Jump to content

Recommended Posts

Guest BlairWitch

Hello, i refer to this post here http://forums.malwarebytes.org/index.php?showtopic=100453

I think my computer have some strange malware or adware and i decided to post the logs here. I updated malwarebytes and ran a quick and full scan but no infection was found. I also scanned with doctor web av and nothing was found.

Here is my dds logs:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29

Run by esiasennettu at 17:57:19 on 2011-11-30

Microsoft Windows XP Home Edition 5.1.2600.3.1252.358.1035.18.1023.619 [GMT 2:00]

.

AV: Digital Patrol *Enabled/Updated* {35237DD9-776F-4485-A7AF-729074E24B96}

AV: Doctor Web Anti-Virus *Disabled/Updated* {3454C8F1-ECBC-4180-A6F4-04632FBA762B}

FW: Dr.Web Firewall *Enabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

C:\WINDOWS\system32\svchost.exe -k rpcss

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\Explorer.EXE

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwengine.exe

C:\Program Files\DrWeb\dwservice.exe

C:\Program Files\DrWeb\dwnetfilter.exe

C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

C:\Program Files\DrWeb\frwl_svc.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

svchost.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Nokia\Nokia Internet Modem\NokiaInternetModem_AppStart.exe

C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe

C:\Program Files\DrWeb\spideragent.exe

C:\Program Files\DrWeb\frwl_notify.exe

C:\Program Files\SpyShelter Personal Free\SpyShelter.exe

C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwengine.exe

C:\Program Files\Nokia\Nokia Internet Modem\NokiaInternetModem.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://yle.fi/

uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [spyShelter] c:\program files\spyshelter personal free\SpyShelter.exe

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [NokiaInternetModem_AppStart.exe] "c:\program files\nokia\nokia internet modem\nokiainternetmodem_appstart.exe" "-start" "c:\program files\nokia\nokia internet modem\NokiaInternetModem.exe"

mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot

mRun: [spIDerAgent] "c:\program files\drweb\spideragent.exe"

mRun: [Firewall] "c:\program files\drweb\frwl_notify.exe"

mRun: [Advanced System Protector] "c:\program files\systweak\advanced system protector\ASP.exe" /autorun

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1094125632796

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38133.0274421296

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

TCP: Interfaces\{FBC40346-F393-416F-94E6-20BB3FAB52A4} : NameServer = 62.241.198.245 62.241.198.246

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

Notify: AtiExtEvent - Ati2evxx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\esiasennettu\application data\mozilla\firefox\profiles\9jwgieal.default\

FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll

.

============= SERVICES / DRIVERS ===============

.

R0 DrWebLwf;Dr.Web Firewall Kernel-Mode Driver;c:\windows\system32\drivers\DrWebLwf.sys [2011-10-12 178904]

R0 DwProt;DrWeb Protection;c:\windows\system32\drivers\dwprot.sys [2011-10-12 149272]

R0 SpiderG3;DrWeb file system scanner;c:\windows\system32\drivers\spiderg3.sys [2011-10-12 111896]

R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [2004-5-26 75904]

R1 1UnHooker;1UnHooker;c:\windows\system32\drivers\1UnHooker.sys [2010-3-2 22016]

R1 DrWebWfp;DrWebWfp;c:\windows\system32\drivers\dw_wfp.sys [2011-10-12 55800]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]

R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2011-10-29 101720]

R1 Spyshelter;Spyshelter;c:\program files\spyshelter personal free\SpyShelter.sys [2011-11-26 166712]

R1 uzqwnzm2;AVZ-RK Kernel Driver;c:\windows\system32\drivers\uzqwnzm2.sys [2011-10-19 11264]

R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-12 116608]

R2 DrWebAVService;Dr.Web Control Service;c:\program files\drweb\dwservice.exe --loglevel=inf --logfile="c:\documents and settings\all users\application data\doctor web\logs\dwservice.log" --> c:\program files\drweb\dwservice.exe --loglevel=inf --logfile=c:\documents and settings\all users\application data\doctor web\logs\dwservice.log [?]

R2 DrWebEngine;Dr.Web Scanning Engine (DrWebEngine);c:\program files\common files\doctor web\scanning engine\dwengine.exe [2011-10-12 1873832]

R2 DrWebFwSvc;Dr.Web Firewall Service;c:\program files\drweb\frwl_svc.exe [2011-10-12 1164240]

R2 DrWebNetFilter;Dr.Web Net Filtering Service;c:\program files\drweb\dwnetfilter.exe [2011-10-12 2116408]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-9-17 366152]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-9-17 22216]

R3 nokia_cs1x_cdc_acm;Nokia Internet Stick CDC-ACM driver;c:\windows\system32\drivers\nokia_cs1x_cdc_acm.sys [2010-4-22 85888]

R3 nokia_cs1x_dc_enum;Nokia Internet Stick DC Enumerator;c:\windows\system32\drivers\nokia_cs1x_dc_enum.sys [2010-4-22 81408]

S0 raeehd;raeehd; [x]

S1 MpKsl792a8e28;MpKsl792a8e28;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a5a78bd1-8f0f-45a7-acdc-724889a82e47}\mpksl792a8e28.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a5a78bd1-8f0f-45a7-acdc-724889a82e47}\MpKsl792a8e28.sys [?]

S1 SABKUTIL;SABKUTIL;\??\c:\documents and settings\esiasennettu\omat tiedostot\lataukset\saskutil.sys --> c:\documents and settings\esiasennettu\omat tiedostot\lataukset\SASKUTIL.SYS [?]

S3 BCASPROT;Advanced System Protector;\??\c:\program files\systweak\advanced system protector\sasprot32.sys --> c:\program files\systweak\advanced system protector\sasprot32.sys [?]

S3 CheckFSD;Antiy Labs FSD Service;\??\c:\documents and settings\esiasennettu\omat tiedostot\lataukset\atool\atool\checkfsd.sys --> c:\documents and settings\esiasennettu\omat tiedostot\lataukset\atool\atool\CheckFSD.sys [?]

S3 CheckSSDT;Antiy Labs SSDT Service;\??\c:\documents and settings\esiasennettu\omat tiedostot\lataukset\atool\atool\ssdt.sys --> c:\documents and settings\esiasennettu\omat tiedostot\lataukset\atool\atool\SSDT.sys [?]

S3 esgiguard;esgiguard;\??\c:\program files\enigma software group\spyhunter\esgiguard.sys --> c:\program files\enigma software group\spyhunter\esgiguard.sys [?]

