Content Top
DAL Computer Help » Internet Security Help » Spyware, Adware, Viruses and HijackThis Logs » [Active] Links Redirecting to Random Sites

Recommended Fix

Click here to fix Windows Errors and Optimize Windows Performance

Need Computer Help?
Register Now for FREE

[Active] Links Redirecting to Random Sites

Reply
Thread Tools
Spyware, Adware, Viruses and HijackThis Logs
  #1 (permalink)  
Old 15-08-2009, 09:31 PM
Newbie
D-A-L Newbie
  
Join Date: Jun 2009
Posts: 15
Digidan is a jewel in the roughDigidan is a jewel in the roughDigidan is a jewel in the roughDigidan is a jewel in the rough
[Active] Links Redirecting to Random Sites
Hello,

My father's computer got infected with the same symptoms I had a few months ago. At first it had the "Anti Virus Pro" trying to do a scan and it wouldn't allow anything else to open. I was able to delete it in safe mode but now if I click any link in Google it takes me somewhere else.

Anyway, here is the HijackThis log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:14:22 PM, on 8/15/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\svchast.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: ICQSys (IE PlugIn) - {76DC0B63-1533-4ba9-8BE8-D59EB676FA02} - C:\WINDOWS\system32\dddesot.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AntipyProex (AntipPro2009_100) - Unknown owner - C:\WINDOWS\svchast.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 3205 bytes

Thanks in advance for all your help
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #2 (permalink)  
Old 15-08-2009, 10:23 PM
broni's Avatar
Senior Member
  
Join Date: Nov 2004
Posts: 2,268
broni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniture
re: [Active] Links Redirecting to Random Sites
Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

    NOTE. If Combofix asks you to install Recovery Console, please allow it.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
__________________
My Home Page
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #3 (permalink)  
Old 18-08-2009, 01:57 AM
Newbie
D-A-L Newbie
  
Join Date: Jun 2009
Posts: 15
Digidan is a jewel in the roughDigidan is a jewel in the roughDigidan is a jewel in the roughDigidan is a jewel in the rough
Re: [Active] Links Redirecting to Random Sites
Hello Broni,

Thank you so much again for all your help.

Here are the Combofix and Hijackthis logs:

COMBOFIX

ComboFix 09-08-10.06 - Administrator 08/17/2009 20:24.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.682 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: Norton AntiVirus *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton AntiVirus *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\gamevance\gamevancelib32.dll
c:\windows\svchast.exe
c:\windows\system32\dddesot.dll
c:\windows\system32\desot.exe
c:\windows\system32\drivers\SKYNETdvjbnylt.sys
c:\windows\system32\efOonUtv.ini
c:\windows\system32\efOonUtv.ini2
c:\windows\system32\mcrh.tmp
c:\windows\system32\mfujgyic.ini
c:\windows\system32\SKYNETetlbllqo.dat
c:\windows\system32\SKYNETfqhtimov.dll
c:\windows\system32\SKYNETmpxdqwbw.dat
c:\windows\system32\SKYNETwqpxudpm.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SKYNETxbeybiri
-------\Legacy_SKYNETxbeybiri
-------\Legacy_AntipPro2009_100
-------\Service_AntipPro2009_100


((((((((((((((((((((((((( Files Created from 2009-07-18 to 2009-08-18 )))))))))))))))))))))))))))))))
.

