Travel Fans
Go Back   Computer Juice Computer Software Virus, Spyware & Security
Reload this Page

Help! - Win32/agent trojan

Register Site Spy Member List Donate Search Today's Posts Mark Forums Read Forum Rules

Register

 Default 

Help! - Win32/agent trojan




Reply
Page 1 of 3 1 23
 
Thread Tools
  #1  
Old 18th Jan 2008, 13:38
Full Member
Posts: 16
 
Computer has been getting very slow over the last few days, scan, tonight, shows virus - variant of win32/agent trojan? this is in E:\system volume information file and in C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5. What exactly does this mean and how can i get rid of it? I currently have NOD32 Antivirus system.

Please can someone rescue my computer?

  #2  
Old 18th Jan 2008, 13:44
Moderator
Posts: 3,779
 
Hello.

Give me 5 minutes, i'll go and get our malware moderator to help you.
__________________
I'm godly at Halo 3.....I wish

DON'T get me started on the Call of Duty franchise

Arby and the Chief is awesome
__________________

My System: Zoomy

Processor(s):
E8400 @ 3.6ghz (400x9) @
Motherboard:
Asus P5K Premium
RAM Memory:
2GB Dominator 8500
Graphics Card(s):
BFG 8800GT
Sound Card:
Xfi Extremegamer
Hard Drive(s):
3.35TB ext storage. 2TB i
Optical Drive(s):
LG GGC H20L
Case / PSU:
Enermax 720w
Cooling:
AC7
Network / Internet:
Monitor(s):
245B, 931B (Samsung)
Operating System(s):
Vista 32P
  #3  
Old 18th Jan 2008, 13:50
Moderator
Posts: 7,557
 
E:\system volume information << System restore point - Not harmful unless you do a system restore.

C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5 << Temp. files, could just be a cookie

With that said it is advised to let me have a look at a HJT log and then we will safely remove the bad entries.
Download and rename HijackThis (HJT)
  • Double-click on HJTInstall.
  • Click on the Install button.
  • It will automatically place HJT in C:\Program Files\TrendMicro\HijackThis\HijackThis.exe.
  • Upon install, HijackThis should open for you.
    • Close HijackThis and rename it.
    • Go to C:\Program Files\Trend Micro\HijackThis.exe
    • Right click on HijackThis.exe and select Rename.
    • Type in sniper.exe and press Enter.
    • Right-click on sniper.exe and select Send To > Desktop (create shortcut)
  • From the desktop open HiackThis.
  • If using Windows Vista, be sure to Run As Administrator
  • Click on the Do a system scan and save a log file button
  • HijackThis will scan and then a log will open in notepad.
  • Copy and then paste the log in your post.
    • Don't have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.
Even though we have renamed HijackThis to sniper, we will still refer to it as HijackThis or HJT.

Next post please add
Hijackthis log
__________________
  #4  
Old 18th Jan 2008, 14:08
Full Member
Posts: 16
 
Ok here is the log: Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:06:14 PM, on 1/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\TalkTalk\bin\sprtcmd.exe
C:\Program Files\Kontiki\KHost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterRuntime.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\PROGRA~1\Symbian\Shared\SYMBIA~1\SYMBIA~1.EXE
C:\PROGRA~1\Symbian\Shared\SYMBIA~1\SCBAL.exe
C:\Documents and Settings\Admin\Desktop\HijackThis\sniper.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [TalkTalk] "C:\Program Files\TalkTalk\bin\sprtcmd.exe" /P TalkTalk
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PC Suite for Smartphones] "C:\Program Files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [mRouterConfig] "C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe"
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...p=ZKxdm012YYGB
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...1.0.0.15-3.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Unknown owner - C:\Program Files\Kontiki\KService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
--
End of file - 11886 bytes


Hope i've done that right for you??

Mumskiii
  #5  
Old 18th Jan 2008, 14:42
Moderator
Posts: 7,557
 
There is a bit of an adware problem that should be easy to clear up.

There are also a few other things we will deal with.

Go to add/remove programs and uninstall any of these found:
MyWebSearch
My Web Search Bar Search Scope Monitor
My Web Search Toolbar
MyWebSearch Email Plugin
FunWebProducts

----------

Please download ATF Cleaner by Atribune. ATF Cleaner.exe

Make sure that all browser windows are closed.
  • Under the Main tab, put a check next to Select All.
    Click the Empty Selected button. (Note: if you remove cookies, automated login at forums and sites will be disabled. If you do not want this, uncheck Cookies)
  • If you use the Firefox browser:
    Click on Firefox at the top and put a check next to Select All.
    If you would like to keep your saved passwords, click No at the prompt.
    Click the Empty Selected button. (Note: if you remove cookies, automated login at forums and sites will be disabled. If you do not want this, uncheck Cookies)
  • If you use the Opera browser:
    Click on Opera at the top and put a check next to Select All.
    If you would like to keep your saved passwords, click No at the prompt.
    Click the Empty Selected button. (Note: if you remove cookies, automated login at forums and sites will be disabled. If you do not want this, uncheck Cookies)

Restart the computer.

