Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page hijackthis log
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
 
LinkBack Thread Tools
Old 11-11-2008, 06:09 AM   #1 (permalink)
Registered User
 
Join Date: Nov 2008
Posts: 7
OS: xp home


hijackthis log
Hello:
My IE browser looks like it is being hijacked to this site:
hxxp://www.metacafe.com/watch/101735...tation_device/

Thank you for your help

Here is my log:
Logfile of HijackThis v1.99.1
Scan saved at 7:55:31 AM, on 11/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\slpservice.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\slpmonx.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
c:\program files\timbuktu pro\tb2launch.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\program files\timbuktu pro\minitb2.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\hplamp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\DVDREG~1\DVDRegionFree.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\KTMiller\Desktop\stinger1001602.exe
E:\Back-up folder\Downloads\AntiVirus Fixes\hijackthis1991.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {598F4775-6FB6-477B-9842-E0426824E077} - C:\DOCUME~1\KTMiller\LOCALS~1\Temp\~DP3.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [TLogonPath] "c:\program files\timbuktu pro\minitb2.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R320 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE /P30 "EPSON Stylus Photo R320 Series" /O6 "USB002" /M "Stylus Photo R320"
O4 - HKLM\..\Run: [HP Lamp] "C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\hplamp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [Run] "C:\Documents and Settings\KTMiller\Application Data\Adobe\Manager.exe"
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} (CentraUpdaterAxCtl Class) - http://210.118.63.201:8080/SiteRoots...aUpdaterAx.cab
O16 - DPF: {03F49E0E-C43A-4037-BBD6-D681E998A08E} (CodeAx Class) - http://stels.sec.samsung.com/common/.../CM_CodeAx.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/...oUploader5.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {5CB1506E-1DEA-4E63-89A7-E40E52AEA1FD} (OnagerCtrl Class) - http://fulfillment.puretracks.com/onager.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1218397217406
O16 - DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} (XecureWeb 4.0 Client Control) - http://download.softforum.co.kr/Publ...xw_install.cab
O16 - DPF: {F2B7C894-49BD-4582-A142-0AE1C99460C2} (CodeAxNew Class) - http://stels.sec.samsung.com/common/..._CodeAxNew.cab
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: SLPMONX - ProdEx Technologies - C:\WINDOWS\system32\slpservice.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Tb2 Launch (Tb2Launch) - Netopia, Inc. - c:\program files\timbuktu pro\tb2launch.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)
Last edited by tetonbob; 11-11-2008 at 09:42 AM. Reason: munged suspect link. Do NOT post these.
seadoo1992 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 11-16-2008, 10:31 AM   #2 (permalink)
Moderator, Analyst, Security Team ; Rangemaster, TSF Academy
 
amateur's Avatar
 
Join Date: Jun 2006
Location: USA
Posts: 7,327
OS: XP SP3


Re: hijackthis log
Hello and welcome to TSF.

Apologies for the delay in response. If you haven't received help elsewhere already and still require assistance, please post the logs requested in our pre-posting process outlined below:

http://www.techsupportforum.com/secu...oval-help.html

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the forum is very busy and if I don't hear from you in three days this thread will be closed.
__________________
My services are free. However, you can donate to TSF to help keep it running.




Member of ASAP since 2005
Member of UNITE since 2006
amateur is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-17-2008, 06:28 PM   #3 (permalink)
Registered User
 
Join Date: Nov 2008
Posts: 7
OS: xp home


Re: hijackthis log
Hello:
My IE6 browser looks like it is being hijacked to this site:
hxxp://www.metacafe.com/watch/1017351/build_levitation_device/
hxxp://www.metacafe.com/watch/508368/how_to_cut_a_glass_bottle/


Thank you for your help



DDS (Version 1.0) - NTFSx86
Run by MyPC at 20:12:57.65 on Mon 11/17/2008
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1527.882 [GMT -5:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\slpservice.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\slpmonx.exe
c:\program files\timbuktu pro\tb2launch.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\program files\timbuktu pro\minitb2.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\hplamp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Documents and Settings\KTMiller\Application Data\Adobe\Manager.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\DVD Region+CSS Free\DVDRegionFree.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\KTMiller\Desktop\dds.scr