2009-08-15 14:58 . 2009-08-15 19:33 4 ----a-w- c:\windows\system32\bincd32.dat
2009-08-15 04:18 . 2008-11-27 22:47 -------- d---a-w- c:\windows\system32\images
2009-08-14 22:59 . 2009-08-14 22:59 36 ----a-w- c:\windows\system32\sysnet.dat
2009-08-14 22:59 . 2009-08-15 19:55 64 ----a-w- c:\windows\ppp4.dat
2009-08-14 22:59 . 2009-08-15 19:55 2 ----a-w- c:\windows\ppp3.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-08-18 00:41 . 2007-08-19 22:22 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-08-18 00:33 . 2008-09-22 22:54 -------- d-----w- c:\program files\Gamevance
2009-08-18 00:08 . 2008-09-30 00:31 -------- d-----w- c:\documents and settings\Administrator\Application Data\Skype
2009-08-17 23:15 . 2007-08-12 13:17 -------- d-----w- c:\program files\GameSpy Arcade
2009-08-17 20:08 . 2007-12-23 02:51 -------- d-----w- c:\documents and settings\Administrator\Application Data\skypePM
2009-08-12 22:09 . 2009-04-19 23:01 -------- d-----w- c:\documents and settings\Administrator\Application Data\Azureus
2009-08-12 18:31 . 2009-04-19 23:00 -------- d-----w- c:\program files\Vuze
2009-06-23 00:34 . 2009-06-23 00:34 2383904 ----a-w- c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\Unpack\bfgsetup_s1_ l1.exe
2009-06-23 00:34 . 2009-06-23 00:34 -------- d-----w- c:\documents and settings\All Users\Application Data\BigFishGamesCache
2009-06-04 12:02 . 2007-08-19 22:24 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-06-04 12:02 . 2007-08-19 22:24 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-24 185872]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-09-03 84640]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Call of Duty Game of the Year Edition\\CoDMP.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\Program Files\\EA GAMES\\MOHAA\\MOHAA.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [3/31/2003 10:00 AM 14336]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/25/2009 7:35 PM 101936]
R3 SaiH8000;SaiH8000;c:\windows\system32\drivers\SaiH 8000.sys [4/4/2008 3:49 PM 136832]
.
Contents of the 'Scheduled Tasks' folder

2008-09-10 c:\windows\Tasks\Microsoft_Hardware_Launch_IType_e xe.job
- c:\program files\Microsoft IntelliType Pro\itype.exe [2008-06-10 16:56]

2009-08-15 c:\windows\Tasks\Norton AntiVirus - Run Full System Scan - Administrator.job
- c:\progra~1\NORTON~1\Navw32.exe [2006-09-07 06:38]
.
- - - - ORPHANS REMOVED - - - -

BHO-{76DC0B63-1533-4ba9-8BE8-D59EB676FA02} - c:\windows\system32\dddesot.dll


.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
LSP: xfire_lsp_9028.dll
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5a5l7g46.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.musica-cristiana.tv/video/index.html
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\npr pbrowserrecordplugin.dll
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-08-17 20:37
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4 B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1 ,3f,c8,ff,68,00,83,18,71,95,
25,be,2b,c8,28,51,af,b0,29,a3,98,ae,45,45,e9,1d,8e ,2f,ae,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98 A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66 ,8b,46,0d,96,69,ae,0f,7f,99,
33,88,34,71,3b,04,66,8b,46,0d,96,8d,6a,e9,98,48,9b ,08,9c,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373F B-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0 ,43,d4,0e,fe,c4,63,ae,65,59,
e9,31,b5,25,da,ec,7e,55,20,c9,26,f9,a8,e0,69,26,9b ,5b,f7,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CC D-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0 ,57,5a,93,61,6c,f4,62,6b,25,
ca,c4,99,3e,1e,9e,e0,57,5a,93,61,17,94,3c,f5,0d,26 ,6e,75,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F 9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:e9,02,6c,fa ,fb,1d,47,57,10,3f,51,10,4c,
02,8f,a1,cd,44,cd,b9,a6,33,6c,cd,57,5b,8d,49,8a,2e ,cb,93,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E 8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7 ,3f,8d,37,a4,8e,90,e0,61,ec,
84,90,71,b0,18,ed,a7,3f,8d,37,a4,f8,f7,5f,7e,26,ad ,d0,4e,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30 B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba ,b1,f8,68,02,25,8a,18,1d,1b,
60,54,eb,31,77,e1,ba,b1,f8,68,02,86,bc,e5,e3,43,fe ,e0,a5,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654C A-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b ,a0,85,96,ab,88,f8,8d,84,8d,
73,7d,40,83,6c,56,8b,a0,85,96,ab,c2,2f,bd,a3,2c,b5 ,28,0e,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E 8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58 ,98,5b,89,c9,42,e6,62,de,b6,
ef,3b,b1,51,fa,6e,91,28,9e,14,cc,0d,2e,46,95,f3,9d ,ba,ef,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE 5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26 ,2d,45,aa,78,e3,bb,ed,ee,fb,
56,77,1c,b1,cd,45,5a,a8,c4,f8,b9,59,b6,f5,b8,72,75 ,f6,63,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02AD D-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:f8,31,0f,a9 ,5f,a0,ec,fb,06,2e,3d,02,4d,
1a,61,b6,e3,0e,66,d5,eb,bc,2f,6b,05,af,c5,2f,f5,7a ,d8,f5,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE 2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e ,aa,22,2f,9c,2d,ec,12,f4,82,
68,30,eb,fa,ea,66,7f,d4,3b,6b,70,97,af,2e,ad,d3,bf ,01,be,6c,43,2d,1e,aa,22,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(740)
c:\windows\system32\xfire_lsp_9028.dll