S3 HookMsg;Antiy Labs MsgHook Service;\??\c:\documents and settings\esiasennettu\omat tiedostot\lataukset\atool\atool\abasedrv.sys --> c:\documents and settings\esiasennettu\omat tiedostot\lataukset\atool\atool\ABaseDrv.sys [?]

S3 IRPFile;Antiy Labs IRP FILE;\??\c:\documents and settings\esiasennettu\omat tiedostot\lataukset\atool\atool\irpfile.sys --> c:\documents and settings\esiasennettu\omat tiedostot\lataukset\atool\atool\IrpFile.sys [?]

S3 nokia_cs1x_cpo;Nokia Internet Stick Mass Storage Device;c:\windows\system32\drivers\nokia_cs1x_cpo.sys [2010-4-22 9856]

S3 rspSanity;rspSanity;c:\windows\system32\drivers\rspSanity32.sys [2011-10-15 27192]

S3 SCR33X USB Smart Card Reader;SCR33X USB Smart Card Reader;c:\windows\system32\drivers\SCR33X2K.sys [2003-12-3 63608]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2003-4-25 14336]

.

=============== Created Last 30 ================

.

2011-11-29 17:51:35 -------- d-----w- c:\documents and settings\esiasennettu\local settings\application data\Sophos

2011-11-28 16:12:01 -------- d-----w- C:\stdtsa

2011-11-27 11:47:44 98816 ----a-w- c:\windows\sed.exe

2011-11-27 11:47:44 518144 ----a-w- c:\windows\SWREG.exe

2011-11-27 11:47:44 256000 ----a-w- c:\windows\PEV.exe

2011-11-27 11:47:44 208896 ----a-w- c:\windows\MBR.exe

2011-11-27 11:47:09 -------- d-s---w- C:\ComboFix

2011-11-26 18:45:32 -------- d-----w- c:\program files\Nemesis Anti-Spyware

2011-11-26 17:17:28 28672 ----a-w- c:\windows\system32\SpyShelterShellExt.dll

2011-11-26 17:17:24 54784 ----a-w- c:\windows\system32\inject_logon_dll.dll

2011-11-26 17:17:24 1740800 ----a-w- c:\windows\system32\Osklauncher.exe

2011-11-26 17:17:20 -------- d-----w- c:\program files\SpyShelter Personal Free

2011-11-26 17:17:20 -------- d-----w- c:\documents and settings\esiasennettu\application data\SpyShelter

2011-11-26 08:52:38 -------- d-----w- c:\program files\Lavasoft

2011-11-25 11:53:43 -------- d-----w- c:\documents and settings\esiasennettu\application data\Systweak

2011-11-25 11:53:43 -------- d-----w- c:\documents and settings\all users\application data\Systweak

2011-11-24 14:06:50 -------- d-----w- c:\documents and settings\all users\application data\InstallMate

2011-11-24 13:23:43 -------- d-sh--w- C:\KRSHistory

2011-11-24 13:16:58 -------- d-----w- c:\documents and settings\all users\application data\Safe

2011-11-24 13:13:28 -------- d-----w- c:\documents and settings\all users\application data\Kingsoft

2011-11-24 13:11:37 -------- d-----w- c:\program files\Kingsoft

2011-11-24 09:43:11 -------- d-----w- c:\program files\COMODO

2011-11-22 14:53:21 -------- d-----w- c:\documents and settings\esiasennettu\application data\OpenOffice.org

2011-11-22 14:42:38 -------- d-----w- c:\program files\OpenOffice.org 3

2011-11-22 14:41:19 476904 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll

2011-11-21 16:46:42 -------- d-----w- c:\documents and settings\esiasennettu\application data\Ashampoo

2011-11-21 14:51:07 -------- d-----w- c:\documents and settings\esiasennettu\local settings\application data\ashampoo

2011-11-21 14:51:07 -------- d-----w- c:\documents and settings\all users\application data\ashampoo

2011-11-21 14:50:15 -------- d-----w- c:\program files\Ashampoo

2011-11-20 14:50:12 -------- d-----w- C:\VEXPLite

2011-11-19 14:28:01 -------- d-----w- c:\program files\Rising

2011-11-19 13:11:39 -------- d-----w- c:\documents and settings\esiasennettu\application data\Autorun Analyzer

2011-11-19 11:09:23 11 ----a-w- c:\windows\system32\sys94f3-cff2.sys

2011-11-19 11:09:19 1701648 ----a-w- c:\windows\system32\VBA6.DLL

2011-11-19 11:09:19 140096 ----a-w- c:\windows\system32\COMDLG32.OCX

2011-11-19 09:59:56 -------- d-----w- c:\documents and settings\esiasennettu\application data\KillSwitch

2011-11-19 08:39:47 20312 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe

2011-11-17 18:33:26 -------- d-----w- c:\documents and settings\all users\application data\IObit

2011-11-17 18:31:06 -------- d-----w- c:\program files\IObit

2011-11-17 18:22:50 -------- d-----w- c:\program files\BitDefender

2011-11-17 18:00:41 -------- d-----w- c:\program files\Spybot - Search & Destroy

2011-11-17 16:13:13 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll

2011-11-17 16:11:55 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll

2011-11-17 16:08:10 -------- d-----w- c:\windows\Logs

2011-11-17 16:07:34 -------- d-----w- c:\program files\Winamp Detect

2011-11-17 16:06:55 123888 ------w- c:\windows\system32\pxcpyi64.exe

2011-11-17 16:06:54 126448 ------w- c:\windows\system32\pxinsi64.exe

2011-11-17 16:06:52 133616 ------w- c:\windows\system32\pxafs.dll

2011-11-17 16:06:51 59888 ------w- c:\windows\system32\pxwma.dll

2011-11-17 15:49:56 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-11-17 15:39:57 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-11-17 15:32:30 -------- d-----w- c:\program files\Sierra

2011-11-17 15:25:01 -------- d-----w- c:\documents and settings\esiasennettu\local settings\application data\Secunia PSI

2011-11-13 12:36:27 -------- d-----w- C:\sh4ldr

2011-11-13 12:35:09 -------- d-----w- c:\windows\1C7CC8E2CFCF41E6A8637C7A45CE8A78.TMP

2011-11-13 12:34:25 -------- d-----w- c:\program files\common files\Wise Installation Wizard

2011-11-11 17:31:41 -------- d-----w- c:\windows\system32\SpycatcherAgentSetupTemp

2011-11-08 17:27:59 12872 ----a-w- c:\windows\system32\bootdelete.exe

2011-11-06 17:58:06 -------- d-----w- c:\program files\Speccy

2011-11-03 14:57:25 388096 ----a-r- c:\documents and settings\esiasennettu\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

2011-11-03 14:57:23 -------- d-----w- c:\program files\Trend Micro

2011-11-01 15:04:01 -------- d-----w- c:\program files\SecurityXploded

2011-11-01 14:33:13 -------- d-----w- c:\documents and settings\all users\application data\Sophos

2011-11-01 14:29:52 -------- d-----w- C:\scss_10

2011-11-01 13:54:35 -------- d-----w- c:\program files\InCode Solutions

.