============== Psuedo HJT Report ===============

uStart Page = hxxp://sympatico.msn.ca/
uInternet Settings,ProxyOverride = *.local
BHO: {00C6482D-C502-44C8-8409-FCE54AD9C208} - c:\program files\techsmith\snagit 8\SnagItBHO.dll
BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\adobe\acrobat 6.0\acrobat\activex\AcroIEHelper.dll
BHO: {598F4775-6FB6-477B-9842-E0426824E077} - c:\docume~1\ktmiller\locals~1\temp\~DP3.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\4.1.805.4472\swg.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - c:\program files\techsmith\snagit 8\SnagItIEAddin.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
uRun: [<NO NAME>]
uRun: [ATI Remote Control] c:\program files\ati multimedia\remctrl\ATIRW.exe
uRun: [Run] "c:\documents and settings\ktmiller\application data\adobe\Manager.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [TLogonPath] "c:\program files\timbuktu pro\minitb2.exe"
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [SecurDisc] c:\program files\nero\nero 7\incd\NBHGui.exe
mRun: [InCD] c:\program files\nero\nero 7\incd\InCD.exe
mRun: [Microsoft Works Update Detection] c:\program files\common files\microsoft shared\works shared\WkUFind.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
mRun: [HPHUPD05] c:\program files\hewlett-packard\{45b6180b-dcab-4093-8ee8-6164457517f0}\hphupd05.exe
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [HP Software Update] "c:\program files\hewlett-packard\hp software update\HPWuSchd.exe"
mRun: [HPHmon05] c:\windows\system32\hphmon05.exe
mRun: [EPSON Stylus Photo R320 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATI9FA.EXE /P30 "EPSON Stylus Photo R320 Series" /O6 "USB002" /M "Stylus Photo R320"
mRun: [HP Lamp] "c:\program files\hewlett-packard\hp precisionscan\precisionscan pro\hplamp.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimage\TrueImageMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
StartupFolder: c:\docume~1\ktmiller\startm~1\programs\startup\outloo~1.lnk - c:\program files\outlook express\msimn.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\apcups~1.lnk - c:\program files\apc\apc powerchute personal edition\Display.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: igfxcui - igfxdev.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SEH: {93994DE8-8239-4655-B1D1-5F4E91300429} - c:\program files\dvd region+css free\DVDShell.dll
LSA: Authentication Packages = msv1_0 relog_ap

============= SERVICES / DRIVERS ===============

R1 Tb2MirrorSys;TB2 Remote Control Mirror Driver;NetopiaRC\Tb2MirrorSys.sys

=============== Created Last 30 ================

2008-11-17 20:06 250 a------- c:\windows\gmer.ini
2008-11-15 02:28 87,608 a------- c:\docume~1\ktmiller\applic~1\inst.exe
2008-11-15 02:28 <DIR> --d----- c:\program files\DVDFab 5
2008-11-15 01:59 <DIR> --d----- c:\docume~1\ktmiller\applic~1\1ClickDVDCopy
2008-11-15 01:57 81,920 a------- c:\docume~1\ktmiller\applic~1\ezpinst.exe
2008-11-15 01:57 47,360 a------- c:\windows\system32\drivers\pcouffin.sys
2008-11-15 01:57 47,360 a------- c:\docume~1\ktmiller\applic~1\pcouffin.sys
2008-11-15 01:57 <DIR> --d----- c:\docume~1\ktmiller\applic~1\Vso
2008-11-15 01:57 <DIR> --d----- c:\program files\LG Software Innovations
2008-11-11 23:31 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2008-11-09 08:54 1,725 a---h--- C:\hpothb07.tif
2008-11-09 08:54 910 a---h--- C:\hpothb07.dat
2008-11-03 23:03 37,027 a------- c:\windows\atmoUn.exe
2008-11-03 23:03 <DIR> --d----- c:\program files\Viewpoint
2008-11-03 23:03 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Viewpoint
2008-10-29 16:32 <DIR> --d----- C:\USMT