- - - - - - - > 'explorer.exe'(2860)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\progra~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
c:\program files\Symantec\LiveUpdate\AUPDATE.EXE
c:\program files\Symantec\LiveUpdate\LuCallbackProxy.exe
c:\program files\Symantec\LiveUpdate\LuCallbackProxy.exe
c:\program files\Symantec\LiveUpdate\LuCallbackProxy.exe
.
************************************************** ************************
.
Completion time: 2009-08-18 20:50 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-18 00:50

Pre-Run: 61,825,806,336 bytes free
Post-Run: 62,265,430,016 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Micro soft Windows XP Professional" /fastdetect /NoExecute=OptIn

212 --- E O F --- 2008-12-18 03:51


HIJACKTHIS

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:53:18 PM, on 8/17/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 3646 bytes
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #4 (permalink)  
Old 18-08-2009, 03:26 AM
broni's Avatar
Senior Member
  
Join Date: Nov 2004
Posts: 2,268
broni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniture
Re: [Active] Links Redirecting to Random Sites
1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.


2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code:
File::
c:\windows\system32\bincd32.dat
c:\windows\system32\sysnet.dat
c:\windows\ppp4.dat
c:\windows\ppp3.dat


Folder::

Driver::

Registry::

RegLockDel::

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.




5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.
__________________
My Home Page
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #5 (permalink)  
Old 18-08-2009, 11:41 PM
Newbie
D-A-L Newbie
  
Join Date: Jun 2009
Posts: 15
Digidan is a jewel in the roughDigidan is a jewel in the roughDigidan is a jewel in the roughDigidan is a jewel in the rough
Re: [Active] Links Redirecting to Random Sites
Here it is Broni,

Combofix Log:

ComboFix 09-08-10.06 - Administrator 08/18/2009 18:20.2.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.599 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: Norton AntiVirus *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton AntiVirus *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

FILE ::
"c:\windows\ppp3.dat"
"c:\windows\ppp4.dat"
"c:\windows\system32\bincd32.dat"
"c:\windows\system32\sysnet.dat"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\ppp3.dat
c:\windows\ppp4.dat
c:\windows\system32\bincd32.dat
c:\windows\system32\sysnet.dat

.
((((((((((((((((((((((((( Files Created from 2009-07-18 to 2009-08-18 )))))))))))))))))))))))))))))))
.