----------
Download SUPERAntispyware Free Edition (SAS)
  • Double-click the icon on your desktop to run the installer.
  • When asked to Update the program definitions, click Yes
  • Next click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure only the following are checked:
    • Close browsers before scanning
    • Scan for tracking cookies
    • Terminate memory threats before quarantining
    • Please leave the others unchecked.
    • Click the Close button to leave the control center screen.
  • Click the Close button to leave the control center screen.
  • On the main screen click Scan your computer
  • On the left check C:\Fixed Drive
  • On the right choose Perform Complete Scan
  • Click Next to start the scan. Please be patient while it scans your computer.
  • After the scan is complete a summary box will appear. Click OK
  • Make sure everything in the white box has a check next to it, then click Next
  • It will quarantine what it found and if it asks if you want to reboot, click Yes
  • To retrieve the removal information please do the following:
    • After reboot, double-click the SUPERAntiSpyware icon on your desktop.
    • Click Preferences. Click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • It will open in your default text editor (such as Notepad/Wordpad).
    • Save the notepad file to your desktop by clicking (in notepad) "File" "Save As"
  • Save the log somewhere you can easily find it. (normally the desktop)
  • Click close and close again to exit the program.
  • Please copy and then paste the log in your post.
----------

Run a new Hijackthis scan and post the log in the next reply.

Next post
Superantispyware log
New Hijackthis log
__________________
  #6  
Old 25th Jan 2008, 13:05
Full Member
Posts: 16
 
Hi, sorry for delay in sorting this, here are the two logs that you requested:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 01/25/2008 at 05:41 PM
Application Version : 3.9.1008
Core Rules Database Version : 3388
Trace Rules Database Version: 1382
Scan type : Complete Scan
Total Scan Time : 01:46:35
Memory items scanned : 537
Memory threats detected : 0
Registry items scanned : 6578
Registry threats detected : 0
File items scanned : 92917
File threats detected : 55
Adware.Tracking Cookie
C:\Documents and Settings\Admin\Cookies\admin@atdmt[2].txt
C:\Documents and Settings\Admin\Cookies\admin@doubleclick[1].txt
C:\Documents and Settings\Admin\Cookies\admin@mediaplex[1].txt
C:\Documents and Settings\Admin\Cookies\admin@tribalfusion[2].txt
E:\Documents and Settings\Admin\Cookies\admin@1.adbrite[1].txt
E:\Documents and Settings\Admin\Cookies\admin@3.adbrite[1].txt
E:\Documents and Settings\Admin\Cookies\admin@ad.zanox[2].txt
E:\Documents and Settings\Admin\Cookies\admin@adrevenue[2].txt
E:\Documents and Settings\Admin\Cookies\admin@ads.adbrite[2].txt
E:\Documents and Settings\Admin\Cookies\admin@ads.addesktop[2].txt
E:\Documents and Settings\Admin\Cookies\admin@ads.aol.co[2].txt
E:\Documents and Settings\Admin\Cookies\admin@ads.expedia[1].txt
E:\Documents and Settings\Admin\Cookies\admin@ads.realtechnetwork[1].txt
E:\Documents and Settings\Admin\Cookies\admin@ads.soft32[1].txt
E:\Documents and Settings\Admin\Cookies\admin@ads.uknetguide.co[1].txt
E:\Documents and Settings\Admin\Cookies\admin@as.casalemedia[1].txt
E:\Documents and Settings\Admin\Cookies\admin@azjmp[2].txt
E:\Documents and Settings\Admin\Cookies\admin@burstnet[1].txt
E:\Documents and Settings\Admin\Cookies\admin@click.cashengines[1].txt
E:\Documents and Settings\Admin\Cookies\admin@clicksor[1].txt
E:\Documents and Settings\Admin\Cookies\admin@dealtime.co[2].txt
E:\Documents and Settings\Admin\Cookies\admin@freecodesource.advertserve[2].txt
E:\Documents and Settings\Admin\Cookies\admin@image.masterstats[1].txt
E:\Documents and Settings\Admin\Cookies\admin@imrworldwide[2].txt
E:\Documents and Settings\Admin\Cookies\admin@interclick[2].txt
E:\Documents and Settings\Admin\Cookies\admin@media.mtvnservices[1].txt
E:\Documents and Settings\Admin\Cookies\admin@mediametrics.mpsa[1].txt
E:\Documents and Settings\Admin\Cookies\admin@nextag.co[1].txt
E:\Documents and Settings\Admin\Cookies\admin@oddcast[2].txt
E:\Documents and Settings\Admin\Cookies\admin@precisionclick[2].txt
E:\Documents and Settings\Admin\Cookies\admin@primedia.us.intellitxt[1].txt
E:\Documents and Settings\Admin\Cookies\admin@redirect.qitraffic[2].txt
E:\Documents and Settings\Admin\Cookies\admin@saletrack.co[2].txt
E:\Documents and Settings\Admin\Cookies\admin@stats.channel4[1].txt
E:\Documents and Settings\Admin\Cookies\admin@superstats[1].txt
E:\Documents and Settings\Admin\Cookies\admin@tracking.summitmedia.co[1].txt
E:\Documents and Settings\Admin\Cookies\admin@vhost.oddcast[2].txt
E:\Documents and Settings\Admin\Cookies\admin@virginmedia[1].txt
E:\Documents and Settings\Admin\Cookies\admin@www.3dstats[2].txt
E:\Documents and Settings\Admin\Cookies\admin@www.burstbeacon[1].txt
E:\Documents and Settings\Admin\Cookies\admin@www.doubleclickloans.co[1].txt
E:\Documents and Settings\Admin\Cookies\admin@www.ezytrack[2].txt
E:\Documents and Settings\Admin\Cookies\admin@www.googleadservices[10].txt
E:\Documents and Settings\Admin\Cookies\admin@www.googleadservices[1].txt
E:\Documents and Settings\Admin\Cookies\admin@www.googleadservices[2].txt
E:\Documents and Settings\Admin\Cookies\admin@www.googleadservices[3].txt
E:\Documents and Settings\Admin\Cookies\admin@www.googleadservices[4].txt
E:\Documents and Settings\Admin\Cookies\admin@www.googleadservices[5].txt
E:\Documents and Settings\Admin\Cookies\admin@www.googleadservices[6].txt
E:\Documents and Settings\Admin\Cookies\admin@www.googleadservices[7].txt
E:\Documents and Settings\Admin\Cookies\admin@www.googleadservices[8].txt
E:\Documents and Settings\Admin\Cookies\admin@www.googleadservices[9].txt
E:\Documents and Settings\Admin\Cookies\admin@www1.addfreestats[1].txt
E:\Documents and Settings\Admin\Cookies\admin@xiti[1].txt
E:\Documents and Settings\Admin\Cookies\admin@zbox.zanox[2].txt