==================== Find3M ====================

.

2011-11-27 09:25:08 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2011-11-22 05:12:51 31964 ----a-w- c:\windows\SCHEDLGU.TXT.TMP

2011-11-22 05:12:51 30674 ----a-w- c:\windows\MODEMLOG_NOKIA INTERNET STICK CS-17 WIRELESS MODEM DEVICE.TXT.TMP

2011-11-19 11:30:49 11264 ----a-w- c:\windows\system32\drivers\uzqwnzm2.sys

2011-11-19 11:09:23 69632 ----a-w- c:\windows\notepad.exe

2011-11-19 11:09:23 146944 ------w- c:\windows\regedit.exe

2011-11-17 15:49:04 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-11-14 14:35:07 178904 ----a-w- c:\windows\system32\drivers\DrWebLwf.sys

2011-11-08 14:03:35 111896 ----a-w- c:\windows\system32\drivers\spiderg3.sys

2011-10-29 15:03:29 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2011-10-19 17:28:30 1700352 ----a-w- c:\windows\system32\gdiplus.dll

2011-10-15 17:12:12 2 --shatr- c:\windows\winstart.bat

2011-10-12 12:41:07 149272 ----a-w- c:\windows\system32\drivers\dwprot.sys

2011-10-12 12:40:56 55800 ----a-w- c:\windows\system32\drivers\dw_wfp.sys

2011-10-10 14:22:55 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-09-29 14:42:41 632064 ----a-w- c:\windows\system32\msvcr80.dll

2011-09-29 14:42:40 554240 ----a-w- c:\windows\system32\msvcp80.dll

2011-09-29 14:42:39 34048 ----a-w- c:\windows\system32\eEmpty.exe

2011-09-28 07:06:44 600576 ----a-w- c:\windows\system32\crypt32.dll

2011-09-26 08:41:48 612864 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 08:41:48 20992 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-26 08:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-25 14:32:06 114 ----a-w- c:\documents and settings\esiasennettu\application data\netstat.bat

2011-09-06 14:10:01 1859200 ----a-w- c:\windows\system32\win32k.sys

.

============= FINISH: 17:58:56,29 ===============

attach.zip

I had to disable dr.web av when running dds because dr.web detected it as a virus. I have also uninstalled digital patrol so i dont know why it still shows that i have it installed.

Thank you in advance! :)

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

Link to post
Share on other sites

Guest BlairWitch

Hello. I updated mbam and ran a quick scan. Here are the results.

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8328

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

7.12.2011 19:24:51

mbam-log-2011-12-07 (19-24-46).txt

Scan type: Quick scan

Objects scanned: 172389

Time elapsed: 9 minute(s), 32 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 1

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("C:\Program Files\ScripTrap\scriptrap.exe" "%1") Good: (regedit.exe "%1") -> No action taken.

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

I downloaded ComboFix and saved it to my desktop and disabled all security software and started a scan but after waiting one hour on the scanning part 48 i started to think that maybe it will never finish and so i closed the program. I dont know why it hangs in that part.

One strange file i noticed in the windows folder is the 1C7CC8E2CFCF41E6A8637C7A45CE8A78.TMP folder, it contains files from enigma software, i sent them to virustotal and here is the results http://www.virustotal.com/file-scan/report.html?id=64dff62dfbdb95c7e82a81754be5826a1dbd981a4628c49ab846fd357270d702-1323278030

Anyways i dont know how to get the ComboFix to finnish...

Link to post
Share on other sites

Guest BlairWitch

Well i managed to get the combofix to finish the scan. So here are the combofix and dds logs.

ComboFix 11-12-08.01 - esiasennettu 08.12.2011 19:30:14.11.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.358.1035.18.1023.484 [GMT 2:00]

Sijainti: c:\documents and settings\esiasennettu\Työpöytä\ComboFix.exe

AV: Digital Patrol *Enabled/Updated* {35237DD9-776F-4485-A7AF-729074E24B96}

AV: Doctor Web Anti-Virus *Disabled/Updated* {3454C8F1-ECBC-4180-A6F4-04632FBA762B}

FW: Dr.Web Firewall *Enabled* {3454C8F1-ECBC-4181-A7F4-04632FBA762B}

.

.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\TEMP

c:\windows\alcrmv.exe

c:\windows\regedit.com

c:\windows\system32\taskmgr.com

.

.

((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2011-11-08 to 2011-12-08 )))))))))))))))))

.

.

2011-12-08 14:57 . 2011-12-08 14:57 -------- d---a-w- c:\windows\rundll16.exe

2011-12-08 14:57 . 2011-12-08 14:57 -------- d---a-w- c:\windows\logo1_.exe

2011-12-07 17:06 . 2011-12-07 17:06 -------- d---a-w- c:\windows\VDLL.DLL

2011-12-07 17:06 . 2011-12-07 17:06 -------- d---a-w- c:\windows\RUNDL132.EXE

2011-12-07 17:06 . 2011-12-07 17:06 -------- d---a-w- c:\windows\logo_1.exe

2011-12-06 16:10 . 2011-12-06 16:11 -------- d-----w- c:\documents and settings\All Users\Application Data\MicroWorld

2011-12-06 14:02 . 2011-12-06 14:02 -------- d-----w- c:\documents and settings\esiasennettu\Application Data\SUPERAntiSpyware.com

2011-12-06 13:56 . 2011-12-06 14:02 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-12-06 13:56 . 2011-12-06 13:56 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2011-12-05 18:38 . 2011-12-08 17:11 -------- d-sh--w- C:\DrWeb Quarantine

2011-12-05 18:24 . 2011-12-05 18:24 -------- d-----w- c:\program files\ScripTrap

2011-12-05 14:06 . 2011-12-05 14:06 149272 ----a-w- c:\windows\system32\drivers\dwprot.sys

2011-12-05 14:06 . 2011-12-05 14:06 178904 ----a-w- c:\windows\system32\drivers\DrWebLwf.sys

2011-12-05 14:06 . 2011-12-05 14:06 111896 ----a-w- c:\windows\system32\drivers\spiderg3.sys

2011-12-05 14:06 . 2011-12-05 14:06 55800 ----a-w- c:\windows\system32\drivers\dw_wfp.sys