==================== Find3M ====================

2008-11-15 02:40 <DIR> --d----- c:\program files\DVD Region+CSS Free
2008-11-15 02:31 <DIR> --d----- c:\program files\Symantec AntiVirus
2008-10-29 16:31 <DIR> --d----- c:\docume~1\ktmiller\applic~1\Tunebite
2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll
2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll
2008-09-27 15:30 <DIR> --d----- c:\docume~1\ktmiller\applic~1\Creative Memories Photo Center
2008-09-17 19:48 <DIR> --d----- c:\docume~1\ktmiller\applic~1\Saba
2008-09-17 19:41 <DIR> --d----- c:\docume~1\ktmiller\applic~1\Centra
2008-09-15 07:12 1,846,400 a------- c:\windows\system32\win32k.sys
2008-09-13 23:04 <DIR> --d----- c:\docume~1\alluse~1\applic~1\RapidSolution
2008-09-13 22:17 <DIR> --d----- c:\docume~1\ktmiller\applic~1\.ABC
2008-09-11 22:07 <DIR> --d----- c:\docume~1\ktmiller\applic~1\Creative Memories
2008-09-11 22:07 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Creative Memories
2008-09-09 20:14 1,307,648 a------- c:\windows\system32\msxml6.dll
2008-09-05 16:58 59,580 a------- c:\windows\system32\unins000.dat
2008-09-05 16:57 695,834 a------- c:\windows\system32\unins000.exe
2008-09-04 12:15 1,106,944 a------- c:\windows\system32\msxml3.dll
2008-09-03 16:41 119,296 a------- c:\windows\system32\libmpeg2_ff.dll
2008-09-03 16:35 3,571,712 a------- c:\windows\system32\libavcodec.dll
2008-08-30 13:24 695,808 a------- c:\windows\system32\ff_x264.dll
2008-08-26 14:11 987,136 a------- c:\windows\system32\VSFilter.dll
2008-08-23 16:24 178,176 a------- c:\windows\system32\ff_theora.dll
2008-08-20 00:30 666,112 a------- c:\windows\system32\wininet.dll
2008-08-12 14:48 <DIR> --d----- c:\docume~1\alluse~1\applic~1\LightScribe
2008-08-10 21:17 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ATI MMC
2008-08-10 15:53 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Nero
2008-08-10 14:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Symantec

============= FINISH: 20:13:10.31 ===============
Attached Files
File Type: txt Attach.txt (6.3 KB, 1 views)
File Type: txt Gmer.txt (6.2 KB, 2 views)
seadoo1992 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-17-2008, 06:54 PM   #4 (permalink)
Moderator, Analyst, Security Team ; Rangemaster, TSF Academy
 
amateur's Avatar
 
Join Date: Jun 2006
Location: USA
Posts: 7,327
OS: XP SP3


Re: hijackthis log
Hi seadoo1992,

Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
__________________
My services are free. However, you can donate to TSF to help keep it running.




Member of ASAP since 2005
Member of UNITE since 2006
amateur is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-17-2008, 07:09 PM   #5 (permalink)
Registered User
 
Join Date: Nov 2008
Posts: 7
OS: xp home


Re: hijackthis log
ComboFix 08-11-16.05 - MyPC 2008-11-17 20:59:18.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.873 [GMT -5:00]
Running from: c:\documents and settings\KTMiller\Desktop\New Folder\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\KTMiller\Application Data\Adobe\crc.dat
c:\documents and settings\KTMiller\Application Data\Adobe\Manager.exe
c:\documents and settings\KTMiller\Application Data\inst.exe
d:\my documents\SSTEM~1

----- BITS: Possible infected sites -----

hxxp://lovelypornovideo.net
hxxp://pornotube30.net
.
((((((((((((((((((((((((( Files Created from 2008-10-18 to 2008-11-18 )))))))))))))))))))))))))))))))
.