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:04:06 PM, on 1/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\TalkTalk\bin\sprtcmd.exe
C:\Program Files\Kontiki\KHost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe
C:\Program Files\SUPERAntiSpyware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterRuntime.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Admin\Desktop\HijackThis\sniper.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [TalkTalk] "C:\Program Files\TalkTalk\bin\sprtcmd.exe" /P TalkTalk
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PC Suite for Smartphones] "C:\Program Files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [mRouterConfig] "C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...1.0.0.15-3.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Unknown owner - C:\Program Files\Kontiki\KService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
--
End of file - 10132 bytes


Speak soon

mumskiii
  #7  
Old 25th Jan 2008, 16:13
Moderator
Posts: 7,557
 
Looking better.


Please download Combofix by sUBs from one of the below links.
(Try all three if necessary)IMPORTANT - Combofix.exe MUST be saved to your your Desktop.
  • Close any open Web browsers. (Firefox, Internet Explorer, etc)
  • Close/disable all anti virus and anti malware programs so they do not interfere with Combofix. <-- IMPORTANT
    • Click on this link to see a list of programs that should be disabled and how to disable them. If yours is not listed and you don't know how to disable it, please ask.
  • Double click combofix.exe & follow the prompts.
    • From the keyboard select 1 and press Enter
  • When finished, it will produce a log for you.
  • Post that log in your next reply.
Do not mouseclick combofix's window while it's running.
The scan will temporarily disable your desktop.
If interrupted it may leave your computer frozen.
If this occurs, please reboot to restore the desktop.

----------

Next post add
Combofix log
__________________
  #8  
Old 26th Jan 2008, 08:56
Full Member
Posts: 16
 
Hi, here is the Combofix log:


ComboFix 08-01-23.1C - Admin 2008-01-26 15:46:59.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.107 [GMT 0:00]
Running from: C:\Documents and Settings\Admin\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\Shared\0005D6DF.dat
.
((((((((((((((((((((((((( Files Created from 2007-12-26 to 2008-01-26 )))))))))))))))))))))))))))))))
.
2008-01-26 15:45 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-25 22:13 . 2008-01-25 22:13 244 --ah----- C:\sqmnoopt17.sqm
2008-01-25 22:13 . 2008-01-25 22:13 232 --ah----- C:\sqmdata17.sqm
2008-01-25 22:03 . 2008-01-25 22:03 244 --ah----- C:\sqmnoopt16.sqm
2008-01-25 22:03 . 2008-01-25 22:03 244 --ah----- C:\sqmnoopt15.sqm
2008-01-25 22:03 . 2008-01-25 22:03 244 --ah----- C:\sqmnoopt14.sqm
2008-01-25 22:03 . 2008-01-25 22:03 232 --ah----- C:\sqmdata16.sqm
2008-01-25 22:03 . 2008-01-25 22:03 232 --ah----- C:\sqmdata15.sqm
2008-01-25 22:03 . 2008-01-25 22:03 232 --ah----- C:\sqmdata14.sqm
2008-01-25 15:51 . 2008-01-25 15:51 <DIR> d-------- C:\Program Files\Plugins
2008-01-23 15:14 . 2008-01-23 15:21 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-01-18 20:57 . 2008-01-18 21:05 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-11 15:53 . 2008-01-11 15:53 268 --ah----- C:\sqmdata13.sqm
2008-01-11 15:53 . 2008-01-11 15:53 244 --ah----- C:\sqmnoopt13.sqm
2008-01-11 15:06 . 2008-01-11 15:06 <DIR> d-------- C:\Program Files\How To Master
2008-01-09 19:53 . 2007-11-07 09:50 727,040 --------- C:\WINDOWS\system32\dllcache\lsasrv.dll
2008-01-09 19:53 . 2007-10-30 17:20 360,064 --------- C:\WINDOWS\system32\dllcache\tcpip.sys
2007-12-30 21:10 . 2006-07-25 10:36 84,960 -ra------ C:\WINDOWS\system32\drivers\zebrsce.sys
2007-12-30 21:09 . 2006-07-25 10:36 100,672 -ra------ C:\WINDOWS\system32\drivers\zebrmdmc.sys
2007-12-30 21:07 . 2006-07-25 18:36 100,640 -ra------ C:\WINDOWS\system32\drivers\zebrmdm.sys
2007-12-30 21:07 . 2006-07-25 18:36 9,264 -ra------ C:\WINDOWS\system32\drivers\zebrmdfl.sys
2007-12-30 21:07 . 2006-07-25 10:36 6,176 -ra------ C:\WINDOWS\system32\drivers\zebrcmnt.sys
2007-12-30 21:07 . 2006-07-25 10:36 6,176 -ra------ C:\WINDOWS\system32\drivers\zebrcm.sys
2007-12-30 20:56 . 2006-07-25 18:36 66,656 -ra------ C:\WINDOWS\system32\drivers\zebrbus.sys
2007-12-30 20:47 . 2006-07-25 18:36 53,408 -ra------ C:\WINDOWS\system32\drivers\zebrceb.sys
2007-12-30 20:47 . 2006-07-25 18:36 5,872 -ra------ C:\WINDOWS\system32\drivers\zebrwhnt.sys
2007-12-30 20:47 . 2006-07-25 18:36 5,872 -ra------ C:\WINDOWS\system32\drivers\zebrwh.sys
2007-12-30 20:46 . 2005-06-08 15:53 288 --a------ C:\WINDOWS\mrinstu.iss
2007-12-30 20:45 . 2007-12-30 20:45 <DIR> d-------- C:\Program Files\Symbian
2007-12-30 20:45 . 2007-12-30 20:45 <DIR> d-------- C:\Program Files\Intuwave
2007-12-30 20:44 . 2007-12-30 20:46 <DIR> d-------- C:\Program Files\Sony Ericsson
2007-12-30 20:44 . 2007-12-30 20:44 <DIR> d-------- C:\Program Files\Common Files\Sony Ericsson Shared
2007-12-28 08:46 . 2007-12-28 08:46 268 --ah----- C:\sqmdata12.sqm
2007-12-28 08:46 . 2007-12-28 08:46 244 --ah----- C:\sqmnoopt12.sqm
2007-12-27 15:19 . 2007-12-27 15:19 268 --ah----- C:\sqmdata11.sqm
2007-12-27 15:19 . 2007-12-27 15:19 244 --ah----- C:\sqmnoopt11.sqm
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-25 15:49 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-23 14:49 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-01-18 22:14 --------- d-----w C:\Program Files\MSN Messenger
2007-12-30 20:44 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2007-12-16 20:54 --------- d-----w C:\Program Files\Kontiki
2007-12-16 20:54 --------- d-----w C:\Program Files\Google
2007-12-16 19:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-16 19:14 --------- d-----w C:\Program Files\LimeWire
2007-12-16 12:04 --------- d-----w C:\Program Files\iTunes
2007-12-16 12:04 --------- d-----w C:\Program Files\iPod
2007-12-16 12:01 --------- d-----w C:\Program Files\QuickTime
2007-11-07 09:50 727,040 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:35 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:35 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-27 17:40 222,720 -c--a-w C:\WINDOWS\system32\wmasf.dll
2007-06-21 14:07 146,672 ----a-w C:\Program Files\SSUpdate.exe
2007-06-21 14:06 1,318,912 ----a-w C:\Program Files\SUPERAntiSpyware.exe
2007-06-21 09:24 401,920 ----a-w C:\Program Files\SASREPAIRS.STG
2007-06-21 08:59 7,990,260 ----a-w C:\Program Files\PROCESSLIST.DB
2007-06-21 08:59 613,194 ----a-w C:\Program Files\PROCESSLISTRELATED.DB
2007-04-19 13:41 294,912 ----a-w C:\Program Files\SASWINLO.dll
2007-02-27 12:39 61,440 ----a-w C:\Program Files\SASCTXMN.DLL
2007-02-27 12:39 32,256 ----a-w C:\Program Files\SASKUTIL.SYS
2006-12-20 13:55 77,824 ----a-w C:\Program Files\SASSEH.DLL
2006-10-10 13:53 5,632 ----a-w C:\Program Files\sasdifsv.sys
2006-09-19 15:55 360,448 ----a-r C:\Program Files\deupx.dll
2006-06-13 11:44 945,641 ----a-w C:\Program Files\SUPERAntiSpyware.chm
2006-02-16 17:51 4,096 ----a-r C:\Program Files\SASENUM.SYS
2005-12-08 13:25 118,144 ----a-r C:\Program Files\BootSafe.exe
2005-05-11 22:36 12,288 -c--a-w C:\WINDOWS\Fonts\RandFont.dll
2004-05-20 13:28 2,048 ----a-w C:\Program Files\detect.wav
2004-05-07 15:31 348,160 ----a-w C:\Program Files\msvcr71.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2007-01-05 02:30 1253376]
"kdx"="C:\Program Files\Kontiki\KHost.exe" [2006-11-08 16:32 1040832]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00 15360]
"mRouterConfig"="C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe" [2006-03-02 11:54 290816]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2004-01-16 03:33 49152 C:\WINDOWS\system32\VTTimer.exe]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-07-01 17:38 949376]
"TalkTalk"="C:\Program Files\TalkTalk\bin\sprtcmd.exe" [2005-08-15 23:12 192512]
"4oD"="C:\Program Files\Kontiki\KHost.exe" [2006-11-08 16:32 1040832]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"RTHDCPL"="RTHDCPL.EXE" [2006-09-12 08:58 16264192 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 10:04 2879488 C:\WINDOWS\SkyTel.exe]
"HPHUPD08"="C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-01 17:35 49152]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 22:12 49152]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe" [2005-09-19 10:53 1687552]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe" [2005-09-19 10:29 163840]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 01:50 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-28 01:50 81920]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-10-20 11:19 185632]
"Omnipage"="C:\Program Files\ScanSoft\OmniPageSE\opware32.exe" [2002-06-03 11:38 49152]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 10:56 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 12:10 267048]
"PC Suite for Smartphones"="C:\Program Files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" [2006-07-06 14:34 491520]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2007-01-05 02:30 1253376]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide3"="cmd.exe" [2004-08-04 04:00 388608 C:\WINDOWS\system32\cmd.exe]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 22:23:26 282624]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-11 23:49:24 73728]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"ForceStartMenuLogoff"= 0 (0x0)
"NoStartMenuPinnedList"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoUserNameInStartMenu"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"StartMenuLogoff"= 1 (0x1)
"ForceStartMenuLogoff"= 0 (0x0)
"NoStartMenuPinnedList"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoUserNameInStartMenu"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SASWINLO.dll
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 03:38]
R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-02-23 03:39]
R3 zebrceb;Sony Ericsson Cable Emulation Bus (WDM);C:\WINDOWS\system32\DRIVERS\zebrceb.sys [2006-07-25 18:36]
S3 motmodem;Motorola USB CDC ACM Driver;C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-02-27 13:31]
S3 zebrbus;Sony Ericsson Composite Device driver;C:\WINDOWS\system32\DRIVERS\zebrbus.sys [2006-07-25 18:36]
S3 zebrmdfl;Sony Ericsson Modem Filter;C:\WINDOWS\system32\DRIVERS\zebrmdfl.sys [2006-07-25 18:36]
S3 zebrmdm;Sony Ericsson Port (WDM);C:\WINDOWS\system32\DRIVERS\zebrmdm.sys [2006-07-25 18:36]
S3 zebrmdmc;Sony Ericsson mRouter Port (WDM);C:\WINDOWS\system32\DRIVERS\zebrmdmc.sys [2006-07-25 10:36]
S3 zebrsce;Sony Ericsson PC-Connect Port;C:\WINDOWS\system32\DRIVERS\zebrsce.sys [2006-07-25 10:36]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\Bin\assetup.exe
*Newly Created Service* - PROCEXP90
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Windows Sidebar]
C:\WINDOWS\system32\hidec /W C:\VAIO\Tools\REGTLIB.EXE "C:\Program Files\Windows Sidebar\sidebar.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{34A19196-274E-4D75-9D30-D7A45A0A4178}]
"C:\Program Files\Windows Sidebar\.\regsvr32.exe" /s wlsrvc.dll
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6B9228DA-9C15-419e-856C-19E768A13BDC}]
"C:\Program Files\Windows Sidebar\.\regsvr32.exe" /s sbdrop.dll
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{BADA65A0-86B7-462B-B720-CE66655C73F5}]
regsvr32 /s C:\VAIO\.\vshellext.dll
.
Contents of the 'Scheduled Tasks' folder
"2008-01-26 10:11:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-26 15:49:55
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
Completion time: 2008-01-26 15:52:06
ComboFix-quarantined-files.txt 2008-01-26 15:51:15
.
2008-01-11 14:58:00 --- E O F ---