2011-12-03 18:45 . 2011-12-03 18:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo Downloader

2011-11-30 17:52 . 2011-11-30 17:52 -------- d-----r- C:\Sandbox

2011-11-30 17:51 . 2011-12-06 07:21 -------- d-----w- c:\program files\Sandboxie

2011-11-29 17:51 . 2011-11-29 17:51 -------- d-----w- c:\documents and settings\esiasennettu\Local Settings\Application Data\Sophos

2011-11-27 07:08 . 2011-11-27 07:08 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

2011-11-26 18:45 . 2011-11-26 19:50 -------- d-----w- c:\program files\Nemesis Anti-Spyware

2011-11-26 08:52 . 2011-11-26 08:52 -------- d-----w- c:\program files\Lavasoft

2011-11-25 11:53 . 2011-11-25 13:50 -------- d-----w- c:\documents and settings\esiasennettu\Application Data\Systweak

2011-11-25 11:53 . 2011-11-25 13:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Systweak

2011-11-24 14:06 . 2011-11-24 14:06 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallMate

2011-11-24 13:23 . 2011-11-24 13:23 -------- d-----w- C:\KRSHistory

2011-11-24 13:13 . 2011-11-24 13:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Kingsoft

2011-11-22 14:53 . 2011-11-22 14:53 -------- d-----w- c:\documents and settings\esiasennettu\Application Data\OpenOffice.org

2011-11-22 14:42 . 2011-11-22 14:43 -------- d-----w- c:\program files\OpenOffice.org 3

2011-11-22 14:41 . 2011-11-17 15:49 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll

2011-11-21 16:46 . 2011-11-21 16:46 -------- d-----w- c:\documents and settings\esiasennettu\Application Data\Ashampoo

2011-11-21 14:51 . 2011-11-21 14:51 -------- d-----w- c:\documents and settings\esiasennettu\Local Settings\Application Data\ashampoo

2011-11-21 14:51 . 2011-11-21 14:51 -------- d-----w- c:\documents and settings\All Users\Application Data\ashampoo

2011-11-21 14:50 . 2011-11-21 14:50 -------- d-----w- c:\program files\Ashampoo

2011-11-19 14:28 . 2011-11-19 14:28 -------- d-----w- c:\program files\Rising

2011-11-19 13:11 . 2011-11-19 13:11 -------- d-----w- c:\documents and settings\esiasennettu\Application Data\Autorun Analyzer

2011-11-19 11:09 . 2011-11-19 11:09 11 ----a-w- c:\windows\system32\sys94f3-cff2.sys

2011-11-19 11:09 . 1998-06-23 22:00 140096 ----a-w- c:\windows\system32\COMDLG32.OCX

2011-11-19 11:09 . 1998-06-18 22:00 1701648 ----a-w- c:\windows\system32\VBA6.DLL

2011-11-19 09:59 . 2011-11-19 13:12 -------- d-----w- c:\documents and settings\esiasennettu\Application Data\KillSwitch

2011-11-19 08:39 . 2011-10-19 20:16 20312 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe

2011-11-18 05:07 . 2011-11-18 05:07 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\IObit

2011-11-17 18:33 . 2011-11-17 18:33 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit

2011-11-17 18:31 . 2011-11-17 18:31 -------- d-----w- c:\program files\IObit

2011-11-17 18:22 . 2011-11-17 18:22 -------- d-----w- c:\program files\BitDefender

2011-11-17 18:00 . 2011-11-17 18:06 -------- d-----w- c:\program files\Spybot - Search & Destroy

2011-11-17 16:13 . 2009-09-04 15:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll

2011-11-17 16:11 . 2006-09-28 14:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll

2011-11-17 16:08 . 2011-11-17 18:37 -------- d-----w- c:\windows\Logs

2011-11-17 16:07 . 2011-11-17 16:07 -------- d-----w- c:\program files\Winamp Detect

2011-11-17 16:06 . 2011-03-04 19:44 123888 ------w- c:\windows\system32\pxcpyi64.exe

2011-11-17 16:06 . 2011-03-04 19:44 126448 ------w- c:\windows\system32\pxinsi64.exe

2011-11-17 16:06 . 2011-03-04 19:44 133616 ------w- c:\windows\system32\pxafs.dll

2011-11-17 16:06 . 2011-03-04 19:44 59888 ------w- c:\windows\system32\pxwma.dll

2011-11-17 15:50 . 2011-11-17 15:50 -------- d-----w- c:\program files\Common Files\Java

2011-11-17 15:49 . 2011-11-17 15:49 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-11-17 15:49 . 2011-11-22 14:40 -------- d-----w- c:\program files\Java

2011-11-17 15:39 . 2011-11-17 15:42 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-11-17 15:32 . 2011-11-17 15:32 -------- d-----w- c:\program files\Sierra

2011-11-17 15:25 . 2011-11-17 15:25 -------- d-----w- c:\documents and settings\esiasennettu\Local Settings\Application Data\Secunia PSI

2011-11-13 12:36 . 2011-11-13 14:04 -------- d-----w- C:\sh4ldr

2011-11-13 12:35 . 2011-11-13 14:03 -------- d-----w- c:\windows\1C7CC8E2CFCF41E6A8637C7A45CE8A78.TMP

2011-11-13 12:34 . 2011-11-13 12:34 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

2011-11-11 17:31 . 2011-11-11 17:31 -------- d-----w- c:\windows\system32\SpycatcherAgentSetupTemp

.

.

.

(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-05 14:38 . 2011-10-19 13:02 11264 ----a-w- c:\windows\system32\drivers\uzqwnzm2.sys

2011-12-02 14:03 . 2011-09-17 16:42 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2011-11-22 05:12 . 2011-10-19 16:58 31964 ----a-w- c:\windows\SCHEDLGU.TXT.TMP

2011-11-22 05:12 . 2011-10-19 16:58 30674 ----a-w- c:\windows\MODEMLOG_NOKIA INTERNET STICK CS-17 WIRELESS MODEM DEVICE.TXT.TMP

2011-11-19 11:09 . 2004-05-26 08:09 69632 ----a-w- c:\windows\notepad.exe

2011-11-19 11:09 . 2003-04-25 12:00 146944 ------w- c:\windows\regedit.exe

2011-11-17 15:49 . 2010-09-02 07:04 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-11-08 17:27 . 2011-11-08 17:27 12872 ----a-w- c:\windows\system32\bootdelete.exe

2011-11-03 14:57 . 2011-11-03 14:57 388096 ----a-r- c:\documents and settings\esiasennettu\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-10-29 15:03 . 2011-10-29 15:03 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2011-10-19 17:28 . 2011-10-19 17:28 1700352 ----a-w- c:\windows\system32\gdiplus.dll

