MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: viruses galore
June 07, 2020, 08:18:34 AM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
June 07, 2020, 08:18:34 AM

Login with username, password and session length
 Featured Sites:
News
New  Got pics of your modded PC or want to show off your cool desktop, visit our new Show & Tell forum!
  0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: viruses galore  (Read 2168 times)
gyrl1da
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 34


Bookmark and Share

View Profile
« on: May 09, 2009, 01:08:24 AM »

Hello, I need help removing what I believe to be several different viruses on this computer. The computer will not allow me to run malware bytes, whicdh I have already installed. When I click the malware bytes icon, it does not load. It didn't even want to let me install the programs malware bytes and hijack this, but I renamed them xxx.exe as you guys advised someone else with a similar problem to do. Please Help!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:59:28 PM, on 5/8/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC1.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\PAV\pav.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\basfipm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\OWNER\Application Data\U3\40549313D9C25C81\LaunchPad.exe
C:\Documents and Settings\OWNER\Desktop\xxx.exe.exe
C:\DOCUME~1\OWNER\LOCALS~1\Temp\is-NNVKU.tmp\xxx.exe.tmp
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ytb.com/Default.aspx?wa=Allyourtravelbylarryandethel&AspxAutoDetectCookieSupport=1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: &Research - {0B014B81-4E12-46F9-806F-55867AF8FD3C} - C:\WINDOWS\system32\winsystems.dll (file missing)
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: &Research - {4AFC04A3-B551-4B68-9BEB-8677D90150D9} - C:\WINDOWS\system32\wincontrol.dll
O2 - BHO: AdvancedAdvisor - {7141E838-7BE0-F63D-6939-29A2CC9FBB15} - C:\Program Files\AdvancedAdvisor\AdvancedAdvisor-3.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: HighlyRelevantAdvertisingProgram - {81930028-D079-7E41-9F5B-3DF61BC8F18D} - C:\Program Files\HighlyRelevantAdvertisingProgram\HighlyRelevantAdvertisingProgram.dll
O2 - BHO: IEocx Class - {96ad72e4-2e2b-4ffc-a5bb-279c2714af12} - C:\WINDOWS\ieocx.dll (file missing)
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [EPSON Stylus C42 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC1.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB001" /M "Stylus C42"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PAV] C:\Program Files\PAV\pav.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe"  -osboot
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O20 - AppInit_DLLs: C:\WINDOWS\System32\ir50_qcx32.dll
O20 - Winlogon Notify: 18754d37530 - C:\WINDOWS\System32\ir50_qcx32.dll (file missing)
O20 - Winlogon Notify: __c00D2657 - C:\WINDOWS\system32\__c00D2657.dat (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 7963 bytes
« Last Edit: May 09, 2009, 03:27:15 AM by gyrl1da » Logged

Karleigh
 -aka-
K-LOVE Tha Gyrl 1-DA
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #1 on: May 09, 2009, 10:26:38 PM »

Ok.We need to download ComboFix.exe. This will give me a better view to the files running and also hidden on your computer and also those in the registry..Please download from one of these webpages .

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe


* IMPORTANT !!! Save ComboFix.exe to your Desktop


Disable your AntiVirus and AntiSpyware applications, usually via a right-click on the System Tray icon. They may otherwise interfere with our tools.

Double-click on ComboFix.exe & follow the prompts.

If it will not run  rename Combofix to xxx.exe and run that.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Recovery Console can be installed from your disc if you have Vista if you wish.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.





Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:





Click on Yes to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt  and a new HJT log in your next reply.