2009-08-18 01:14 . 2009-08-18 01:14 -------- d-----w- c:\windows\system32\KB905474
2009-08-18 01:14 . 2009-03-11 02:26 1403264 ----a-w- c:\windows\system32\KB905474\wganotifypackageinner .exe
2009-08-18 01:14 . 2009-03-11 02:18 453512 ----a-w- c:\windows\system32\KB905474\wgasetup.exe
2009-08-18 00:48 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-08-18 00:48 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-08-18 00:48 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-08-18 00:48 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe
2009-08-18 00:48 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-08-18 00:48 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2009-08-18 00:48 . 2009-02-09 12:10 729088 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2009-08-18 00:48 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2009-08-18 00:48 . 2009-02-09 12:10 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
2009-08-18 00:46 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-08-18 00:45 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-08-18 00:45 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-08-15 04:18 . 2008-11-27 22:47 -------- d---a-w- c:\windows\system32\images
2009-08-05 09:01 . 2009-08-05 09:01 204800 -c----w- c:\windows\system32\dllcache\mswebdvd.dll
2009-07-29 04:37 . 2009-07-29 04:37 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2009-07-29 04:37 . 2009-07-29 04:37 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-08-18 22:28 . 2008-09-30 00:31 -------- d-----w- c:\documents and settings\Administrator\Application Data\Skype
2009-08-18 21:19 . 2007-12-23 02:51 -------- d-----w- c:\documents and settings\Administrator\Application Data\skypePM
2009-08-18 21:18 . 2007-08-19 22:22 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-08-18 00:33 . 2008-09-22 22:54 -------- d-----w- c:\program files\Gamevance
2009-08-17 23:15 . 2007-08-12 13:17 -------- d-----w- c:\program files\GameSpy Arcade
2009-08-12 22:09 . 2009-04-19 23:01 -------- d-----w- c:\documents and settings\Administrator\Application Data\Azureus
2009-08-12 18:31 . 2009-04-19 23:00 -------- d-----w- c:\program files\Vuze
2009-08-05 09:01 . 2003-03-31 14:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-29 04:37 . 2003-03-31 14:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-07-29 04:37 . 2003-03-31 14:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-17 19:01 . 2003-03-31 14:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 03:43 . 2004-08-04 07:56 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-06-26 16:50 . 2006-06-23 15:33 666624 ----a-w- c:\windows\system32\wininet.dll
2009-06-26 16:50 . 2004-08-04 07:56 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-06-23 00:34 . 2009-06-23 00:34 2383904 ----a-w- c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\Unpack\bfgsetup_s1_ l1.exe
2009-06-23 00:34 . 2009-06-23 00:34 -------- d-----w- c:\documents and settings\All Users\Application Data\BigFishGamesCache
2009-06-12 12:31 . 2003-03-31 14:00 80896 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-12 12:31 . 2003-03-31 14:00 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:13 . 2003-03-31 14:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 13:19 . 2007-08-07 14:06 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:14 . 2003-03-31 14:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-04 12:02 . 2007-08-19 22:24 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-06-04 12:02 . 2007-08-19 22:24 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-06-03 19:09 . 2005-08-30 04:02 1291264 ----a-w- c:\windows\system32\quartz.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-08-18_00.37.58 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-08-07 15:02 . 2007-08-11 00:46 26488 c:\windows\system32\spupdsvc.exe
+ 2007-08-07 15:02 . 2008-07-09 07:38 26488 c:\windows\system32\spupdsvc.exe
+ 2003-03-31 14:00 . 2009-02-03 19:59 56832 c:\windows\system32\secur32.dll
+ 2003-03-31 14:00 . 2009-02-06 10:39 35328 c:\windows\system32\sc.exe
