-01-23 05:36 . 2008-01-27 16:22 167,545 --------- C:\WINDOWS\SYSTEM32\DRIVERS\core.cache.dsk
2008-01-23 05:35 . 2008-01-27 00:52 <DIR> d-------- C:\WINDOWS\SYSTEM32\winzs6
2008-01-23 05:35 . 2008-01-27 00:52 <DIR> d-------- C:\WINDOWS\SYSTEM32\nui4
2008-01-23 05:35 . 2008-01-23 05:35 <DIR> d-------- C:\WINDOWS\SYSTEM32\extz1
2008-01-23 05:35 . 2008-01-24 07:57 <DIR> d-------- C:\WINDOWS\SYSTEM32\comm7
2008-01-23 05:35 . 2008-01-23 05:35 86,016 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\SymIDSCoo.sys
2008-01-23 05:32 . 2008-01-27 00:53 <DIR> d-------- C:\WINDOWS\SYSTEM32\nGpxx01
2008-01-22 08:20 . 2008-01-22 08:20 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-01-19 12:29 . 2008-01-19 12:30 <DIR> d-------- C:\Program Files\iTunes
2008-01-19 11:25 . 2008-01-26 11:48 <DIR> d-------- C:\Program Files\XoftSpySE
2008-01-17 04:53 . 2008-01-17 04:54 <DIR> d-------- C:\Program Files\QuickTime
2008-01-11 05:42 . 2008-01-27 00:53 <DIR> d-------- C:\WINDOWS\SYSTEM32\edcA01
2008-01-10 15:27 . 2008-01-10 15:27 90,112 --a------ C:\WINDOWS\SYSTEM32\QuickTimeVR.qtx
2008-01-10 15:27 . 2008-01-10 15:27 57,344 --a------ C:\WINDOWS\SYSTEM32\QuickTime.qts
2008-01-02 17:31 . 2007-04-24 10:49 11,776 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\pdiddcci.sys
2008-01-02 17:26 . 2006-11-16 17:20 15,920 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\PdiPorts.sys
2008-01-02 17:21 . 2008-01-02 17:21 <DIR> d-------- C:\Program Files\Portrait Displays
2008-01-02 17:21 . 2008-01-02 17:25 <DIR> d-------- C:\Program Files\Common Files\Portrait Displays
2007-12-31 13:56 . 2007-12-31 13:56 <DIR> d-------- C:\Program Files\Nvu

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-24 14:23 --------- d-----w C:\Program Files\Citrix
2008-01-19 20:03 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-19 20:01 --------- d-----w C:\Program Files\NetWaiting
2008-01-19 19:59 --------- d-----w C:\Program Files\Yahoo!
2008-01-17 13:02 --------- d-----w C:\Program Files\iPod
2007-12-20 13:35 --------- d-----w C:\Program Files\DivX
2007-12-11 22:34 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-12-11 22:34 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-12-11 22:34 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-11-03 13:21 164 ----a-w C:\install.dat
.