Logged

An Australian Member of

EDDY
gyrl1da
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 34


Bookmark and Share

View Profile
« Reply #2 on: May 10, 2009, 12:06:51 AM »

ok, i got combofix to work, after some difficulty. here's the log:

ComboFix 09-05-08.03 - OWNER 05/09/2009 19:59.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.1023.697 [GMT -4:00]
Running from: c:\documents and settings\OWNER\Desktop\xxx.exe
AV: AVG 7.5.557 *On-access scanning enabled* (Outdated)
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\OWNER\Application Data\02000000cfe819cc530C.manifest
c:\documents and settings\OWNER\Application Data\02000000cfe819cc530O.manifest
c:\documents and settings\OWNER\Application Data\02000000cfe819cc530P.manifest
c:\documents and settings\OWNER\Application Data\02000000cfe819cc530S.manifest
c:\documents and settings\OWNER\Application Data\ShoppingReport
c:\documents and settings\OWNER\Application Data\ShoppingReport\cs\Config.xml
c:\documents and settings\OWNER\Application Data\ShoppingReport\cs\db\Aliases.dbs
c:\documents and settings\OWNER\Application Data\ShoppingReport\cs\db\Sites.dbs
c:\documents and settings\OWNER\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
c:\documents and settings\OWNER\Application Data\ShoppingReport\cs\report\aggr_storage.xml
c:\documents and settings\OWNER\Application Data\ShoppingReport\cs\report\send_storage.xml
c:\documents and settings\OWNER\Application Data\ShoppingReport\cs\res2\WhiteList.dbs
c:\program files\A360
c:\program files\Antivirus 2009
c:\program files\FBrowserAdvisor
c:\program files\FBrowsingAdvisor
c:\program files\FBrowsingAdvisor\IXPCOMEvents.xpt
c:\program files\FBrowsingAdvisor\Logo.png
c:\program files\FBrowsingAdvisor\main.db
c:\program files\FBrowsingAdvisor\unins000.dat
c:\program files\FBrowsingAdvisor\unins000.exe
c:\program files\FBrowsingAdvisor\XPCOMEvents.dll
c:\program files\ShoppingReport
c:\program files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll
c:\program files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
c:\program files\ShoppingReport\Uninst.exe
c:\windows\GnuHashes.ini
c:\windows\system32\drivers\fad.sys
c:\windows\system32\drivers\UACfhkujtqf.sys
c:\windows\system32\GroupPolicy000.dat
c:\windows\system32\ieupdates.exe.tmp
c:\windows\system32\UACabroknki.dll
c:\windows\system32\uacinit.dll
c:\windows\system32\UACjxuxdptd.log
c:\windows\system32\UAClgtqrffo.log
c:\windows\system32\UAClpvvrjbw.dat
c:\windows\system32\UACnelnhrpr.log
c:\windows\system32\UACnvbmikkf.dll
c:\windows\system32\UACnxdebfnn.dll
c:\windows\system32\UACqrfrnkic.dll
c:\windows\system32\UACrdnopksw.dll
c:\windows\system32\wincontrol.dll
c:\windows\system32\WinNB55.dll
C:\xcrashdump.dat

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys


(((((((((((((((((((((((((   Files Created from 2009-04-09 to 2009-05-09  )))))))))))))))))))))))))))))))
.

2009-05-09 23:45 . 2009-05-09 23:45   --------   d-----w   C:\32788R22FWJFW.0.tmp
2009-05-09 00:59 . 2009-05-09 00:59   --------   d-----w   c:\program files\Trend Micro
2009-05-09 00:56 . 2009-02-11 14:19   15504   ----a-w   c:\windows\system32\drivers\mbam.sys
2009-05-09 00:56 . 2009-02-11 14:19   38496   ----a-w   c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-09 00:56 . 2009-05-09 00:56   --------   d-----w   c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-09 00:56 . 2009-05-09 00:56   --------   d-----w   c:\program files\Malwarebytes' Anti-Malware
2009-05-08 18:01 . 2009-05-08 18:01   --------   d-----w   c:\documents and settings\OWNER\Application Data\SignupShield
2009-05-06 07:02 . 2009-03-11 02:18   453512   ----a-w   c:\windows\system32\KB905474\wgasetup.exe
2009-05-06 07:02 . 2009-05-06 07:02   --------   d-----w   c:\windows\system32\KB905474
2009-05-06 07:02 . 2009-03-11 02:26   1403264   ----a-w   c:\windows\system32\KB905474\wganotifypackageinner.exe
2009-04-28 03:35 . 2009-04-28 03:35   --------   d--h--w   c:\windows\PIF
2009-04-28 03:35 . 2009-04-28 03:35   --------   d-----w   c:\program files\HighlyRelevantAdvertisingProgram
2009-04-20 07:18 . 2009-04-20 07:18   51200   ----a-w   c:\windows\system32\drivers\UACqbwwxvnssrwbawk.sys
2009-04-12 17:43 . 2009-05-09 18:50   256   ----a-w   c:\windows\system32\pool.bin
2009-04-12 17:43 . 2009-04-13 06:44   --------   d-----w   c:\documents and settings\OWNER\Application Data\Research In Motion
2009-04-12 17:42 . 2007-01-18 14:24   26496   ----a-r   c:\windows\system32\drivers\RimSerial.sys
2009-04-12 17:41 . 2009-04-12 17:41   --------   d-----w   c:\program files\Common Files\Research In Motion
2009-04-12 17:41 . 2009-04-13 06:36   --------   d-----w   c:\program files\Research In Motion
2009-04-10 23:04 . 2009-04-10 23:04   --------   d-----w   c:\program files\Common Files\Uninstal
2009-04-10 22:55 . 2009-04-10 22:56   --------   d-----w   c:\program files\PAV