- 2003-03-31 14:00 . 2009-06-04 10:49 40196 c:\windows\system32\perfc009.dat
+ 2003-03-31 14:00 . 2009-08-18 21:22 40196 c:\windows\system32\perfc009.dat
- 2006-03-01 19:44 . 2008-04-14 00:12 91648 c:\windows\system32\mtxoci.dll
+ 2006-03-01 19:44 . 2008-06-12 14:23 91648 c:\windows\system32\mtxoci.dll
+ 2006-03-01 19:44 . 2008-06-12 14:23 66560 c:\windows\system32\mtxclu.dll
- 2006-03-01 19:44 . 2008-04-14 00:12 66560 c:\windows\system32\mtxclu.dll
- 2007-08-07 14:06 . 2008-04-14 00:11 58880 c:\windows\system32\msdtclog.dll
+ 2007-08-07 14:06 . 2008-06-12 14:23 58880 c:\windows\system32\msdtclog.dll
+ 2009-06-12 12:31 . 2009-06-12 12:31 80896 c:\windows\system32\dllcache\tlntsess.exe
+ 2009-06-12 12:31 . 2009-06-12 12:31 76288 c:\windows\system32\dllcache\telnet.exe
+ 2009-02-03 19:59 . 2009-02-03 19:59 56832 c:\windows\system32\dllcache\secur32.dll
+ 2003-03-31 14:00 . 2009-02-06 10:39 35328 c:\windows\system32\dllcache\sc.exe
+ 2008-06-12 14:23 . 2008-06-12 14:23 91648 c:\windows\system32\dllcache\mtxoci.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 66560 c:\windows\system32\dllcache\mtxclu.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 58880 c:\windows\system32\dllcache\msdtclog.dll
+ 2009-06-26 16:50 . 2009-06-26 16:50 81920 c:\windows\system32\dllcache\ieencode.dll
+ 2009-06-10 14:13 . 2009-06-10 14:13 84992 c:\windows\system32\dllcache\avifil32.dll
+ 2009-07-17 19:01 . 2009-07-17 19:01 58880 c:\windows\system32\dllcache\atl.dll
+ 2007-08-07 15:01 . 2008-12-16 12:30 354304 c:\windows\system32\winhttp.dll
- 2007-08-07 15:01 . 2008-04-14 00:12 354304 c:\windows\system32\winhttp.dll
+ 2007-08-07 14:06 . 2009-02-06 10:10 227840 c:\windows\system32\wbem\wmiprvse.exe
+ 2007-08-07 14:06 . 2009-02-09 12:10 453120 c:\windows\system32\wbem\wmiprvsd.dll
+ 2007-08-07 14:06 . 2009-02-09 12:10 473600 c:\windows\system32\wbem\fastprox.dll
+ 2006-08-31 00:42 . 2009-06-26 16:50 620032 c:\windows\system32\urlmon.dll
+ 2003-03-31 14:00 . 2009-02-06 11:11 110592 c:\windows\system32\services.exe
+ 2003-03-31 14:00 . 2008-12-05 06:54 144896 c:\windows\system32\schannel.dll
+ 2005-07-26 04:31 . 2009-02-09 12:10 401408 c:\windows\system32\rpcss.dll
+ 2004-03-06 02:16 . 2009-04-15 14:51 585216 c:\windows\system32\rpcrt4.dll
- 2003-03-31 14:00 . 2009-06-04 10:49 311934 c:\windows\system32\perfh009.dat
+ 2003-03-31 14:00 . 2009-08-18 21:22 311934 c:\windows\system32\perfh009.dat
- 2003-03-31 14:00 . 2008-04-14 00:12 284160 c:\windows\system32\pdh.dll
+ 2003-03-31 14:00 . 2009-03-06 14:22 284160 c:\windows\system32\pdh.dll
+ 2003-03-31 14:00 . 2009-02-09 12:10 714752 c:\windows\system32\ntdll.dll
- 2007-08-07 14:06 . 2008-04-14 00:11 161792 c:\windows\system32\msdtcuiu.dll
+ 2007-08-07 14:06 . 2008-06-12 14:23 161792 c:\windows\system32\msdtcuiu.dll
- 2007-08-07 14:06 . 2008-04-14 00:11 956928 c:\windows\system32\msdtctm.dll
+ 2007-08-07 14:06 . 2008-06-12 14:23 956928 c:\windows\system32\msdtctm.dll
+ 2007-08-07 14:06 . 2008-06-12 14:23 428032 c:\windows\system32\msdtcprx.dll
+ 2003-03-31 14:00 . 2009-02-09 12:10 729088 c:\windows\system32\lsasrv.dll
+ 2003-03-31 14:00 . 2009-05-07 15:32 345600 c:\windows\system32\localspl.dll
- 2003-03-31 14:00 . 2008-04-14 00:11 989696 c:\windows\system32\kernel32.dll
+ 2003-03-31 14:00 . 2009-03-21 14:06 989696 c:\windows\system32\kernel32.dll
+ 2003-03-31 14:00 . 2008-12-11 10:57 333952 c:\windows\system32\drivers\srv.sys
+ 2009-07-14 03:43 . 2009-07-14 03:43 286208 c:\windows\system32\dllcache\wmpdxm.dll
+ 2009-06-10 06:14 . 2009-06-10 06:14 132096 c:\windows\system32\dllcache\wkssvc.dll
+ 2008-04-21 06:44 . 2009-06-26 16:50 666624 c:\windows\system32\dllcache\wininet.dll
+ 2008-12-16 12:30 . 2008-12-16 12:30 354304 c:\windows\system32\dllcache\winhttp.dll
+ 2008-06-26 08:15 . 2009-06-26 16:50 620032 c:\windows\system32\dllcache\urlmon.dll
+ 2008-10-15 21:22 . 2008-12-11 10:57 333952 c:\windows\system32\dllcache\srv.sys
+ 2008-12-05 06:54 . 2008-12-05 06:54 144896 c:\windows\system32\dllcache\schannel.dll