2008-11-17 20:06 . 2008-11-17 20:06 250 --a------ c:\windows\gmer.ini
2008-11-15 02:28 . 2008-11-15 02:28 <DIR> d-------- c:\program files\DVDFab 5
2008-11-15 01:59 . 2008-11-15 02:11 <DIR> d-------- c:\documents and settings\KTMiller\Application Data\1ClickDVDCopy
2008-11-15 01:57 . 2008-11-15 01:57 <DIR> d-------- c:\program files\LG Software Innovations
2008-11-15 01:57 . 2008-11-15 08:45 <DIR> d-------- c:\documents and settings\KTMiller\Application Data\Vso
2008-11-15 01:57 . 2008-11-15 01:57 81,920 --a------ c:\documents and settings\KTMiller\Application Data\ezpinst.exe
2008-11-15 01:57 . 2008-11-15 02:28 47,360 --a------ c:\windows\system32\drivers\pcouffin.sys
2008-11-15 01:57 . 2008-11-15 02:28 47,360 --a------ c:\documents and settings\KTMiller\Application Data\pcouffin.sys
2008-11-11 23:31 . 2008-10-24 06:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-09 08:54 . 2008-11-09 08:54 1,725 --ah----- C:\hpothb07.tif
2008-11-09 08:54 . 2008-11-09 08:54 910 --ah----- C:\hpothb07.dat
2008-11-09 08:44 . 2008-11-09 08:44 <DIR> d-------- c:\documents and settings\KTMiller\Application Data\ArcSoft
2008-11-03 23:03 . 2008-11-03 23:03 <DIR> d-------- c:\program files\Viewpoint
2008-11-03 23:03 . 2008-11-03 23:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\Viewpoint
2008-11-03 23:03 . 2008-11-03 23:03 37,027 --a------ c:\windows\atmoUn.exe
2008-10-29 16:32 . 2008-10-29 16:33 <DIR> d-------- C:\USMT

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-18 02:03 --------- d-----w c:\program files\Symantec AntiVirus
2008-11-17 21:11 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2008-11-15 07:40 --------- d-----w c:\program files\DVD Region+CSS Free
2008-11-04 04:03 --------- d-----w c:\documents and settings\KTMiller\Application Data\AdobeUM
2008-10-29 21:31 --------- d-----w c:\documents and settings\KTMiller\Application Data\Tunebite
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 19:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 19:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-09-30 21:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-27 20:30 --------- d-----w c:\documents and settings\KTMiller\Application Data\Creative Memories Photo Center
2008-09-18 00:48 --------- d-----w c:\documents and settings\KTMiller\Application Data\Saba
2008-09-18 00:41 --------- d-----w c:\program files\Centra
2008-09-18 00:41 --------- d-----w c:\documents and settings\KTMiller\Application Data\Centra
2008-09-18 00:31 --------- d-----w c:\program files\SoftForum
2008-09-18 00:31 --------- d-----w c:\program files\NPKI
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-14 04:02 85 ----a-w C:\755.bat
2008-09-10 01:14 1,307,648 ----a-w c:\windows\system32\msxml6.dll
2008-09-05 21:57 695,834 ----a-w c:\windows\system32\unins000.exe
2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-09-03 21:41 119,296 ----a-w c:\windows\system32\libmpeg2_ff.dll
2008-09-03 21:35 3,571,712 ----a-w c:\windows\system32\libavcodec.dll
2008-08-30 18:24 695,808 ----a-w c:\windows\system32\ff_x264.dll
2008-08-26 19:11 987,136 ----a-w c:\windows\system32\VSFilter.dll
2008-08-23 21:24 178,176 ----a-w c:\windows\system32\ff_theora.dll
2008-08-20 05:30 666,112 ----a-w c:\windows\system32\wininet.dll
2008-06-12 00:51 32 ----a-r c:\documents and settings\All Users\hash.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATI Remote Control"="c:\program files\ATI Multimedia\RemCtrl\ATIRW.exe" [2005-02-21 1482752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-04-05 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-05 77824]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-05 114688]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 849280]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-11-21 813912]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 52896]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-09-27 125168]
"TLogonPath"="c:\program files\timbuktu pro\minitb2.exe" [2001-11-02 61440]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-02-12 1620480]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-02-12 1050112]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-09 28672]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-05-07 188416]
"HPHUPD05"="c:\program files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-05-22 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-04-08 212992]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2002-12-17 49152]
"HPHmon05"="c:\windows\system32\hphmon05.exe" [2003-05-22 483328]
"EPSON Stylus Photo R320 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE" [2004-04-26 98304]
"HP Lamp"="c:\program files\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\hplamp.exe" [2001-04-27 53248]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-31 385024]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-02-19 267048]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-07-08 925696]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImage\TrueImageMonitor.exe" [2005-09-29 976085]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2005-09-29 118784]

c:\documents and settings\KTMiller\Start Menu\Programs\Startup\
Outlook Express.lnk - c:\program files\Outlook Express\msimn.exe [2008-08-10 60416]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-23 217194]
APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2008-08-10 209016]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\program files\DVD Region+CSS Free\DVDShell.dll" [2004-10-09 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm
"msacm.avis"= ff_acm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\timbuktu pro\\minitb2.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\ABC\\abc.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\timbuktu pro\\tb2pro.exe"=