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-09 23:56 . 2008-08-03 04:24   --------   d-----w   c:\program files\Incomplete
2009-05-09 23:38 . 2008-07-01 09:06   --------   d-----w   c:\program files\AdvancedAdvisor
2009-05-09 18:51 . 2007-10-12 23:46   --------   d-----w   c:\program files\FrostWiredrob
2009-05-04 16:04 . 2008-12-12 14:32   --------   d-----w   c:\program files\Google
2009-05-04 16:00 . 2007-10-04 21:13   --------   d--h--w   c:\program files\InstallShield Installation Information
2009-03-30 22:50 . 2009-03-30 22:50   --------   d-----w   c:\program files\Common Files\Adobe AIR
2009-03-30 22:48 . 2009-03-30 22:48   --------   d-----w   c:\program files\Common Files\Adobe
2009-03-25 02:14 . 2008-12-22 05:17   --------   d-----w   c:\program files\BlueVoda Website Builder
2009-03-21 21:04 . 2009-03-21 21:04   68520   ----a-w   c:\documents and settings\OWNER\Application Data\GDIPFONTCACHEV1.DAT
2009-03-06 14:00 . 2004-08-04 10:00   284160   ----a-w   c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2006-03-04 03:33   826368   ----a-w   c:\windows\system32\wininet.dll
2009-02-20 18:09 . 2004-08-04 10:00   78336   ------w   c:\windows\system32\ieencode.dll
2009-02-09 10:19 . 2004-08-04 10:00   1846272   ----a-w   c:\windows\system32\win32k.sys
2009-02-09 10:01 . 2004-08-04 10:00   728576   ----a-w   c:\windows\system32\lsasrv.dll
2009-02-09 10:01 . 2004-08-04 10:00   617984   ----a-w   c:\windows\system32\advapi32.dll
2009-02-09 10:01 . 2004-08-04 10:00   401408   ----a-w   c:\windows\system32\rpcss.dll
2009-02-09 10:01 . 2004-08-04 10:00   715264   ----a-w   c:\windows\system32\ntdll.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"= "c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL" [2007-10-12 66912]