+ 2009-04-15 14:51 . 2009-04-15 14:51 585216 c:\windows\system32\dllcache\rpcrt4.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 161792 c:\windows\system32\dllcache\msdtcuiu.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 956928 c:\windows\system32\dllcache\msdtctm.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 428032 c:\windows\system32\dllcache\msdtcprx.dll
+ 2009-05-07 15:32 . 2009-05-07 15:32 345600 c:\windows\system32\dllcache\localspl.dll
+ 2009-03-21 14:06 . 2009-03-21 14:06 989696 c:\windows\system32\dllcache\kernel32.dll
- 2003-03-31 14:00 . 2008-04-14 00:11 617472 c:\windows\system32\advapi32.dll
+ 2003-03-31 14:00 . 2009-02-09 12:10 617472 c:\windows\system32\advapi32.dll
+ 2003-03-31 14:00 . 2009-04-17 12:26 1847168 c:\windows\system32\win32k.sys
- 2006-07-13 13:46 . 2008-04-14 00:12 8461312 c:\windows\system32\shell32.dll
+ 2006-07-13 13:46 . 2008-06-17 19:02 8461312 c:\windows\system32\shell32.dll
+ 2006-09-04 06:23 . 2009-07-18 16:05 1509888 c:\windows\system32\shdocvw.dll
+ 2003-03-31 14:00 . 2009-02-06 11:08 2189056 c:\windows\system32\ntoskrnl.exe
+ 2002-08-29 01:04 . 2009-02-07 23:02 2066048 c:\windows\system32\ntkrnlpa.exe
- 2002-08-29 01:04 . 2008-08-14 09:33 2066048 c:\windows\system32\ntkrnlpa.exe
+ 2006-06-30 14:28 . 2009-07-18 16:05 3069440 c:\windows\system32\mshtml.dll
- 2007-08-07 10:00 . 2008-11-15 22:21 1411448 c:\windows\system32\FNTCACHE.DAT
+ 2007-08-07 10:00 . 2009-08-18 21:11 1411448 c:\windows\system32\FNTCACHE.DAT
+ 2008-10-15 21:22 . 2009-04-17 12:26 1847168 c:\windows\system32\dllcache\win32k.sys
+ 2008-06-17 19:02 . 2008-06-17 19:02 8461312 c:\windows\system32\dllcache\shell32.dll
+ 2008-06-26 08:15 . 2009-07-18 16:05 1509888 c:\windows\system32\dllcache\shdocvw.dll
+ 2008-05-07 05:12 . 2009-06-03 19:09 1291264 c:\windows\system32\dllcache\quartz.dll
+ 2008-10-15 21:21 . 2009-02-06 11:08 2189056 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2008-10-15 21:21 . 2009-02-06 10:32 2023936 c:\windows\system32\dllcache\ntkrpamp.exe
- 2008-10-15 21:21 . 2008-08-14 09:33 2023936 c:\windows\system32\dllcache\ntkrpamp.exe
- 2008-10-15 21:21 . 2008-08-14 09:33 2066048 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2008-10-15 21:21 . 2009-02-07 23:02 2066048 c:\windows\system32\dllcache\ntkrnlpa.exe
- 2008-10-15 21:21 . 2008-08-14 10:09 2145280 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2008-10-15 21:21 . 2009-02-06 11:06 2145280 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2007-08-07 14:06 . 2009-06-10 13:19 2066432 c:\windows\system32\dllcache\mstscax.dll
+ 2008-04-21 06:44 . 2009-07-18 16:05 3069440 c:\windows\system32\dllcache\mshtml.dll
+ 2008-10-15 21:21 . 2009-02-06 11:08 2189056 c:\windows\Driver Cache\i386\ntoskrnl.exe
- 2008-10-15 21:21 . 2008-08-14 09:33 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2008-10-15 21:21 . 2009-02-06 10:32 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2008-10-15 21:21 . 2008-08-14 09:33 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-10-15 21:21 . 2009-02-07 23:02 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-10-15 21:21 . 2009-02-06 11:06 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe
- 2008-10-15 21:21 . 2008-08-14 10:09 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2004-08-04 07:56 . 2009-07-14 03:43 10841088 c:\windows\system32\wmp.dll
+ 2009-07-14 03:43 . 2009-07-14 03:43 10841088 c:\windows\system32\dllcache\wmp.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-24 185872]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-09-03 84640]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Call of Duty Game of the Year Edition\\CoDMP.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\Program Files\\EA GAMES\\MOHAA\\MOHAA.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [3/31/2003 10:00 AM 14336]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/25/2009 7:35 PM 101936]
R3 SaiH8000;SaiH8000;c:\windows\system32\drivers\SaiH 8000.sys [4/4/2008 3:49 PM 136832]
.
Contents of the 'Scheduled Tasks' folder