2011-10-15 17:12 . 2011-10-15 17:12 2 --shatr- c:\windows\winstart.bat

2011-10-11 16:41 . 2011-10-11 16:41 7967976 ----a-w- C:\virus.zip

2011-10-10 14:22 . 2004-06-07 11:19 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-09-29 14:42 . 2011-09-29 14:42 632064 ----a-w- c:\windows\system32\msvcr80.dll

2011-09-29 14:42 . 2011-09-29 14:42 554240 ----a-w- c:\windows\system32\msvcp80.dll

2011-09-29 14:42 . 2011-09-29 14:42 34048 ----a-w- c:\windows\system32\eEmpty.exe

2011-09-28 07:06 . 2004-05-26 07:55 600576 ----a-w- c:\windows\system32\crypt32.dll

2011-09-26 08:41 . 2008-07-29 16:59 612864 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 08:41 . 2003-04-25 12:00 20992 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-26 08:41 . 2003-04-25 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-25 14:32 . 2011-09-25 14:32 114 ----a-w- c:\documents and settings\esiasennettu\Application Data\netstat.bat

2011-09-20 19:57 . 2011-09-27 17:06 466678 ----a-w- C:\Quarantine.zip

2011-11-21 04:28 . 2011-11-30 15:07 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]

"NokiaInternetModem_AppStart.exe"="c:\program files\Nokia\Nokia Internet Modem\NokiaInternetModem_AppStart.exe" [2011-01-13 129536]

"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2011-05-15 325512]

"SpIDerAgent"="c:\program files\DrWeb\spideragent.exe" [2011-12-05 6003000]

"Firewall"="c:\program files\DrWeb\frwl_notify.exe" [2011-12-05 2088280]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0sasnative32

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DrWebEngine]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"135:TCP"= 135:TCP:DCOM(135)

"5985:TCP"= 5985:TCP:*:Disabled:Windowsin etähallinta

.

R0 DrWebLwf;Dr.Web Firewall Kernel-Mode Driver;c:\windows\system32\drivers\DrWebLwf.sys [5.12.2011 16:06 178904]

R0 DwProt;DrWeb Protection;c:\windows\system32\drivers\dwprot.sys [5.12.2011 16:06 149272]

R0 SpiderG3;DrWeb file system scanner;c:\windows\system32\drivers\spiderg3.sys [5.12.2011 16:06 111896]

R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [26.5.2004 9:36 75904]

R1 1UnHooker;1UnHooker;c:\windows\system32\drivers\1UnHooker.sys [2.3.2010 21:15 22016]

R1 DrWebWfp;DrWebWfp;c:\windows\system32\drivers\dw_wfp.sys [5.12.2011 16:06 55800]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22.7.2011 18:27 12880]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12.7.2011 23:55 67664]

R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [29.10.2011 17:03 101720]

R1 uzqwnzm2;AVZ-RK Kernel Driver;c:\windows\system32\drivers\uzqwnzm2.sys [19.10.2011 15:02 11264]

R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [12.8.2011 1:38 116608]

R2 DrWebAVService;Dr.Web Control Service;c:\program files\DrWeb\dwservice.exe --loglevel=inf --logfile="c:\documents and settings\All Users\Application Data\Doctor Web\Logs\dwservice.log" --> c:\program files\DrWeb\dwservice.exe --loglevel=inf --logfile=c:\documents and settings\All Users\Application Data\Doctor Web\Logs\dwservice.log [?]

R2 DrWebEngine;Dr.Web Scanning Engine (DrWebEngine);c:\program files\Common Files\Doctor Web\Scanning Engine\dwengine.exe [5.12.2011 16:06 1895336]

R2 DrWebFwSvc;Dr.Web Firewall Service;c:\program files\DrWeb\frwl_svc.exe [5.12.2011 16:06 1164240]

R2 DrWebNetFilter;Dr.Web Net Filtering Service;c:\program files\DrWeb\dwnetfilter.exe [5.12.2011 16:06 2116408]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [17.9.2011 18:32 366152]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [17.9.2011 18:32 22216]

R3 nokia_cs1x_cdc_acm;Nokia Internet Stick CDC-ACM driver;c:\windows\system32\drivers\nokia_cs1x_cdc_acm.sys [22.4.2010 14:07 85888]

R3 nokia_cs1x_dc_enum;Nokia Internet Stick DC Enumerator;c:\windows\system32\drivers\nokia_cs1x_dc_enum.sys [22.4.2010 14:07 81408]

S0 raeehd;raeehd; [x]

S1 MpKsl792a8e28;MpKsl792a8e28;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A5A78BD1-8F0F-45A7-ACDC-724889A82E47}\MpKsl792a8e28.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A5A78BD1-8F0F-45A7-ACDC-724889A82E47}\MpKsl792a8e28.sys [?]

S3 48280318;48280318; [x]

S3 esihdrv;esihdrv;\??\c:\docume~1\ESIASE~1\LOCALS~1\Temp\esihdrv.sys --> c:\docume~1\ESIASE~1\LOCALS~1\Temp\esihdrv.sys [?]

S3 nokia_cs1x_cpo;Nokia Internet Stick Mass Storage Device;c:\windows\system32\drivers\nokia_cs1x_cpo.sys [22.4.2010 14:07 9856]

S3 rspSanity;rspSanity;c:\windows\system32\drivers\rspSanity32.sys [15.10.2011 18:13 27192]

S3 SCR33X USB Smart Card Reader;SCR33X USB Smart Card Reader;c:\windows\system32\drivers\SCR33X2K.sys [3.12.2003 3:22 63608]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [25.4.2003 14:00 14336]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

WINRM REG_MULTI_SZ WINRM

.

'Ajoitetut tehtävät'-kansion sisältö

.

2011-12-05 c:\windows\Tasks\Dr.Web Daily scan.job

- c:\program files\DrWeb\dwscanner.exe [2011-12-05 14:08]

.

2011-12-08 c:\windows\Tasks\GlaryInitialize.job

- c:\program files\Glary Utilities\initialize.exe [2011-09-17 06:07]

.

2011-12-08 c:\windows\Tasks\User_Feed_Synchronization-{87AF958F-F7BE-4B8C-B6C4-F53D01EC52BF}.job

- c:\windows\system32\msfeedssync.exe [2007-08-13 01:31]

.

.

------- Täydentävä tarkistus -------

.

uStart Page = hxxp://yle.fi/

uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

TCP: Interfaces\{FBC40346-F393-416F-94E6-20BB3FAB52A4}: NameServer = 62.241.198.245 62.241.198.246

DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll

FF - ProfilePath - c:\documents and settings\esiasennettu\Application Data\Mozilla\Firefox\Profiles\9jwgieal.default\

.