[HKEY_CLASSES_ROOT\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2007-10-12 23:46   66912   ----a-w   c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7141E838-7BE0-F63D-6939-29A2CC9FBB15}]
2008-06-03 15:26   1019904   ----a-w   c:\program files\AdvancedAdvisor\AdvancedAdvisor-3.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{81930028-D079-7E41-9F5B-3DF61BC8F18D}]
2009-04-07 07:42   157184   ----a-w   c:\program files\HighlyRelevantAdvertisingProgram\HighlyRelevantAdvertisingProgram.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-16 1392640]
"AVG7_CC"="c:\progra~1\Grisoft\AVG7\avgcc.exe" [2009-02-24 590848]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496]
"EPSON Stylus C42 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S10IC1.EXE" [2002-02-19 74240]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-12-12 185872]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"PAV"="c:\program files\PAV\pav.exe" [2009-04-10 809984]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="c:\progra~1\Grisoft\AVG7\avgw.exe" [2007-10-22 219136]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Desktop Manager.lnk - c:\program files\Research In Motion\BlackBerry\DesktopMgr.exe [2008-6-20 1512720]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages   REG_MULTI_SZ      msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"="1"
"UpdatesDisableNotify"="1"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\FrostWiredrob\\FrostWire.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [10/4/2007 6:13 PM 88192]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4c0dc7a8-f59d-11dd-bacf-0014a50d3b80}]
\Shell\AutoRun\command - E:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ebbd7ebc-3805-11de-bb36-0014a50d3b80}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2009-05-09 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-05-06 02:18]
.
- - - - ORPHANS REMOVED - - - -

BHO-{0B014B81-4E12-46F9-806F-55867AF8FD3C} - c:\windows\system32\winsystems.dll
BHO-{100EB1FD-D03E-47FD-81F3-EE91287F9465} - c:\program files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
BHO-{4AFC04A3-B551-4B68-9BEB-8677D90150D9} - c:\windows\system32\wincontrol.dll
BHO-{96ad72e4-2e2b-4ffc-a5bb-279c2714af12} - c:\windows\ieocx.dll
WebBrowser-{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - (no file)
WebBrowser-{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - (no file)
WebBrowser-{74CC49F7-EB32-4A08-B204-948962A6E3DB} - (no file)
Notify-18754d37530 - c:\windows\System32\ir50_qcx32.dll
Notify-__c00D2657 - c:\windows\system32\__c00D2657.dat
Notify-AtiExtEvent - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ytb.com/Default.aspx?wa=Allyourtravelbylarryandethel&AspxAutoDetectCookieSupport=1
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: {{C5428486-50A0-4a02-9D20-520B59A9F9B2} - {C9CCBB35-D123-4a31-AFFC-9B2933132116} - c:\program files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
IE: {{C5428486-50A0-4a02-9D20-520B59A9F9B3} - {A16AD1E9-F69A-45af-9462-B1C286708842} - c:\program files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-09 20:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-05-10 20:03
ComboFix-quarantined-files.txt  2009-05-10 00:03

Pre-Run: 15,850,749,952 bytes free
Post-Run: 16,474,636,288 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

196   --- E O F ---   2009-05-06 07:02
Logged

Karleigh
 -aka-
K-LOVE Tha Gyrl 1-DA
gyrl1da
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 34


Bookmark and Share

View Profile
« Reply #3 on: May 10, 2009, 12:08:09 AM »

and here's the HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:06:49 PM, on 5/9/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\basfipm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ytb.com/Default.aspx?wa=Allyourtravelbylarryandethel&AspxAutoDetectCookieSupport=1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: AdvancedAdvisor - {7141E838-7BE0-F63D-6939-29A2CC9FBB15} - C:\Program Files\AdvancedAdvisor\AdvancedAdvisor-3.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: HighlyRelevantAdvertisingProgram - {81930028-D079-7E41-9F5B-3DF61BC8F18D} - C:\Program Files\HighlyRelevantAdvertisingProgram\HighlyRelevantAdvertisingProgram.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [EPSON Stylus C42 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC1.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB001" /M "Stylus C42"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PAV] C:\Program Files\PAV\pav.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll (file missing)
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 6120 bytes
Logged

Karleigh
 -aka-
K-LOVE Tha Gyrl 1-DA
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #4 on: May 10, 2009, 02:24:08 AM »

There maybe a bit more to clean after this...



Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It's IMPORTANT to carry out the instructions in the sequence listed below.
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Open *notepad* and copy/paste the text in the quotebox below into it:

Quote



Folder::
C:\32788R22FWJFW.0.tmp
c:\program files\HighlyRelevantAdvertisingProgram
c:\program files\AskSBar
File::
c:\windows\system32\drivers\UACqbwwxvnssrwbawk.sys
Driver::
UACqbwwxvnssrwbawk

 

Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.