2008-09-10 c:\windows\Tasks\Microsoft_Hardware_Launch_IType_e xe.job
- c:\program files\Microsoft IntelliType Pro\itype.exe [2008-06-10 16:56]

2009-08-15 c:\windows\Tasks\Norton AntiVirus - Run Full System Scan - Administrator.job
- c:\progra~1\NORTON~1\Navw32.exe [2006-09-07 06:38]

2009-08-18 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-08-18 02:18]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
LSP: xfire_lsp_9028.dll
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5a5l7g46.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.musica-cristiana.tv/video/index.html
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\npr pbrowserrecordplugin.dll
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-08-18 18:28
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4 B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1 ,3f,c8,ff,68,00,83,18,71,95,
25,be,2b,c8,28,51,af,b0,29,a3,98,ae,45,45,e9,1d,8e ,2f,ae,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98 A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66 ,8b,46,0d,96,69,ae,0f,7f,99,
33,88,34,71,3b,04,66,8b,46,0d,96,8d,6a,e9,98,48,9b ,08,9c,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373F B-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0 ,43,d4,0e,fe,c4,63,ae,65,59,
e9,31,b5,25,da,ec,7e,55,20,c9,26,f9,a8,e0,69,26,9b ,5b,f7,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CC D-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0 ,57,5a,93,61,6c,f4,62,6b,25,
ca,c4,99,3e,1e,9e,e0,57,5a,93,61,17,94,3c,f5,0d,26 ,6e,75,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F 9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:e9,02,6c,fa ,fb,1d,47,57,10,3f,51,10,4c,
02,8f,a1,cd,44,cd,b9,a6,33,6c,cd,57,5b,8d,49,8a,2e ,cb,93,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E 8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7 ,3f,8d,37,a4,8e,90,e0,61,ec,
84,90,71,b0,18,ed,a7,3f,8d,37,a4,f8,f7,5f,7e,26,ad ,d0,4e,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30 B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba ,b1,f8,68,02,25,8a,18,1d,1b,
60,54,eb,31,77,e1,ba,b1,f8,68,02,86,bc,e5,e3,43,fe ,e0,a5,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654C A-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b ,a0,85,96,ab,88,f8,8d,84,8d,
73,7d,40,83,6c,56,8b,a0,85,96,ab,c2,2f,bd,a3,2c,b5 ,28,0e,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E 8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58 ,98,5b,89,c9,42,e6,62,de,b6,
ef,3b,b1,51,fa,6e,91,28,9e,14,cc,0d,2e,46,95,f3,9d ,ba,ef,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE 5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26 ,2d,45,aa,78,e3,bb,ed,ee,fb,
56,77,1c,b1,cd,45,5a,a8,c4,f8,b9,59,b6,f5,b8,72,75 ,f6,63,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02AD D-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:f8,31,0f,a9 ,5f,a0,ec,fb,06,2e,3d,02,4d,
1a,61,b6,e3,0e,66,d5,eb,bc,2f,6b,05,af,c5,2f,f5,7a ,d8,f5,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE 2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e ,aa,22,2f,9c,2d,ec,12,f4,82,
68,30,eb,fa,ea,66,7f,d4,3b,6b,70,97,af,2e,ad,d3,bf ,01,be,6c,43,2d,1e,aa,22,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(736)
c:\windows\system32\xfire_lsp_9028.dll
.
Completion time: 2009-08-18 18:31
ComboFix-quarantined-files.txt 2009-08-18 22:31
ComboFix2.txt 2009-08-18 00:50