Speak soon

Mumskiii
  #9  
Old 26th Jan 2008, 09:15
Moderator
Posts: 7,557
 
Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
  • Click Start , then Run
  • Type notepad.exe in the Run Box.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code:
C:\sqmnoopt17.sqm
C:\sqmdata17.sqm
C:\sqmnoopt16.sqm
C:\sqmnoopt15.sqm
C:\sqmnoopt14.sqm
C:\sqmdata16.sqm
C:\sqmdata15.sqm
C:\sqmdata14.sqm
C:\sqmdata13.sqm
C:\sqmnoopt13.sqm
C:\sqmdata12.sqm
C:\sqmnoopt12.sqm
C:\sqmdata11.sqm
C:\sqmnoopt11.sqm
3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log Combofix.txt in your next reply.

Note: Do not mouseclick combofix's window while it is running. That may cause your system to freeze

Next post
Combofix log
New Hijackthis log
__________________
  #10  
Old 26th Jan 2008, 10:08
Full Member
Posts: 16
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:07:54 PM, on 1/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\TalkTalk\bin\sprtcmd.exe
C:\Program Files\Kontiki\KHost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe
C:\Program Files\SUPERAntiSpyware.exe
C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterRuntime.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Admin\Desktop\HijackThis\sniper.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [TalkTalk] "C:\Program Files\TalkTalk\bin\sprtcmd.exe" /P TalkTalk
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PC Suite for Smartphones] "C:\Program Files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [mRouterConfig] "C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...1.0.0.15-3.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Unknown owner - C:\Program Files\Kontiki\KService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
--
End of file - 10002 bytes