((((((((((((((((((((((((((((( snapshot@2008-01-24_ 8.05.01.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-10-23 18:37:28 241,664 ----a-w C:\WINDOWS\Downloaded Program Files\cpcScan.dll
+ 2007-08-10 02:20:32 28,928 ----a-r C:\WINDOWS\SYSTEM32\DRIVERS\SZKG.sys
- 2007-05-13 21:25:35 227,208 ----a-w C:\WINDOWS\SYSTEM32\FNTCACHE.DAT
+ 2008-01-26 03:29:28 227,208 ----a-w C:\WINDOWS\SYSTEM32\FNTCACHE.DAT
+ 2007-09-14 00:34:00 700,416 ----a-r C:\WINDOWS\SYSTEM32\IS3Base5.dll
+ 2007-09-14 00:36:38 311,296 ----a-r C:\WINDOWS\SYSTEM32\IS3DBA5.dll
+ 2007-09-14 00:35:32 61,440 ----a-r C:\WINDOWS\SYSTEM32\IS3Hks5.dll
+ 2007-09-14 00:36:46 126,976 ----a-r C:\WINDOWS\SYSTEM32\IS3HTUI5.dll
+ 2007-09-14 00:34:36 94,208 ----a-r C:\WINDOWS\SYSTEM32\IS3Inet5.dll
+ 2007-09-14 00:34:24 90,112 ----a-r C:\WINDOWS\SYSTEM32\IS3Svc5.dll
+ 2007-09-14 00:35:48 372,736 ----a-r C:\WINDOWS\SYSTEM32\IS3UI5.dll
+ 2007-09-14 00:34:54 200,704 ----a-r C:\WINDOWS\SYSTEM32\IS3Win325.dll
+ 2007-09-14 00:35:14 23,040 ----a-r C:\WINDOWS\SYSTEM32\IS3XDat5.dll
+ 2007-10-05 18:11:08 225,280 ----a-r C:\WINDOWS\SYSTEM32\SZBase5.dll
+ 2006-12-02 06:56:00 96,256 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
+ 2006-12-02 08:25:52 1,101,824 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll
+ 2006-12-02 08:25:56 1,093,120 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll
+ 2006-12-02 08:25:58 69,632 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll
+ 2006-12-02 08:26:00 57,856 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll
+ 2006-12-02 08:08:00 40,960 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll
+ 2006-12-02 08:08:00 45,056 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll
+ 2006-12-02 08:08:00 65,536 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll
+ 2006-12-02 08:08:00 57,344 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
+ 2006-12-02 08:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll
+ 2006-12-02 08:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll
+ 2006-12-02 08:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll
+ 2006-12-02 08:08:00 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll
+ 2006-12-02 08:08:00 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4F9C5225-C547-4822-8492-7A182955335E}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F74D06DB-AFB3-4BCC-9FBC-58FFAC2BF717}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:00 15360]
"WinSettings"="C:\Program Files\PC Optimizer\WinSettings.exe" [2004-06-16 00:00 1818624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-06-28 06:46 622592]
"ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe" [2006-06-29 11:18 77824]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 15:27 385024]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
C:\Program Files\Citrix\GoToAssist\508\G2AWinLogon.dll 2008-01-24 06:22 10536 C:\Program Files\Citrix\GoToAssist\508\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\287c220c]
C:\WINDOWS\system32\qgantiqq.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
C:\Program Files\BitTorrent\bittorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dot1XCfg]
C:\Program Files\Dot1XCfg\Dot1XCfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DT HPW]
--a------ 2007-04-25 12:36 280064 C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-01-15 03:22 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-10 15:27 385024 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Router]
C:\Program Files\Router\Router.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SanaSafeConnect]
C:\Program Files\Sana Security\Primary Response SafeConnect\agent\bin\SanaSafeConnect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wmio]
C:\Program Files\InetGet2\stub109_4_0_4_0.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--------- 2006-10-18 19:05 204288 C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SanaSafeConnectWatcher"=2 (0x2)
"SanaSafeConnectAgent"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
"AIM"=C:\Program Files\AIM\aim.exe -cnetwait.odl

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"=C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
"DMXLauncher"=C:\Program Files\Dell\Media Experience\DMXLauncher.exe
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
"vptray"=C:\PROGRA~1\SYMANT~1\VPTray.exe
"LVCOMS"=C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
"<NO NAME>"=
"ViewMgr"=C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-01-24 07:14:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2005-01-26 18:24:39 C:\WINDOWS\Tasks\ISP signup reminder 1.job"
- C:\WINDOWS\system32\OOBE\OOBEBALN.EXE
"2008-01-28 00:23:46 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
"2008-01-27 13:34:08 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-27 16:24:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-27 16:29:44 - machine was rebooted [Gregg]
ComboFix-quarantined-files.txt 2008-01-28 00:29:41
.
2008-01-10 11:10:40 --- E O F ---

ceewi1 · Jan 28, 2008

Open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

Code:

File::
C:\WINDOWS\pskt.ini
C:\WINDOWS\SYSTEM32\DRIVERS\core.cache.dsk
C:\WINDOWS\SYSTEM32\DRIVERS\SymIDSCoo.sys

Folder::
C:\WINDOWS\SYSTEM32\winzs6
C:\WINDOWS\SYSTEM32\nui4
C:\WINDOWS\SYSTEM32\extz1
C:\WINDOWS\SYSTEM32\comm7
C:\WINDOWS\SYSTEM32\nGpxx01
C:\WINDOWS\SYSTEM32\edcA01

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4F9C5225-C547-4822-8492-7A182955335E}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F74D06DB-AFB3-4BCC-9FBC-58FFAC2BF717}]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\287c220c]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wmio]

Save this as CFScript.txt and change the Save as type to All Files and place it on your desktop.
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION:
Do NOT mouse-click ComboFix's window while it is running. That may cause it to stall.
Also, please do NOT adjust your time format while ComboFix is running.

----------------------------------------------------------------------

Please go to http://www.virustotal.com/, click on Browse, and upload the following file for analysis:

C:\WINDOWS\BM2b4f1190.xml

Then click Send File. Allow the file to be scanned, and then please copy and paste the results here for me to see.

If that scanner is busy, please use this one: http://virusscan.jotti.org

----------------------------------------------------------------------

Please download the HijackThis installer from http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe.

Run the installer and choose Install, indicating that you accept the licence agreement. The installer will place a shortcut on your desktop and launch HijackThis.

Click Do a system scan and save a logfile

When the Notepad window opens choose Edit -> Select All to select the entire log, and copy and paste the log into a reply post.
Most of what it lists will be harmless or even essential, don't fix anything yet.

----------------------------------------------------------------------

Please post

The ComboFix log
The Virustotal or Jotti results
A HijackThis log
An update on how your system is running now

C:\WINDOWS\system32\drivers\core.cache.dsk . . . . failed to delete

BOBAMET

New Member

ceewi1

VIP Member