- - - - POISTETUT JÄMÄRIVIT - - - -

.

HKCU-Run-NoVirusThanks Malware Remover Free Startup - (no file)

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-12-08 19:40

Windows 5.1.2600 Service Pack 3 NTFS

.

tarkistaa piilotettuja prosesseja ...

.

tarkistaa piilotettuja käynnistysarvoja ...

.

tarkistaa piilotettuja tiedostoja ...

.

tarkistus on valmis

piilotetut tiedostot: 0

.

**************************************************************************

"ImagePath"="system32\drivers\dwprot.sys"

"Name"="ImagePath"

"ImagePath"="system32\drivers\dwprot.sys"

"Name"="ImagePath"

"Name"="ImagePath"

.

--------------------- LUKITUT REKISTERIAVAIMET ---------------------

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ÿcÓw*]

"b049C053C7D38EE4AB9A00CB3B5D2472"="C?\\Program Files\\Common Files\\Microsoft Shared\\Web Folders\\PUBPLACE.HTT"

.

--------------------- Prosesseihin ladatut DLLt ---------------------

.

- - - - - - - > 'winlogon.exe'(544)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

c:\windows\system32\Ati2evxx.dll

.

Valmistumisajankohta: 2011-12-08 19:43:18

ComboFix-quarantined-files.txt 2011-12-08 17:43

ComboFix2.txt 2011-12-01 16:31

.

Ennen ajoa: 97 692 090 368 tavua vapaana

Ajon jälkeen: 98 481 459 200 tavua vapaana

.

- - End Of File - - 99534F6195483D530CB7BA2F62BFADCF

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29

Run by esiasennettu at 19:48:41 on 2011-12-08

Microsoft Windows XP Home Edition 5.1.2600.3.1252.358.1035.18.1023.414 [GMT 2:00]

.

AV: Digital Patrol *Enabled/Updated* {35237DD9-776F-4485-A7AF-729074E24B96}

AV: Doctor Web Anti-Virus *Disabled/Updated* {3454C8F1-ECBC-4180-A6F4-04632FBA762B}

FW: Dr.Web Firewall *Enabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

C:\WINDOWS\system32\svchost.exe -k rpcss

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwengine.exe

C:\Program Files\DrWeb\dwservice.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe

C:\Program Files\DrWeb\spideragent.exe

C:\Program Files\DrWeb\dwnetfilter.exe

C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

C:\Program Files\DrWeb\frwl_svc.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\DrWeb\frwl_notify.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwengine.exe

svchost.exe

C:\Program Files\Nokia\Nokia Internet Modem\NokiaInternetModem.exe

C:\WINDOWS\explorer.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://yle.fi/

uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [NokiaInternetModem_AppStart.exe] "c:\program files\nokia\nokia internet modem\nokiainternetmodem_appstart.exe" "-start" "c:\program files\nokia\nokia internet modem\NokiaInternetModem.exe"

mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot

mRun: [spIDerAgent] "c:\program files\drweb\spideragent.exe"

mRun: [Firewall] "c:\program files\drweb\frwl_notify.exe"

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1094125632796

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38133.0274421296

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

TCP: Interfaces\{FBC40346-F393-416F-94E6-20BB3FAB52A4} : NameServer = 62.241.198.245 62.241.198.246

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

Notify: AtiExtEvent - Ati2evxx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\esiasennettu\application data\mozilla\firefox\profiles\9jwgieal.default\

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll

.

============= SERVICES / DRIVERS ===============

.

R0 DrWebLwf;Dr.Web Firewall Kernel-Mode Driver;c:\windows\system32\drivers\DrWebLwf.sys [2011-12-5 178904]

R0 DwProt;DrWeb Protection;c:\windows\system32\drivers\dwprot.sys [2011-12-5 149272]

R0 SpiderG3;DrWeb file system scanner;c:\windows\system32\drivers\spiderg3.sys [2011-12-5 111896]

R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [2004-5-26 75904]

R1 1UnHooker;1UnHooker;c:\windows\system32\drivers\1UnHooker.sys [2010-3-2 22016]

R1 DrWebWfp;DrWebWfp;c:\windows\system32\drivers\dw_wfp.sys [2011-12-5 55800]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]

R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2011-10-29 101720]

R1 uzqwnzm2;AVZ-RK Kernel Driver;c:\windows\system32\drivers\uzqwnzm2.sys [2011-10-19 11264]

R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-12 116608]

R2 DrWebAVService;Dr.Web Control Service;c:\program files\drweb\dwservice.exe --loglevel=inf --logfile="c:\documents and settings\all users\application data\doctor web\logs\dwservice.log" --> c:\program files\drweb\dwservice.exe --loglevel=inf --logfile=c:\documents and settings\all users\application data\doctor web\logs\dwservice.log [?]

R2 DrWebEngine;Dr.Web Scanning Engine (DrWebEngine);c:\program files\common files\doctor web\scanning engine\dwengine.exe [2011-12-5 1895336]

R2 DrWebFwSvc;Dr.Web Firewall Service;c:\program files\drweb\frwl_svc.exe [2011-12-5 1164240]

R2 DrWebNetFilter;Dr.Web Net Filtering Service;c:\program files\drweb\dwnetfilter.exe [2011-12-5 2116408]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-9-17 366152]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-9-17 22216]

R3 nokia_cs1x_cdc_acm;Nokia Internet Stick CDC-ACM driver;c:\windows\system32\drivers\nokia_cs1x_cdc_acm.sys [2010-4-22 85888]

R3 nokia_cs1x_dc_enum;Nokia Internet Stick DC Enumerator;c:\windows\system32\drivers\nokia_cs1x_dc_enum.sys [2010-4-22 81408]

S0 raeehd;raeehd; [x]

S1 MpKsl792a8e28;MpKsl792a8e28;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a5a78bd1-8f0f-45a7-acdc-724889a82e47}\mpksl792a8e28.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a5a78bd1-8f0f-45a7-acdc-724889a82e47}\MpKsl792a8e28.sys [?]

S3 48280318;48280318; [x]

S3 esihdrv;esihdrv;\??\c:\docume~1\esiase~1\locals~1\temp\esihdrv.sys --> c:\docume~1\esiase~1\locals~1\temp\esihdrv.sys [?]