ComboFix 08-01-23.1C - Admin 2008-01-26 16:54:27.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.120 [GMT 0:00]Running from: C:\Documents and Settings\Admin\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Admin\Desktop\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2007-12-26 to 2008-01-26 )))))))))))))))))))))))))))))))
.
2008-01-26 15:45 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-25 22:13 . 2008-01-25 22:13 244 --ah----- C:\sqmnoopt17.sqm
2008-01-25 22:13 . 2008-01-25 22:13 232 --ah----- C:\sqmdata17.sqm
2008-01-25 22:03 . 2008-01-25 22:03 244 --ah----- C:\sqmnoopt16.sqm
2008-01-25 22:03 . 2008-01-25 22:03 244 --ah----- C:\sqmnoopt15.sqm
2008-01-25 22:03 . 2008-01-25 22:03 244 --ah----- C:\sqmnoopt14.sqm
2008-01-25 22:03 . 2008-01-25 22:03 232 --ah----- C:\sqmdata16.sqm
2008-01-25 22:03 . 2008-01-25 22:03 232 --ah----- C:\sqmdata15.sqm
2008-01-25 22:03 . 2008-01-25 22:03 232 --ah----- C:\sqmdata14.sqm
2008-01-25 15:51 . 2008-01-25 15:51 <DIR> d-------- C:\Program Files\Plugins
2008-01-23 15:14 . 2008-01-23 15:21 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-01-18 20:57 . 2008-01-18 21:05 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-11 15:53 . 2008-01-11 15:53 268 --ah----- C:\sqmdata13.sqm
2008-01-11 15:53 . 2008-01-11 15:53 244 --ah----- C:\sqmnoopt13.sqm
2008-01-11 15:06 . 2008-01-11 15:06 <DIR> d-------- C:\Program Files\How To Master
2008-01-09 19:53 . 2007-11-07 09:50 727,040 --------- C:\WINDOWS\system32\dllcache\lsasrv.dll
2008-01-09 19:53 . 2007-10-30 17:20 360,064 --------- C:\WINDOWS\system32\dllcache\tcpip.sys
2007-12-30 21:10 . 2006-07-25 10:36 84,960 -ra------ C:\WINDOWS\system32\drivers\zebrsce.sys
2007-12-30 21:09 . 2006-07-25 10:36 100,672 -ra------ C:\WINDOWS\system32\drivers\zebrmdmc.sys
2007-12-30 21:07 . 2006-07-25 18:36 100,640 -ra------ C:\WINDOWS\system32\drivers\zebrmdm.sys
2007-12-30 21:07 . 2006-07-25 18:36 9,264 -ra------ C:\WINDOWS\system32\drivers\zebrmdfl.sys
2007-12-30 21:07 . 2006-07-25 10:36 6,176 -ra------ C:\WINDOWS\system32\drivers\zebrcmnt.sys
2007-12-30 21:07 . 2006-07-25 10:36 6,176 -ra------ C:\WINDOWS\system32\drivers\zebrcm.sys
2007-12-30 20:56 . 2006-07-25 18:36 66,656 -ra------ C:\WINDOWS\system32\drivers\zebrbus.sys
2007-12-30 20:47 . 2006-07-25 18:36 53,408 -ra------ C:\WINDOWS\system32\drivers\zebrceb.sys
2007-12-30 20:47 . 2006-07-25 18:36 5,872 -ra------ C:\WINDOWS\system32\drivers\zebrwhnt.sys
2007-12-30 20:47 . 2006-07-25 18:36 5,872 -ra------ C:\WINDOWS\system32\drivers\zebrwh.sys
2007-12-30 20:46 . 2005-06-08 15:53 288 --a------ C:\WINDOWS\mrinstu.iss
2007-12-30 20:45 . 2007-12-30 20:45 <DIR> d-------- C:\Program Files\Symbian
2007-12-30 20:45 . 2007-12-30 20:45 <DIR> d-------- C:\Program Files\Intuwave
2007-12-30 20:44 . 2007-12-30 20:46 <DIR> d-------- C:\Program Files\Sony Ericsson
2007-12-30 20:44 . 2007-12-30 20:44 <DIR> d-------- C:\Program Files\Common Files\Sony Ericsson Shared
2007-12-28 08:46 . 2007-12-28 08:46 268 --ah----- C:\sqmdata12.sqm
2007-12-28 08:46 . 2007-12-28 08:46 244 --ah----- C:\sqmnoopt12.sqm
2007-12-27 15:19 . 2007-12-27 15:19 268 --ah----- C:\sqmdata11.sqm
2007-12-27 15:19 . 2007-12-27 15:19 244 --ah----- C:\sqmnoopt11.sqm
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-25 15:49 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-23 14:49 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-01-18 22:14 --------- d-----w C:\Program Files\MSN Messenger
2007-12-30 20:44 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2007-12-16 20:54 --------- d-----w C:\Program Files\Kontiki
2007-12-16 20:54 --------- d-----w C:\Program Files\Google
2007-12-16 19:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-16 19:14 --------- d-----w C:\Program Files\LimeWire
2007-12-16 12:04 --------- d-----w C:\Program Files\iTunes
2007-12-16 12:04 --------- d-----w C:\Program Files\iPod
2007-12-16 12:01 --------- d-----w C:\Program Files\QuickTime
2007-11-07 09:50 727,040 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:35 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:35 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-27 17:40 222,720 -c--a-w C:\WINDOWS\system32\wmasf.dll
2007-06-21 14:07 146,672 ----a-w C:\Program Files\SSUpdate.exe
2007-06-21 14:06 1,318,912 ----a-w C:\Program Files\SUPERAntiSpyware.exe
2007-06-21 09:24 401,920 ----a-w C:\Program Files\SASREPAIRS.STG
2007-06-21 08:59 7,990,260 ----a-w C:\Program Files\PROCESSLIST.DB
2007-06-21 08:59 613,194 ----a-w C:\Program Files\PROCESSLISTRELATED.DB
2007-04-19 13:41 294,912 ----a-w C:\Program Files\SASWINLO.dll
2007-02-27 12:39 61,440 ----a-w C:\Program Files\SASCTXMN.DLL
2007-02-27 12:39 32,256 ----a-w C:\Program Files\SASKUTIL.SYS
2006-12-20 13:55 77,824 ----a-w C:\Program Files\SASSEH.DLL
2006-10-10 13:53 5,632 ----a-w C:\Program Files\sasdifsv.sys
2006-09-19 15:55 360,448 ----a-r C:\Program Files\deupx.dll
2006-06-13 11:44 945,641 ----a-w C:\Program Files\SUPERAntiSpyware.chm
2006-02-16 17:51 4,096 ----a-r C:\Program Files\SASENUM.SYS
2005-12-08 13:25 118,144 ----a-r C:\Program Files\BootSafe.exe
2005-05-11 22:36 12,288 -c--a-w C:\WINDOWS\Fonts\RandFont.dll
2004-05-20 13:28 2,048 ----a-w C:\Program Files\detect.wav
2004-05-07 15:31 348,160 ----a-w C:\Program Files\msvcr71.dll
.