R1 Tb2MirrorSys;TB2 Remote Control Mirror Driver;NetopiaRC\Tb2MirrorSys.sys []

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}]
c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder

2008-11-10 c:\windows\Tasks\HP DArC Task #Hewlett-Packard#140#CN35V120V46P.job
- c:\program files\HP\hpcoretech\comp\hpdarc.exe [2003-04-08 11:45]

2008-11-17 c:\windows\Tasks\HP Usg Daily.job
- c:\program files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\pexpress\hphped05.exe [2003-05-22 08:03]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)


.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\KTMiller\Application Data\Mozilla\Firefox\Profiles\hiqar151.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://sympatico.msn.ca/
FF -: plugin - c:\program files\Adobe\Acrobat 6.0\Acrobat\browser\nppdf32.dll
FF -: plugin - c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-17 21:02:23
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\APC\APC PowerChute Personal Edition\mainserv.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Nero\Nero 7\InCD\InCDsrv.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\windows\system32\wdfmgr.exe
c:\program files\timbuktu pro\tb2launch.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Symantec AntiVirus\DoScan.exe
c:\windows\system32\rundll32.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\APC\APC PowerChute Personal Edition\apcsystray.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\SyncServer.exe
c:\windows\system32\verclsid.exe
.
**************************************************************************
.
Completion time: 2008-11-17 21:05:06 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-18 02:05:01

Pre-Run: 68,674,088,960 bytes free
Post-Run: 69,586,030,592 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

204 --- E O F --- 2008-11-12 10:57:56
seadoo1992 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-17-2008, 07:28 PM   #6 (permalink)
Moderator, Analyst, Security Team ; Rangemaster, TSF Academy
 
amateur's Avatar
 
Join Date: Jun 2006
Location: USA
Posts: 7,327
OS: XP SP3


Re: hijackthis log
Hi,

Looks good. Please perform this online scanner to check for any remnants.

Establish an internet connection & perform an online scan with Firefox or Internet Explorer at Kaspersky Online Scanner

**Note**

To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan.
Click Accept, when prompted to download and install the program files and database of malware definitions.
  • Click Run at the Security prompt.
  • The program will then begin downloading and installing and will also update the database.
  • Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.
  • Click the Save Report As... button.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

Remember to turn your real time scanners on. Please post the Kaspersky report and let us know how the system is behaving now.
__________________
My services are free. However, you can donate to TSF to help keep it running.




Member of ASAP since 2005
Member of UNITE since 2006
Last edited by amateur; 11-17-2008 at 07:29 PM.
amateur is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-17-2008, 10:03 PM   #7 (permalink)
Registered User
 
Join Date: Nov 2008
Posts: 7
OS: xp home


Re: hijackthis log
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, November 17, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, November 17, 2008 23:50:57
Records in database: 1390443
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
G:\
H:\
I:\

Scan statistics:
Files scanned: 77897
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 01:46:01


File name / Threat name / Threats count
C:\Qoobox\Quarantine\C\Documents and Settings\KTMiller\Application Data\Adobe\Manager.exe.vir Infected: Trojan.Win32.Delf.eun 1

The selected area was scanned.
seadoo1992 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-18-2008, 07:33 AM   #8 (permalink)
Moderator, Analyst, Security Team ; Rangemaster, TSF Academy
 
amateur's Avatar
 
Join Date: Jun 2006
Location: USA
Posts: 7,327
OS: XP SP3


Re: hijackthis log
Hi,

What Kaspersky reported is in the quarantine folder of Combofix which will be addressed later when we uninstall it.

Please post a fresh DDS log. No need for the attached.txt, just the main log and
Quote:
let us know how the system is behaving now
__________________
My services are free. However, you can donate to TSF to help keep it running.




