1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

How 2 Remove broadcaster.com

Discussion in 'Malware and Virus Removal Archive' started by ca85, 2007/04/14.

  1. 2007/04/14
    ca85

    ca85 Inactive Thread Starter

    Joined:
    2007/04/14
    Messages:
    8
    Likes Received:
    0
    I have broadcaster.com Pop ups. I Try ever thing...

    what to do?
     
    ca85,
    #1
  2. 2007/04/15
    ca85

    ca85 Inactive Thread Starter

    Joined:
    2007/04/14
    Messages:
    8
    Likes Received:
    0
    Logfile of HijackThis v1.99.1
    Scan saved at 15:10:21, on 15/04/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
    C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    C:\Program Files\Microsoft IntelliPoint\point32.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    D:\Program Files\Premium Clock\Premium.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
    C:\WINDOWS\Domino.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\Program Files\Spyware Doctor\SDTrayApp.exe
    C:\Program Files\RSSoft\RedSwoosh.exe
    C:\PROGRA~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\ctfmon.exe
    D:\Program Files\Premium Clock\tclock.exe
    C:\Program Files\Avast4\aswUpdSv.exe
    C:\Program Files\Avast4\ashServ.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Spyware Doctor\svcntaux.exe
    C:\Program Files\Spyware Doctor\swdsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\UPSMON\UPSMON_Service.Exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\UPSMON\UPSInt2.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Avast4\ashMaiSv.exe
    C:\Program Files\Avast4\ashWebSv.exe
    C:\WINDOWS\System32\alg.exe
    C:\Documents and Settings\Chen - 1\Desktop\הגנה\HJT.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.co.il/web/obox/sms/sendsms.aspx
    R3 - Default URLSearchHook is missing
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O4 - HKLM\..\Run: [D-Link AirPlus G] "C:\Program Files\D-Link\AirPlus G\AirGCFG.exe "
    O4 - HKLM\..\Run: [ANIWZCS2Service] "C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe "
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe "
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Premium Clock] D:\Program Files\Premium Clock\Premium.exe /autorun
    O4 - HKLM\..\Run: [UPSMON] "C:\Program Files\UPSMON\UPSMON.exe "
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe "
    O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.exe
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] "C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" -startup
    O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe "
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [Red Swoosh] "C:\Program Files\RSSoft\RedSwoosh.exe" /S
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &יצא ל- Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQ\ICQLite.exe
    O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQ\ICQLite.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
    O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.tvkoo.com/update/KooPlayer.ocx
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
    O16 - DPF: {9100BA25-85A6-4C80-86E9-426D2899F8EF} (WirelessContactHandler Class) - http://xtraz.icq.com/xtraz/products/...essContact.cab
    O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.tapuz.co.il/albums/upload...eUploader3.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: UPSMONService - Unknown owner - C:\Program Files\UPSMON\UPSMON_Service.Exe
     
    ca85,
    #2


  3. to hide this advert.

  4. 2007/04/16
    ca85

    ca85 Inactive Thread Starter

    Joined:
    2007/04/14
    Messages:
    8
    Likes Received:
    0
    some 1?
     
    ca85,
    #3
  5. 2007/04/16
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi ca85
    This has been a hard one to remove so far but we will see what we can do.

    First do this for me.

    Jotti File Submission:
    • Please go to Jotti's malware scan
    • Copy and paste the following file path into the "File to upload & scan "box on the top of the page:
      • C:\WINDOWS\Domino.exe
    • Click on the submit button
    • Please post the results in your next reply.

    Then please do this.

    Please RIGHT-CLICK HERE and Save As (in IE it's "Save Target As ", in FF it's "Save Link As ") to download Silent Runners.
    • Save it to the desktop.
    • Run Silent Runner's by doubleclicking the "Silent Runners" icon on your desktop.
    • You will receive a prompt:
      • Do you want to skip supplementary searches?
        click NO
    • If you receive an error just click OK and double-click it to run it again - sometimes it won't run as it's supposed to the first time but will in subsequent runs.
    • You will see a text file appear on the desktop - it's not done, let it run (it won't appear to be doing anything!)
    • Once you receive the prompt All Done!, open the text file on the desktop, copy that entire log, and paste it here.
    *NOTE* If you receive any warning message about scripts, please choose to allow the script to run.