((((((((((((((((((((((((((((( snapshot@2008-01-26_15.50.53.98 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-26 15:46:37 249,856 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-26 16:54:15 249,856 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-26 15:46:37 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-26 16:54:15 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-26 15:46:37 249,856 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-26 16:54:15 249,856 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-26 15:46:37 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-26 16:54:15 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-26 15:46:38 4,476,928 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-26 16:54:15 4,476,928 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-26 15:46:38 540,672 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-26 16:54:15 540,672 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2007-01-05 02:30 1253376]
"kdx"="C:\Program Files\Kontiki\KHost.exe" [2006-11-08 16:32 1040832]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00 15360]
"mRouterConfig"="C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe" [2006-03-02 11:54 290816]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2004-01-16 03:33 49152 C:\WINDOWS\system32\VTTimer.exe]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-07-01 17:38 949376]
"TalkTalk"="C:\Program Files\TalkTalk\bin\sprtcmd.exe" [2005-08-15 23:12 192512]
"4oD"="C:\Program Files\Kontiki\KHost.exe" [2006-11-08 16:32 1040832]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"RTHDCPL"="RTHDCPL.EXE" [2006-09-12 08:58 16264192 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 10:04 2879488 C:\WINDOWS\SkyTel.exe]
"HPHUPD08"="C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-01 17:35 49152]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 22:12 49152]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe" [2005-09-19 10:53 1687552]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe" [2005-09-19 10:29 163840]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 01:50 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-28 01:50 81920]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-10-20 11:19 185632]
"Omnipage"="C:\Program Files\ScanSoft\OmniPageSE\opware32.exe" [2002-06-03 11:38 49152]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 10:56 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 12:10 267048]
"PC Suite for Smartphones"="C:\Program Files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" [2006-07-06 14:34 491520]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2007-01-05 02:30 1253376]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide3"="cmd.exe" [2004-08-04 04:00 388608 C:\WINDOWS\system32\cmd.exe]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 22:23:26 282624]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-11 23:49:24 73728]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"ForceStartMenuLogoff"= 0 (0x0)
"NoStartMenuPinnedList"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoUserNameInStartMenu"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"StartMenuLogoff"= 1 (0x1)
"ForceStartMenuLogoff"= 0 (0x0)
"NoStartMenuPinnedList"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoUserNameInStartMenu"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SASWINLO.dll
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 03:38]
R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-02-23 03:39]
R3 zebrceb;Sony Ericsson Cable Emulation Bus (WDM);C:\WINDOWS\system32\DRIVERS\zebrceb.sys [2006-07-25 18:36]
S3 motmodem;Motorola USB CDC ACM Driver;C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-02-27 13:31]
S3 zebrbus;Sony Ericsson Composite Device driver;C:\WINDOWS\system32\DRIVERS\zebrbus.sys [2006-07-25 18:36]
S3 zebrmdfl;Sony Ericsson Modem Filter;C:\WINDOWS\system32\DRIVERS\zebrmdfl.sys [2006-07-25 18:36]
S3 zebrmdm;Sony Ericsson Port (WDM);C:\WINDOWS\system32\DRIVERS\zebrmdm.sys [2006-07-25 18:36]
S3 zebrmdmc;Sony Ericsson mRouter Port (WDM);C:\WINDOWS\system32\DRIVERS\zebrmdmc.sys [2006-07-25 10:36]
S3 zebrsce;Sony Ericsson PC-Connect Port;C:\WINDOWS\system32\DRIVERS\zebrsce.sys [2006-07-25 10:36]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\Bin\assetup.exe
*Newly Created Service* - PROCEXP90
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Windows Sidebar]
C:\WINDOWS\system32\hidec /W C:\VAIO\Tools\REGTLIB.EXE "C:\Program Files\Windows Sidebar\sidebar.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{34A19196-274E-4D75-9D30-D7A45A0A4178}]
"C:\Program Files\Windows Sidebar\.\regsvr32.exe" /s wlsrvc.dll
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6B9228DA-9C15-419e-856C-19E768A13BDC}]
"C:\Program Files\Windows Sidebar\.\regsvr32.exe" /s sbdrop.dll
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{BADA65A0-86B7-462B-B720-CE66655C73F5}]
regsvr32 /s C:\VAIO\.\vshellext.dll
.
Contents of the 'Scheduled Tasks' folder
"2008-01-26 10:11:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-26 16:57:07
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
Completion time: 2008-01-26 16:58:40
ComboFix-quarantined-files.txt 2008-01-26 16:57:40
ComboFix2.txt 2008-01-26 15:52:07
.
2008-01-11 14:58:00 --- E O F ---
Reply
Page 1 of 3 1 23