Pre-Run: 62,048,112,640 bytes free
Post-Run: 62,018,461,696 bytes free

304 --- E O F --- 2009-08-18 01:14

Hijackthis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:39:59 PM, on 8/18/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Linksys\CIT300\cit300.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 3772 bytes

Thanks for all your help Broni....
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #6 (permalink)  
Old 19-08-2009, 01:41 AM
broni's Avatar
Senior Member
  
Join Date: Nov 2004
Posts: 2,268
broni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniture
Re: [Active] Links Redirecting to Random Sites
Very well

Uninstall Combofix:
Go Start > Run
Type in:
combofix /u
Note the space between the "combofix" and the "/u"
Restart computer.

================================================== ================

Print these instructions out.

NOTE. If any of the programs listed below refuse to run, try renaming executive file to something else; for instance, rename hijackthis.exe to scanner.exe

***VERY IMPORTANT! Make sure, you update Superantispyware, and Malwarebytes before running the scans.***

STEP 1. Download SUPERAntiSpyware Free for Home Users:
SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

* Double-click SUPERAntiSpyware.exe and use the default settings for installation.
* An icon will be created on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: SUPERAntiSpyware.com - Database Definition Information.)
* Close SUPERAntiSpyware.

PHYSICALLY DISCONNECT FROM THE INTERNET

Restart computer in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; select Safe Mode; you'll see "Safe Mode" in all four corners of your screen

* Open SUPERAntiSpyware.
* Click Scan your Computer... button.
* Click Scanning Preferences/Control Center... button.
* Under General and Startup tab, make sure, Start SUPERAntiSpyware when Windows starts option is UN-checked.
* Click the Scanning Control tab.
* Under Scanner Options make sure the following are checked (leave all others unchecked):
- Close browsers before scanning.
- Terminate memory threats before quarantining.
* Click the Close button to leave the control center screen.
* On the left, make sure you check C:\Fixed Drive.
* On the right, choose Perform Complete Scan.
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click OK.
* Make sure everything has a checkmark next to it and click Next.
* A notification will appear that Quarantine and Removal is Complete. Click OK and then click the Finish button to return to the main menu.
* If asked if you want to reboot, click Yes.
* To retrieve the removal information after reboot, launch SUPERAntispyware again.
- Click Preferences, then click the Statistics/Logs tab.
- Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
- If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
- Please copy and paste the Scan Log results in your next reply.
* Click Close to exit the program.
Post SUPERAntiSpyware log.

RECONNECT TO THE INTERNET

RESTART COMPUTER!

STEP 2. Download Malwarebytes' Anti-Malware: Malwarebytes.org to your desktop.
(Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

RESTART COMPUTER!


STEP 3.
Post fresh HijackThis log.
Do NOT attempt to "fix" anything!


DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
__________________
My Home Page
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Reply

« Previous Thread | Next Thread »

Thread Tools

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
[Resolved] Browser Hijack Google Redirecting Links (Log File Included) awtryau89 Spyware, Adware, Viruses and HijackThis Logs 26 23-08-2009 11:36 PM
[Active] i am getting redirected to other sites when i click on results on google ashish38 Spyware, Adware, Viruses and HijackThis Logs 20 22-08-2009 06:27 AM
My web browsers keep redirecting me to random websites Benito574 Spyware, Adware, Viruses and HijackThis Logs 1 18-07-2009 01:38 AM
[Active] redirecting links Google Please HELP bal Spyware, Adware, Viruses and HijackThis Logs 23 13-06-2009 05:08 PM
Google Links Redirecting(RESOLVED) Stone Spyware, Adware, Viruses and HijackThis Logs 8 20-05-2009 08:21 PM


All times are GMT +1. The time now is 11:05 PM.
Member Login
Remember me ?
Forgot password?
Ads

Want to Advertise? Click Here
Help Categories
Desktop / Server Apps
Drivers
Firewalls and Networks
Games
General Internet Issues
Hardware
Linux
MAC OS
Modding / Overclocking
Search Engines
Spyware and Security
Web Development
Windows 2000
Windows 7
Windows 98
Windows ME
Windows Vista
Windows XP

Computer Repair Companies
Bottom Corner Bottom Nav