    Please post these two logs

    Thanks
    Geri
     
    Geri,
    #4
  6. 2007/04/17
    ca85

    ca85 Inactive Thread Starter

    Joined:
    2007/04/14
    Messages:
    8
    Likes Received:
    0
    Scanner results:
    Scan taken on 17 Apr 2007 10:23:54 (GMT)
    AntiVir Found nothing
    ArcaVir Found nothing
    Avast Found nothing
    AVG Antivirus Found nothing
    BitDefender Found nothing
    ClamAV Found nothing
    Dr.Web Found nothing
    F-Prot Antivirus Found nothing
    F-Secure Anti-Virus Found nothing
    Fortinet Found nothing
    Kaspersky Anti-Virus Found nothing
    NOD32 Found nothing
    Norman Virus Control Found nothing
    Panda Antivirus Found nothing
    Rising Antivirus Found nothing
    VirusBuster Found nothing
    VBA32 Found nothing


    --------------------------------------------------------------------------

    "Silent Runners.vbs ", revision R50, http://www.silentrunners.org/
    Operating System: Windows XP SP2
    Output limited to non-default values, except where indicated by "{++} "


    Startup items buried in registry:
    ---------------------------------

    HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
    "ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
    "D-Link AirPlus G" = " "C:\Program Files\D-Link\AirPlus G\AirGCFG.exe" " [ "D-Link"]
    "ANIWZCS2Service" = " "C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" " [ "Alpha Networks Inc."]
    "NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" [ "Ahead Software Gmbh"]
    "IntelliPoint" = " "C:\Program Files\Microsoft IntelliPoint\point32.exe" " [MS]
    "SoundMan" = "SOUNDMAN.EXE" [ "Realtek Semiconductor Corp."]
    "Logitech Utility" = "Logi_MwX.Exe" [ "Logitech Inc."]
    "TkBellExe" = " "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" [ "RealNetworks, Inc."]
    "Premium Clock" = "D:\Program Files\Premium Clock\Premium.exe /autorun" [ "UpClock Software"]
    "UPSMON" = " "C:\Program Files\UPSMON\UPSMON.exe" " [null data]
    "SunJavaUpdateSched" = " "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" " [ "Sun Microsystems, Inc."]
    "Domino" = "C:\WINDOWS\Domino.exe" [empty string]
    "PCSuiteTrayApplication" = " "C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" -startup" [ "Nokia"]
    "SDTray" = " "C:\Program Files\Spyware Doctor\SDTrayApp.exe" " [ "PC Tools"]
    "KernelFaultCheck" = "%systemroot%\system32\dumprep 0 -k" [MS]
    "Red Swoosh" = " "C:\Program Files\RSSoft\RedSwoosh.exe" /S" [null data]
    "avast!" = "C:\PROGRA~1\Avast4\ashDisp.exe" [null data]

    HKLM\Software\Microsoft\Active Setup\Installed Components\
    <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}\(Default) = "IE7 Uninstall Stub "
    \StubPath = "C:\WINDOWS\system32\ieudinit.exe" [MS]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
    -> {HKLM...CLSID} = "SSVHelper Class "
    \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll" [ "Sun Microsystems, Inc."]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
    "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension "
    -> {HKLM...CLSID} = "Display Panning CPL Extension "
    \InProcServer32\(Default) = "deskpan.dll" [file not found]
    "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext "
    -> {HKLM...CLSID} = "HyperTerminal Icon Ext "
    \InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" [ "Hilgraeve, Inc."]
    "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler "
    -> {HKLM...CLSID} = "הרחבת סמלי קבצים של Outlook "
    \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]
    "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler "
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
    "{20082881-FC36-4E47-9A7A-644C95FF749F}" = "IntelliPoint Wireless Control Panel Property Page "
    -> {HKLM...CLSID} = "Wireless Property Page "
    \InProcServer32\(Default) = " "C:\Program Files\Microsoft IntelliPoint\ipcplwir.dll" " [MS]
    "{AF90F543-6A3A-4C1B-8B16-ECEC073E69BE}" = "IntelliPoint Wheel Control Panel Property Page "
    -> {HKLM...CLSID} = "Wheel Property Page "
    \InProcServer32\(Default) = " "C:\Program Files\Microsoft IntelliPoint\ipcplwhl.dll" " [MS]
    "{653DCCC2-13DB-45B2-A389-427885776CFE}" = "IntelliPoint Activities Control Panel Property Page "
    -> {HKLM...CLSID} = "Activities Property Page "
    \InProcServer32\(Default) = " "C:\Program Files\Microsoft IntelliPoint\ipcplact.dll" " [MS]
    "{124597D8-850A-41AE-849C-017A4FA99CA2}" = "IntelliPoint Buttons Control Panel Property Page "
    -> {HKLM...CLSID} = "Buttons Property Page "
    \InProcServer32\(Default) = " "C:\Program Files\Microsoft IntelliPoint\ipcplbtn.dll" " [MS]
    "{73B24247-042E-4EF5-ADC2-42F62E6FD654}" = "ICQ Lite Shell Extension "
    -> {HKLM...CLSID} = "MCLiteShellExt Class "
    \InProcServer32\(Default) = "C:\Program Files\ICQ\ICQLiteShell.dll" [empty string]
    "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension "
    -> {HKLM...CLSID} = "WinRAR "
    \InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]
    "{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders "
    -> {HKLM...CLSID} = "תיקיות השיתוף שלי "
    \InProcServer32\(Default) = "C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll" [MS]
    "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player "
    -> {HKLM...CLSID} = "RealOne Player Context Menu Class "
    \InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" [ "RealNetworks, Inc."]
    "{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}" = "PhoneBrowser "
    -> {HKLM...CLSID} = "*Nokia Phone Browser*" (unwritable string)
    \InProcServer32\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll" [ "Nokia"]
    "{472083B0-C522-11CF-8763-00608CC02F24}" = "avast "
    -> {HKLM...CLSID} = "avast "
    \InProcServer32\(Default) = "C:\Program Files\Avast4\ashShell.dll" [ "ALWIL Software"]

    HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
    "WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5} "
    -> {HKLM...CLSID} = "WPDShServiceObj Class "
    \InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]

    HKLM\System\CurrentControlSet\Control\Session Manager\
    <<!>> "BootExecute" = "autocheck autochk * "| "SsiEfr.e" [file not found]

    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
    <<!>> NavLogon\DLLName = "C:\WINDOWS\system32\NavLogon.dll" [null data]

    HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
    avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24} "
    -> {HKLM...CLSID} = "avast "
    \InProcServer32\(Default) = "C:\Program Files\Avast4\ashShell.dll" [ "ALWIL Software"]
    ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654} "
    -> {HKLM...CLSID} = "MCLiteShellExt Class "
    \InProcServer32\(Default) = "C:\Program Files\ICQ\ICQLiteShell.dll" [empty string]
    WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA} "
    -> {HKLM...CLSID} = "WinRAR "
    \InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]

    HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
    ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654} "
    -> {HKLM...CLSID} = "MCLiteShellExt Class "
    \InProcServer32\(Default) = "C:\Program Files\ICQ\ICQLiteShell.dll" [empty string]
    WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA} "
    -> {HKLM...CLSID} = "WinRAR "
    \InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]

    HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
    avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24} "
    -> {HKLM...CLSID} = "avast "
    \InProcServer32\(Default) = "C:\Program Files\Avast4\ashShell.dll" [ "ALWIL Software"]
    WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA} "
    -> {HKLM...CLSID} = "WinRAR "
    \InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]


    Group Policies {GPedit.msc branch and setting}:
    -----------------------------------------------

    Note: detected settings may not have any effect.

    HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

    "shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
    {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
    Shutdown: Allow system to be shut down without having to log on}

    "undockwithoutlogon" = (REG_DWORD) hex:0x00000001
    {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
    Devices: Allow undock without having to log on}


    Active Desktop and Wallpaper:
    -----------------------------

    Active Desktop may be disabled at this entry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState


    Enabled Screen Saver:
    ---------------------

    HKCU\Control Panel\Desktop\
    "SCRNSAVE.EXE" = "C:\WINDOWS\System32\scrnsave.scr" [MS]


    Startup items in "Chen - 1" & "All Users" startup folders:
    ----------------------------------------------------------

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup
    "Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l" [MS]


    Winsock2 Service Provider DLLs:
    -------------------------------

    Namespace Service Providers

    HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
    000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
    000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
    000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

    Transport Service Providers

    HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
    0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
    %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 17
    %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


    Toolbars, Explorer Bars, Extensions:
    ------------------------------------

    Extensions (Tools menu items, main toolbar menu buttons)

    HKLM\Software\Microsoft\Internet Explorer\Extensions\
    {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
    "MenuText" = "Sun Java Console "
    "CLSIDExtension" = "{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC} "
    -> {HKCU...CLSID} = "Java Plug-in 1.5.0_11 "
    \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll" [ "Sun Microsystems, Inc."]
    -> {HKLM...CLSID} = "Java Plug-in 1.5.0_11 "
    \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll" [ "Sun Microsystems, Inc."]