Member of ASAP since 2005
Member of UNITE since 2006
amateur is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-18-2008, 07:40 PM   #9 (permalink)
Registered User
 
Join Date: Nov 2008
Posts: 7
OS: xp home


Re: hijackthis log
DDS (Version 1.0) - NTFSx86
Run by KTMiller at 21:39:03.85 on Tue 11/18/2008
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1527.977 [GMT -5:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
c:\program files\timbuktu pro\tb2launch.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\program files\timbuktu pro\minitb2.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\hplamp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\KTMiller\Desktop\New Folder\dds.scr

============== Psuedo HJT Report ===============

uStart Page = hxxp://sympatico.msn.ca/
uInternet Settings,ProxyOverride = *.local
BHO: {00C6482D-C502-44C8-8409-FCE54AD9C208} - c:\program files\techsmith\snagit 8\SnagItBHO.dll
BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\adobe\acrobat 6.0\acrobat\activex\AcroIEHelper.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\4.1.805.4472\swg.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - c:\program files\techsmith\snagit 8\SnagItIEAddin.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
uRun: [ATI Remote Control] c:\program files\ati multimedia\remctrl\ATIRW.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [TLogonPath] "c:\program files\timbuktu pro\minitb2.exe"
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [SecurDisc] c:\program files\nero\nero 7\incd\NBHGui.exe
mRun: [InCD] c:\program files\nero\nero 7\incd\InCD.exe
mRun: [Microsoft Works Update Detection] c:\program files\common files\microsoft shared\works shared\WkUFind.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
mRun: [HPHUPD05] c:\program files\hewlett-packard\{45b6180b-dcab-4093-8ee8-6164457517f0}\hphupd05.exe
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [HP Software Update] "c:\program files\hewlett-packard\hp software update\HPWuSchd.exe"
mRun: [HPHmon05] c:\windows\system32\hphmon05.exe
mRun: [EPSON Stylus Photo R320 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATI9FA.EXE /P30 "EPSON Stylus Photo R320 Series" /O6 "USB002" /M "Stylus Photo R320"
mRun: [HP Lamp] "c:\program files\hewlett-packard\hp precisionscan\precisionscan pro\hplamp.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimage\TrueImageMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
StartupFolder: c:\docume~1\ktmiller\startm~1\programs\startup\outloo~1.lnk - c:\program files\outlook express\msimn.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\apcups~1.lnk - c:\program files\apc\apc powerchute personal edition\Display.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: igfxcui - igfxdev.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SEH: {93994DE8-8239-4655-B1D1-5F4E91300429} - c:\program files\dvd region+css free\DVDShell.dll
LSA: Authentication Packages = msv1_0 relog_ap

============= SERVICES / DRIVERS ===============

R1 Tb2MirrorSys;TB2 Remote Control Mirror Driver;NetopiaRC\Tb2MirrorSys.sys

=============== Created Last 30 ================

2008-11-17 20:59 <DIR> a-dshr-- C:\cmdcons
2008-11-17 20:58 161,792 a------- c:\windows\SWREG.exe
2008-11-17 20:58 98,816 a------- c:\windows\sed.exe
2008-11-17 20:06 250 a------- c:\windows\gmer.ini
2008-11-15 02:28 <DIR> --d----- c:\program files\DVDFab 5
2008-11-15 01:59 <DIR> --d----- c:\docume~1\ktmiller\applic~1\1ClickDVDCopy
2008-11-15 01:57 81,920 a------- c:\docume~1\ktmiller\applic~1\ezpinst.exe
2008-11-15 01:57 47,360 a------- c:\windows\system32\drivers\pcouffin.sys
2008-11-15 01:57 47,360 a------- c:\docume~1\ktmiller\applic~1\pcouffin.sys
2008-11-15 01:57 <DIR> --d----- c:\docume~1\ktmiller\applic~1\Vso
2008-11-15 01:57 <DIR> --d----- c:\program files\LG Software Innovations
2008-11-11 23:31 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2008-11-09 08:54 1,725 a---h--- C:\hpothb07.tif
2008-11-09 08:54 910 a---h--- C:\hpothb07.dat
2008-11-03 23:03 37,027 a------- c:\windows\atmoUn.exe
2008-11-03 23:03 <DIR> --d----- c:\program files\Viewpoint
2008-11-03 23:03 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Viewpoint
2008-10-29 16:32 <DIR> --d----- C:\USMT