Refering to the picture above, drag CFScript.txt into ComboFix.exe


When finished, it shall produce a log for you at C:\ComboFix.txt

Please copy and paste the ComboFix.txt along with a fresh HijackThis log in your next reply  please.


*Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.Altering this script in any way could damage your computer*


Logged

An Australian Member of

EDDY
gyrl1da
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 34


Bookmark and Share

View Profile
« Reply #5 on: May 11, 2009, 07:14:23 PM »

OK, the main problem is still in effect. theres a bubble that keeps poppting up saying i'm infected with the trojan.win32.agent.azsy trojan. it's a yellow sheild looking thing but it does not look like official, i think it's the trojan itself.

Combofix log:

ComboFix 09-05-11.01 - OWNER 05/11/2009 15:05.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.1023.502 [GMT -4:00]
Running from: c:\documents and settings\OWNER\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\OWNER\Desktop\CFScript.txt
AV: AVG 7.5.557 *On-access scanning enabled* (Outdated)

FILE ::
c:\windows\system32\drivers\UACqbwwxvnssrwbawk.sys
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\32788R22FWJFW.0.tmp
c:\32788r22fwjfw.0.tmp\License\Curl - license.txt
c:\32788r22fwjfw.0.tmp\License\dumphive-license.txt
c:\32788r22fwjfw.0.tmp\License\EXTRACT.TXT
c:\32788r22fwjfw.0.tmp\License\FI - license.txt
c:\32788r22fwjfw.0.tmp\License\mtee.txt.txt
c:\32788r22fwjfw.0.tmp\License\pv_5_2_2.zip
c:\32788r22fwjfw.0.tmp\License\streamtools.zip
c:\32788r22fwjfw.0.tmp\License\UnxUtilsDist.html
c:\32788r22fwjfw.0.tmp\License\Zip - license.txt
c:\32788r22fwjfw.0.tmp\pv.cfexe
c:\32788r22fwjfw.0.tmp\RCLink.dat
c:\32788r22fwjfw.0.tmp\REGDACL.sed
c:\32788r22fwjfw.0.tmp\RegDo.sed
c:\32788r22fwjfw.0.tmp\region.dat
c:\32788r22fwjfw.0.tmp\RegScan.cmd
c:\32788r22fwjfw.0.tmp\restore_pt.vbs
c:\32788r22fwjfw.0.tmp\RestoreO4.bat
c:\32788r22fwjfw.0.tmp\Rkey.cmd
c:\32788r22fwjfw.0.tmp\rogues.dat
c:\32788r22fwjfw.0.tmp\run2.sed
c:\32788r22fwjfw.0.tmp\safeboot.dat
c:\32788r22fwjfw.0.tmp\safeboot.def.dat
c:\32788r22fwjfw.0.tmp\safeboot.def.vista.dat
c:\32788r22fwjfw.0.tmp\SafeBootRepair.bat
c:\32788r22fwjfw.0.tmp\sed.cfexe
c:\32788r22fwjfw.0.tmp\SetEnvmt.bat
c:\32788r22fwjfw.0.tmp\setpath.cfexe
c:\32788r22fwjfw.0.tmp\SnapShot.cmd
c:\32788r22fwjfw.0.tmp\SRestore.cmd
c:\32788r22fwjfw.0.tmp\srizbi.md5
c:\32788r22fwjfw.0.tmp\SuppScan.cmd
c:\32788r22fwjfw.0.tmp\svc_wht.dat
c:\32788r22fwjfw.0.tmp\SvcDrv.vbs
c:\32788r22fwjfw.0.tmp\svchost.dat
c:\32788r22fwjfw.0.tmp\svchost.vista.dat
c:\32788r22fwjfw.0.tmp\swreg.exe
c:\32788r22fwjfw.0.tmp\swsc.cfexe
c:\32788r22fwjfw.0.tmp\swxcacls.cfexe
c:\32788r22fwjfw.0.tmp\system_ini.dat
c:\32788r22fwjfw.0.tmp\tail.cfexe
c:\32788r22fwjfw.0.tmp\toolbar.sed
c:\32788r22fwjfw.0.tmp\unzip.cfexe
c:\32788r22fwjfw.0.tmp\Update-CF.cmd
c:\32788r22fwjfw.0.tmp\vistareg.dat
c:\32788r22fwjfw.0.tmp\w2kreg.dat
c:\32788r22fwjfw.0.tmp\xpreg.dat
c:\32788r22fwjfw.0.tmp\zDomain.dat
c:\32788r22fwjfw.0.tmp\zhsvc.dat
c:\32788r22fwjfw.0.tmp\zip.cfexe
c:\program files\AskSBar
c:\program files\AskSBar\bar\1.bin\A2FFXTBR.JAR
c:\program files\AskSBar\bar\1.bin\A2FFXTBR.MANIFEST
c:\program files\AskSBar\bar\1.bin\A2NTSTBR.JAR
c:\program files\AskSBar\bar\1.bin\A2NTSTBR.MANIFEST
c:\program files\AskSBar\bar\Cache\001B1A1C.bin
c:\program files\AskSBar\bar\Cache\001B1B06.bin
c:\program files\AskSBar\bar\Cache\001B1D0A.bin
c:\program files\AskSBar\bar\Cache\001B1DD5.bin
c:\program files\AskSBar\bar\Cache\001B1EA0.bin
c:\program files\AskSBar\bar\Cache\001B1FC9.bin
c:\program files\AskSBar\bar\Cache\09BCB675
c:\program files\AskSBar\bar\Cache\1CF05EE8
c:\program files\AskSBar\bar\Cache\files.ini
c:\program files\AskSBar\bar\History\search2
c:\program files\AskSBar\bar\Settings\prevcfg2.htm
c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
c:\windows\system32\drivers\UACqbwwxvnssrwbawk.sys