Register

Similar Threads
Thread Thread Starter Forum Replies Last Post
Win32 Trojan. Problems with Rootkit. After Termination It Still Reappears. dekadanceyeh Virus, Spyware & Security 1 24th Aug 2009 07:19
Trojan.vundo.h , trojan.agent , adware.mirar + MORE! :( sillyarfer Virus, Spyware & Security 1 14th Dec 2008 09:59
Re: c:\program files\common files\dllhost.exe infrected with Win32/Hupigon.MN trojan cjd666 Virus, Spyware & Security 3 21st Nov 2007 14:14
C:\program files\common files\dllhost.exe infrected with Win32/Hupigon.MN trojan Ancodi Virus, Spyware & Security 13 17th Nov 2007 02:49
Win32.Poison.k Trojan casselle Virus, Spyware & Security 7 22nd Oct 2007 01:28
Thread Tools



Translations Powered by Powered by Google
Arabic Bulgarian Chinese Croatian Czech Danish Dutch English Finnish French German Greek Hebrew Hungarian Italian Japanese Korean Latvian Lithuanian Norwegian Polish Portuguese Romanian Russian Serbian Slovak Spanish Swedish Taiwanese Thai Turkish Ukrainian

Copyright ©2006 - 2010 Computer Juice.
Contact - Privacy - Sitemap - Top

Powered by vBulletin® Copyright ©2000 - 2010 Jelsoft Enterprises Ltd. SEO by vBSEO ©2009, Crawlability, Inc.