==================== Find3M ====================

2008-11-17 23:06 <DIR> --d----- c:\program files\Symantec AntiVirus
2008-11-15 02:40 <DIR> --d----- c:\program files\DVD Region+CSS Free
2008-10-29 16:31 <DIR> --d----- c:\docume~1\ktmiller\applic~1\Tunebite
2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll
2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll
2008-09-27 15:30 <DIR> --d----- c:\docume~1\ktmiller\applic~1\Creative Memories Photo Center
2008-09-17 19:48 <DIR> --d----- c:\docume~1\ktmiller\applic~1\Saba
2008-09-17 19:41 <DIR> --d----- c:\docume~1\ktmiller\applic~1\Centra
2008-09-15 07:12 1,846,400 a------- c:\windows\system32\win32k.sys
2008-09-13 23:04 <DIR> --d----- c:\docume~1\alluse~1\applic~1\RapidSolution
2008-09-13 22:17 <DIR> --d----- c:\docume~1\ktmiller\applic~1\.ABC
2008-09-11 22:07 <DIR> --d----- c:\docume~1\ktmiller\applic~1\Creative Memories
2008-09-11 22:07 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Creative Memories
2008-09-09 20:14 1,307,648 a------- c:\windows\system32\msxml6.dll
2008-09-05 16:58 59,580 a------- c:\windows\system32\unins000.dat
2008-09-05 16:57 695,834 a------- c:\windows\system32\unins000.exe
2008-09-04 12:15 1,106,944 a------- c:\windows\system32\msxml3.dll
2008-09-03 16:41 119,296 a------- c:\windows\system32\libmpeg2_ff.dll
2008-09-03 16:35 3,571,712 a------- c:\windows\system32\libavcodec.dll
2008-08-30 13:24 695,808 a------- c:\windows\system32\ff_x264.dll
2008-08-26 14:11 987,136 a------- c:\windows\system32\VSFilter.dll
2008-08-23 16:24 178,176 a------- c:\windows\system32\ff_theora.dll
2008-08-12 14:48 <DIR> --d----- c:\docume~1\alluse~1\applic~1\LightScribe
2008-08-10 21:17 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ATI MMC
2008-08-10 15:53 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Nero
2008-08-10 14:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Symantec

============= FINISH: 21:39:18.88 ===============
seadoo1992 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-18-2008, 07:50 PM   #10 (permalink)
Moderator, Analyst, Security Team ; Rangemaster, TSF Academy
 
amateur's Avatar
 
Join Date: Jun 2006
Location: USA
Posts: 7,327
OS: XP SP3


Re: hijackthis log
How is the computer running now. Are you still having any malware issues?
__________________
My services are free. However, you can donate to TSF to help keep it running.




Member of ASAP since 2005
Member of UNITE since 2006
amateur is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-18-2008, 07:54 PM   #11 (permalink)
Registered User
 
Join Date: Nov 2008
Posts: 7
OS: xp home


Re: hijackthis log
Everything appears to be running smoothly

Thank you very much
seadoo1992 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-18-2008, 07:56 PM   #12 (permalink)
Moderator, Analyst, Security Team ; Rangemaster, TSF Academy
 
amateur's Avatar
 
Join Date: Jun 2006
Location: USA
Posts: 7,327
OS: XP SP3


Re: hijackthis log
In that case, you're all set to go. The logs are clean.
  • Click Start then Run
  • Now type Combofix /u in the runbox and click OK. Notice the space between the Combofix and the /




This will uninstall ComboFix. It will also implement some cleanup procedures and reset System Restore to prevent reinfection from old restore points.

It’s vital that you keep all your software up-to-date as older versions may have some security vulnerabilities. Secunia Software Inspector Scan can help you find out which programs need to be updated.

Please respond to this thread one more time so we can mark this thread as resolved.

Happy Surfing and Think Prevention!
__________________
My services are free. However, you can donate to TSF to help keep it running.




Member of ASAP since 2005
Member of UNITE since 2006
amateur is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-18-2008, 08:03 PM   #13 (permalink)
Registered User
 
Join Date: Nov 2008
Posts: 7
OS: xp home


Re: hijackthis log
complete

Thank you again
seadoo1992 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-18-2008, 08:12 PM   #14 (permalink)
Moderator, Analyst, Security Team ; Rangemaster, TSF Academy
 
amateur's Avatar
 
Join Date: Jun 2006
Location: USA
Posts: 7,327
OS: XP SP3


Re: hijackthis log
You're welcome. We are glad to be of help. Stay safe!
__________________
My services are free. However, you can donate to TSF to help keep it running.




Member of ASAP since 2005
Member of UNITE since 2006
amateur is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 06:36 PM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85