S3 nokia_cs1x_cpo;Nokia Internet Stick Mass Storage Device;c:\windows\system32\drivers\nokia_cs1x_cpo.sys [2010-4-22 9856]

S3 rspSanity;rspSanity;c:\windows\system32\drivers\rspSanity32.sys [2011-10-15 27192]

S3 SCR33X USB Smart Card Reader;SCR33X USB Smart Card Reader;c:\windows\system32\drivers\SCR33X2K.sys [2003-12-3 63608]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2003-4-25 14336]

.

=============== Created Last 30 ================

.

2011-12-08 14:57:13 -------- d---a-w- c:\windows\rundll16.exe

2011-12-08 14:57:13 -------- d---a-w- c:\windows\logo1_.exe

2011-12-07 17:32:43 98816 ----a-w- c:\windows\sed.exe

2011-12-07 17:32:43 518144 ----a-w- c:\windows\SWREG.exe

2011-12-07 17:32:43 256000 ----a-w- c:\windows\PEV.exe

2011-12-07 17:32:43 208896 ----a-w- c:\windows\MBR.exe

2011-12-07 17:06:31 -------- d---a-w- c:\windows\VDLL.DLL

2011-12-07 17:06:31 -------- d---a-w- c:\windows\RUNDL132.EXE

2011-12-07 17:06:31 -------- d---a-w- c:\windows\logo_1.exe

2011-12-06 16:10:53 -------- d-----w- c:\documents and settings\all users\application data\MicroWorld

2011-12-06 14:02:52 -------- d-----w- c:\documents and settings\esiasennettu\application data\SUPERAntiSpyware.com

2011-12-06 13:56:26 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-12-06 13:56:26 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com

2011-12-05 18:38:55 -------- d-sh--w- C:\DrWeb Quarantine

2011-12-05 18:24:59 -------- d-----w- c:\program files\ScripTrap

2011-12-05 14:06:40 149272 ----a-w- c:\windows\system32\drivers\dwprot.sys

2011-12-05 14:06:39 178904 ----a-w- c:\windows\system32\drivers\DrWebLwf.sys

2011-12-05 14:06:33 111896 ----a-w- c:\windows\system32\drivers\spiderg3.sys

2011-12-05 14:06:29 55800 ----a-w- c:\windows\system32\drivers\dw_wfp.sys

2011-12-03 18:45:45 -------- d-----w- c:\documents and settings\all users\application data\Comodo Downloader

2011-11-30 17:52:31 -------- d-----r- C:\Sandbox

2011-11-30 17:51:07 -------- d-----w- c:\program files\Sandboxie

2011-11-29 17:51:35 -------- d-----w- c:\documents and settings\esiasennettu\local settings\application data\Sophos

2011-11-26 18:45:32 -------- d-----w- c:\program files\Nemesis Anti-Spyware

2011-11-26 08:52:38 -------- d-----w- c:\program files\Lavasoft

2011-11-25 11:53:43 -------- d-----w- c:\documents and settings\esiasennettu\application data\Systweak

2011-11-25 11:53:43 -------- d-----w- c:\documents and settings\all users\application data\Systweak

2011-11-24 14:06:50 -------- d-----w- c:\documents and settings\all users\application data\InstallMate

2011-11-24 13:23:43 -------- d-----w- C:\KRSHistory

2011-11-24 13:13:28 -------- d-----w- c:\documents and settings\all users\application data\Kingsoft

2011-11-22 14:53:21 -------- d-----w- c:\documents and settings\esiasennettu\application data\OpenOffice.org

2011-11-22 14:42:38 -------- d-----w- c:\program files\OpenOffice.org 3

2011-11-22 14:41:19 476904 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll

2011-11-21 16:46:42 -------- d-----w- c:\documents and settings\esiasennettu\application data\Ashampoo

2011-11-21 14:51:07 -------- d-----w- c:\documents and settings\esiasennettu\local settings\application data\ashampoo

2011-11-21 14:51:07 -------- d-----w- c:\documents and settings\all users\application data\ashampoo

2011-11-21 14:50:15 -------- d-----w- c:\program files\Ashampoo

2011-11-19 14:28:01 -------- d-----w- c:\program files\Rising

2011-11-19 13:11:39 -------- d-----w- c:\documents and settings\esiasennettu\application data\Autorun Analyzer

2011-11-19 11:09:23 11 ----a-w- c:\windows\system32\sys94f3-cff2.sys

2011-11-19 11:09:19 1701648 ----a-w- c:\windows\system32\VBA6.DLL

2011-11-19 11:09:19 140096 ----a-w- c:\windows\system32\COMDLG32.OCX

2011-11-19 09:59:56 -------- d-----w- c:\documents and settings\esiasennettu\application data\KillSwitch

2011-11-19 08:39:47 20312 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe

2011-11-17 18:33:26 -------- d-----w- c:\documents and settings\all users\application data\IObit

2011-11-17 18:31:06 -------- d-----w- c:\program files\IObit

2011-11-17 18:22:50 -------- d-----w- c:\program files\BitDefender

2011-11-17 18:00:41 -------- d-----w- c:\program files\Spybot - Search & Destroy

2011-11-17 16:13:13 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll

2011-11-17 16:11:55 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll

2011-11-17 16:08:10 -------- d-----w- c:\windows\Logs

2011-11-17 16:07:34 -------- d-----w- c:\program files\Winamp Detect

2011-11-17 16:06:55 123888 ------w- c:\windows\system32\pxcpyi64.exe

2011-11-17 16:06:54 126448 ------w- c:\windows\system32\pxinsi64.exe

2011-11-17 16:06:52 133616 ------w- c:\windows\system32\pxafs.dll

2011-11-17 16:06:51 59888 ------w- c:\windows\system32\pxwma.dll

2011-11-17 15:49:56 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-11-17 15:39:57 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-11-17 15:32:30 -------- d-----w- c:\program files\Sierra

2011-11-17 15:25:01 -------- d-----w- c:\documents and settings\esiasennettu\local settings\application data\Secunia PSI

2011-11-13 12:36:27 -------- d-----w- C:\sh4ldr

2011-11-13 12:35:09 -------- d-----w- c:\windows\1C7CC8E2CFCF41E6A8637C7A45CE8A78.TMP

2011-11-13 12:34:25 -------- d-----w- c:\program files\common files\Wise Installation Wizard

2011-11-11 17:31:41 -------- d-----w- c:\windows\system32\SpycatcherAgentSetupTemp

.

==================== Find3M ====================

.