.
(((((((((((((((((((((((((   Files Created from 2009-04-11 to 2009-05-11  )))))))))))))))))))))))))))))))
.

2009-05-10 01:15 . 2009-05-11 18:49   664   ----a-w   c:\windows\system32\d3d9caps.dat
2009-05-10 00:53 . 2009-05-10 00:53   0   ----a-w   c:\windows\nsreg.dat
2009-05-10 00:53 . 2009-05-10 00:53   --------   d-----w   c:\documents and settings\OWNER\Local Settings\Application Data\Mozilla
2009-05-10 00:08 . 2009-05-10 00:08   --------   d-----w   c:\documents and settings\OWNER\Application Data\Malwarebytes
2009-05-09 00:59 . 2009-05-09 00:59   --------   d-----w   c:\program files\Trend Micro
2009-05-09 00:56 . 2009-02-11 14:19   15504   ----a-w   c:\windows\system32\drivers\mbam.sys
2009-05-09 00:56 . 2009-02-11 14:19   38496   ----a-w   c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-09 00:56 . 2009-05-09 00:56   --------   d-----w   c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-09 00:56 . 2009-05-09 00:56   --------   d-----w   c:\program files\Malwarebytes' Anti-Malware
2009-05-08 18:01 . 2009-05-08 18:01   --------   d-----w   c:\documents and settings\OWNER\Application Data\SignupShield
2009-05-06 07:02 . 2009-03-11 02:18   453512   ----a-w   c:\windows\system32\KB905474\wgasetup.exe
2009-05-06 07:02 . 2009-05-06 07:02   --------   d-----w   c:\windows\system32\KB905474
2009-05-06 07:02 . 2009-03-11 02:26   1403264   ----a-w   c:\windows\system32\KB905474\wganotifypackageinner.exe
2009-04-28 03:35 . 2009-04-28 03:35   --------   d--h--w   c:\windows\PIF
2009-04-12 17:43 . 2009-05-11 10:39   256   ----a-w   c:\windows\system32\pool.bin
2009-04-12 17:43 . 2009-04-13 06:44   --------   d-----w   c:\documents and settings\OWNER\Application Data\Research In Motion
2009-04-12 17:42 . 2007-01-18 14:24   26496   ----a-r   c:\windows\system32\drivers\RimSerial.sys
2009-04-12 17:41 . 2009-04-12 17:41   --------   d-----w   c:\program files\Common Files\Research In Motion
2009-04-12 17:41 . 2009-04-13 06:36   --------   d-----w   c:\program files\Research In Motion

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-10 03:10 . 2009-05-10 03:10   9200   ------w   c:\windows\system32\drivers\cdralw2k.sys
2009-05-10 03:10 . 2009-05-10 03:10   9072   ------w   c:\windows\system32\drivers\cdr4_xp.sys
2009-05-10 03:10 . 2009-05-10 03:10   44944   ------w   c:\windows\system32\drivers\PxHelp20.sys
2009-05-10 03:09 . 2009-05-10 03:10   158192   ------w   c:\windows\system32\pxwma.dll
2009-05-09 23:56 . 2008-08-03 04:24   --------   d-----w   c:\program files\Incomplete
2009-05-09 23:38 . 2008-07-01 09:06   --------   d-----w   c:\program files\AdvancedAdvisor
2009-05-09 18:51 . 2007-10-12 23:46   --------   d-----w   c:\program files\FrostWiredrob
2009-05-04 16:04 . 2008-12-12 14:32   --------   d-----w   c:\program files\Google
2009-05-04 16:00 . 2007-10-04 21:13   --------   d--h--w   c:\program files\InstallShield Installation Information
2009-04-10 23:04 . 2009-04-10 23:04   --------   d-----w   c:\program files\Common Files\Uninstal
2009-04-10 22:56 . 2009-04-10 22:55   --------   d-----w   c:\program files\PAV
2009-03-30 22:50 . 2009-03-30 22:50   --------   d-----w   c:\program files\Common Files\Adobe AIR
2009-03-30 22:48 . 2009-03-30 22:48   --------   d-----w   c:\program files\Common Files\Adobe
2009-03-25 02:14 . 2008-12-22 05:17   --------   d-----w   c:\program files\BlueVoda Website Builder
2009-03-21 21:04 . 2009-03-21 21:04   68520   ----a-w   c:\documents and settings\OWNER\Application Data\GDIPFONTCACHEV1.DAT
2009-03-06 14:00 . 2004-08-04 10:00   284160   ----a-w   c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2006-03-04 03:33   826368   ----a-w   c:\windows\system32\wininet.dll
2009-02-20 18:09 . 2004-08-04 10:00   78336   ------w   c:\windows\system32\ieencode.dll
.

(((((((((((((((((((((((((((((   SnapShot@2009-05-10_00.02.10   )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-10 03:10 . 2009-05-10 03:09   39672              c:\windows\system32\vxblock.dll
+ 2009-05-10 03:10 . 2009-05-10 03:10   66032              c:\windows\system32\pxinsa64.exe
+ 2009-05-10 03:10 . 2009-05-10 03:10   72176              c:\windows\system32\pxhpinst.exe
+ 2009-05-10 03:10 . 2009-05-10 03:10   66544              c:\windows\system32\pxcpya64.exe
+ 2004-08-04 10:00 . 2009-05-10 01:33   59842              c:\windows\system32\perfc009.dat
- 2004-08-04 10:00 . 2009-04-16 17:38   59842              c:\windows\system32\perfc009.dat
+ 2009-05-10 01:08 . 2009-05-10 01:08   84661              c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2009-05-10 03:10 . 2009-05-10 03:09   379376              c:\windows\system32\pxwave.dll
+ 2009-05-10 03:10 . 2009-05-10 03:09   186864              c:\windows\system32\pxmas.dll
+ 2009-05-10 03:10 . 2009-05-10 03:09   547312              c:\windows\system32\pxdrv.dll
+ 2009-05-10 03:10 . 2009-05-10 03:09   584176              c:\windows\system32\px.dll
+ 2004-08-04 10:00 . 2009-05-10 01:33   395768              c:\windows\system32\perfh009.dat
- 2004-08-04 10:00 . 2009-04-16 17:38   395768              c:\windows\system32\perfh009.dat
+ 2009-02-03 02:15 . 2009-02-03 02:15   240544              c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2009-05-10 03:10 . 2009-05-10 03:10   1690096              c:\windows\system32\pxsfs.dll
+ 2009-02-03 02:15 . 2009-02-03 02:15   3771296              c:\windows\system32\Macromed\Flash\NPSWF32.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-16 1392640]
"AVG7_CC"="c:\progra~1\Grisoft\AVG7\avgcc.exe" [2009-02-24 590848]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496]
"EPSON Stylus C42 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S10IC1.EXE" [2002-02-19 74240]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-12-12 185872]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"PAV"="c:\program files\PAV\pav.exe" [2009-04-10 809984]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="c:\progra~1\Grisoft\AVG7\avgw.exe" [2007-10-22 219136]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Desktop Manager.lnk - c:\program files\Research In Motion\BlackBerry\DesktopMgr.exe [2008-6-20 1512720]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages   REG_MULTI_SZ      msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\FrostWiredrob\\FrostWire.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [10/4/2007 6:13 PM 88192]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4c0dc7a8-f59d-11dd-bacf-0014a50d3b80}]
\Shell\AutoRun\command - E:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ebbd7ebc-3805-11de-bb36-0014a50d3b80}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2009-05-11 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-05-06 02:18]
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
BHO-{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ytb.com/Default.aspx?wa=Allyourtravelbylarryandethel&AspxAutoDetectCookieSupport=1
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\OWNER\Application Data\Mozilla\Firefox\Profiles\juhr84gn.default\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-11 15:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3508)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-05-11 15:09
ComboFix-quarantined-files.txt  2009-05-11 19:08
ComboFix2.txt  2009-05-10 00:03