2011-12-05 14:38:42 11264 ----a-w- c:\windows\system32\drivers\uzqwnzm2.sys

2011-12-02 14:03:52 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2011-11-22 05:12:51 31964 ----a-w- c:\windows\SCHEDLGU.TXT.TMP

2011-11-22 05:12:51 30674 ----a-w- c:\windows\MODEMLOG_NOKIA INTERNET STICK CS-17 WIRELESS MODEM DEVICE.TXT.TMP

2011-11-19 11:09:23 69632 ----a-w- c:\windows\notepad.exe

2011-11-19 11:09:23 146944 ------w- c:\windows\regedit.exe

2011-11-17 15:49:04 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-11-08 17:27:59 12872 ----a-w- c:\windows\system32\bootdelete.exe

2011-10-29 15:03:29 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2011-10-19 17:28:30 1700352 ----a-w- c:\windows\system32\gdiplus.dll

2011-10-15 17:12:12 2 --shatr- c:\windows\winstart.bat

2011-10-10 14:22:55 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-09-29 14:42:41 632064 ----a-w- c:\windows\system32\msvcr80.dll

2011-09-29 14:42:40 554240 ----a-w- c:\windows\system32\msvcp80.dll

2011-09-29 14:42:39 34048 ----a-w- c:\windows\system32\eEmpty.exe

2011-09-28 07:06:44 600576 ----a-w- c:\windows\system32\crypt32.dll

2011-09-26 08:41:48 612864 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 08:41:48 20992 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-26 08:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-25 14:32:06 114 ----a-w- c:\documents and settings\esiasennettu\application data\netstat.bat

.

============= FINISH: 19:49:18,23 ===============

attach.zip

Link to post
Share on other sites

Guest BlairWitch

Hi,

I suggest uninstalling Digital Patrol; it's practically a rogue program. Reboot after.

What symptoms of infection are you currently experiencing?

Hello, At the moment i am not experiencing any problems. The connections to those strange addressess have disappeared since i uninstalled foxitreader. I have also uninstalled Digital Patrol but for some reason many programs like combofix and threatfire detects it as being installed.

Link to post
Share on other sites

  • Staff

Hi,

Good news!

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

Link to post
Share on other sites

  • 3 weeks later...
Guest BlairWitch

Hello and sorry that it took me some time to reply... Eset online scanner did not find anything. Here is the security check log:

Results of screen317's Security Check version 0.99.30

Windows XP Service Pack 3 x86

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

BullGuard Antivirus

ESET Online Scanner v3

PC Tools Firewall Plus 7.0

```````````````````````````````

Anti-malware/Other Utilities Check:

MVPS Hosts File

SpywareBlaster 4.4

xp-AntiSpy 3.97-11

Spybot - Search & Destroy

SUPERAntiSpyware

CCleaner

Java 6 Update 22

Java 6 Update 29

Java version out of date!

Adobe Flash Player 10.3.183.11 Flash Player out of Date!

Mozilla Firefox 8.0.1 Firefox out of Date!

````````````````````````````````

Process Check:

objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe

Malwarebytes' Anti-Malware mbamgui.exe

BullGuard Ltd BullGuard Antivirus BullGuardBhvScanner.exe

BullGuard Ltd BullGuard Antivirus BullGuardScanner.exe

BullGuard Ltd BullGuard Antivirus BullGuardUpdate.exe

BullGuard Ltd BullGuard Antivirus BullGuard.exe

PC Tools Firewall Plus FirewallGUI.exe

PC Tools Firewall Plus FWService.exe

``````````End of Log````````````

I also tried this command line thing that i found from one site... So i entered to the command line the command ipconfig /displaydns and this was the result...

Windows IP-määritykset

www.5starsblog.com

----------------------------------------

Tietueen nimi: www.5starsblog.com

Tietueen tyyppi: 1

Elinaika (TTL): 591412

Tietojen pituus: 4

Osa: Vastaus

(Isäntä)tietue . . . : 127.0.0.1

www.adtrak.net

----------------------------------------

Tietueen nimi: www.adtrak.net

Tietueen tyyppi: 1

Elinaika (TTL): 591412

Tietojen pituus: 4

Osa: Vastaus

(Isäntä)tietue . . . : 127.0.0.1

aivira.de

----------------------------------------

Tietueen nimi: aivira.de

Tietueen tyyppi: 1

Elinaika (TTL): 591412

Tietojen pituus: 4

Osa: Vastaus

(Isäntä)tietue . . . : 127.0.0.1

americanautobargains.com

----------------------------------------

Tietueen nimi: americanautobargains.com

Tietueen tyyppi: 1

Elinaika (TTL): 591412

Tietojen pituus: 4

Osa: Vastaus

(Isäntä)tietue . . . : 127.0.0.1

antispyware2008.name

----------------------------------------

Tietueen nimi: antispyware2008.name

Tietueen tyyppi: 1

Elinaika (TTL): 591412

Tietojen pituus: 4

Osa: Vastaus

(Isäntä)tietue . . . : 127.0.0.1

www.antispywarexp.com

----------------------------------------

Tietueen nimi: www.antispywarexp.com

Tietueen tyyppi: 1

Elinaika (TTL): 591412

Tietojen pituus: 4

Osa: Vastaus

(Isäntä)tietue . . . : 127.0.0.1

antivirus-2008-pro.com

----------------------------------------

Tietueen nimi: antivirus-2008-pro.com

Tietueen tyyppi: 1

Elinaika (TTL): 591412

Tietojen pituus: 4

Osa: Vastaus

(Isäntä)tietue . . . : 127.0.0.1

www.antivirus2008pro.info

----------------------------------------

Tietueen nimi: www.antivirus2008pro.info

Tietueen tyyppi: 1

Elinaika (TTL): 591412

Tietojen pituus: 4

Osa: Vastaus

(Isäntä)tietue . . . : 127.0.0.1

antivirus-2008-pro.org

----------------------------------------

Tietueen nimi: antivirus-2008-pro.org

Tietueen tyyppi: 1

Elinaika (TTL): 591412

Tietojen pituus: 4

Osa: Vastaus

(Isäntä)tietue . . . : 127.0.0.1

www.antivirussuite.com

----------------------------------------

Tietueen nimi: www.antivirussuite.com

Tietueen tyyppi: 1

Elinaika (TTL): 591412

Tietojen pituus: 4

Osa: Vastaus

(Isäntä)tietue . . . : 127.0.0.1

www.antoivir.de

----------------------------------------

Osa: Vastaus

(Isäntä)tietue . . . : 127.0.0.1

www.axemediasoftware.com

----------------------------------------

All is well now exept those strange connections that are looped back to my computer.

Link to post
Share on other sites

Guest BlairWitch

Post the first 10 lines of your HOSTS file here.

Here are the first 10 lines:

# Start of entries inserted by Spybot - Search & Destroy

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

Link to post
Share on other sites

  • 1 month later...
  • Staff

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.