Pre-Run: 16,373,391,360 bytes free
Post-Run: 16,742,379,520 bytes free

221   --- E O F ---   2009-05-06 07:02
Logged

Karleigh
 -aka-
K-LOVE Tha Gyrl 1-DA
gyrl1da
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 34


Bookmark and Share

View Profile
« Reply #6 on: May 11, 2009, 07:15:13 PM »

HJT LOG:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:13:56 PM, on 5/11/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\basfipm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC1.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\PAV\pav.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\system32\imapi.exe
C:\Program Files\Movie Maker\moviemk.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ytb.com/Default.aspx?wa=Allyourtravelbylarryandethel&AspxAutoDetectCookieSupport=1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [EPSON Stylus C42 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC1.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB001" /M "Stylus C42"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PAV] C:\Program Files\PAV\pav.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 5302 bytes
Logged

Karleigh
 -aka-
K-LOVE Tha Gyrl 1-DA
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #7 on: May 11, 2009, 10:28:35 PM »

Ok.I dont see any more malware.You should be fine now..

This will clear away any of the files and folders that were created by ComboFix.

Go to :
Start > Run then copy and paste the following highlighted text below into the box  and click OK.



ComboFix /u
Logged

An Australian Member of

EDDY
gyrl1da
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 34


Bookmark and Share

View Profile
« Reply #8 on: May 12, 2009, 03:09:57 AM »

thank you, my computer is working much better, but there's still something popping up. i don't know if you read my previous post, but there's still a critical error bubble popping up telling my i have a trojan, and another "vulnerability" message popping up saying i have a virus. i dont think either one of these messages is real. what can i do about this?
Logged

Karleigh
 -aka-
K-LOVE Tha Gyrl 1-DA
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #9 on: May 17, 2009, 04:38:04 AM »

Please download Malwarebytes' Anti-Malware from one of these places:

 http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html

 http://www.besttechie.net/tools/mbam-setup.exe



Double Click mbam-setup.exe to install the application.
If it will not run make a copy of the MBAM.exe and rename MBAM.exe to xxx.exe and run that.Keep the genuine MBAM.exe as we may need to run that later as is.
* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.

* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire report in your next reply along with a fresh HijackThis log.

PLEASE NOTE:
 If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.


Once that Malwarebytes' Anti-Malware is done removing the malware and you have rebooted the computer, browse around and see if you are still having that problem.

Logged

An Australian Member of

EDDY
Pages: [1] Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page November 25, 2018, 04:33:04 AM