    {B863453A-26C3-4E1F-A54D-A2CD196348E9}\
    "ButtonText" = "ICQ Lite "
    "MenuText" = "ICQ Lite "
    "Exec" = "C:\Program Files\ICQ\ICQLite.exe" [ "ICQ Ltd."]

    {FB5F1910-F110-11D2-BB9E-00C04F795683}\
    "ButtonText" = "Messenger "
    "MenuText" = "Windows Messenger "
    "Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]


    Running Services (Display Name, Service Name, Path {Service DLL}):
    ------------------------------------------------------------------

    avast! Antivirus, avast! Antivirus, " "C:\Program Files\Avast4\ashServ.exe" " [null data]
    avast! iAVS4 Control Service, aswUpdSv, " "C:\Program Files\Avast4\aswUpdSv.exe" " [null data]
    avast! Mail Scanner, avast! Mail Scanner, " "C:\Program Files\Avast4\ashMaiSv.exe" /service" [ "ALWIL Software"]
    avast! Web Scanner, avast! Web Scanner, " "C:\Program Files\Avast4\ashWebSv.exe" /service" [ "ALWIL Software"]
    Machine Debug Manager, MDM, " "C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe" " [MS]
    ServiceLayer, ServiceLayer, " "C:\Program Files\PC Connectivity Solution\ServiceLayer.exe" " [ "Nokia."]
    Spyware Doctor Auxiliary Service, sdAuxService, "C:\Program Files\Spyware Doctor\svcntaux.exe" [ "PC Tools"]
    Spyware Doctor Service, sdCoreService, "C:\Program Files\Spyware Doctor\swdsvc.exe" [ "PC Tools"]
    UPSMONService, UPSMONService, " "C:\Program Files\UPSMON\UPSMON_Service.Exe" " [null data]
    Windows Driver Foundation - User-mode Driver Framework, WudfSvc, "C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup" { "C:\WINDOWS\System32\WUDFSvc.dll" [MS]}


    ----------
    <<!>>: Suspicious data at a malware launch point.

    + This report excludes default entries except where indicated.
    + To see *everywhere* the script checks and *everything* it finds,
    launch it from a command prompt or a shortcut with the -all parameter.
    + The search for DESKTOP.INI DLL launch points on all local fixed drives
    took 49 seconds.
    ---------- (total run time: 174 seconds)
     
    ca85,
    #5
  7. 2007/04/18
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi
    I'm not seeing anything in that log.

    Lets run this and see what it finds.

    Download ComboFix from Here or [color= "Red"]Here[/color] to your Desktop.
    • Double click combofix.exe and follow the prompts.
    • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
    Note: Do not mouseclick combofix's window while its running. That may cause it to stall

    Geri
     
    Geri,
    #6
  8. 2007/04/19
    ca85

    ca85 Inactive Thread Starter

    Joined:
    2007/04/14
    Messages:
    8
    Likes Received:
    0
    "Chen - 1" - 07-04-19 16:49:09 Service Pack 2
    ComboFix 07-04-19.1V - Running from: D:\šâ€¦â€¹â€¦š\


    (((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\system32\bund1\ClientBundle1.exe
    C:\WINDOWS\system32\bund1\temp.txt
    C:\install.log
    C:\WINDOWS\system32\bund1


    ((((((((((((((((((((((((((((((( Files Created from 2007-03-19 to 2007-04-19 ))))))))))))))))))))))))))))))))))


    2007-04-18 10:33 <DIR> d-------- C:\Program Files\Ad-Aware
    2007-04-18 10:33 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
    2007-04-16 21:05 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
    2007-04-16 21:05 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll
    2007-04-16 21:05 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
    2007-04-16 21:05 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
    2007-04-16 21:05 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
    2007-04-16 21:05 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
    2007-04-16 21:05 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
    2007-04-16 21:05 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
    2007-04-15 14:29 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
    2007-04-15 14:28 <DIR> d-------- C:\Program Files\Spybot
    2007-04-15 01:47 <DIR> d-------- C:\VundoFix Backups
    2007-04-14 02:31 94,424 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
    2007-04-14 02:31 90,112 --a------ C:\WINDOWS\system32\AVASTSS.scr
    2007-04-14 02:31 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
    2007-04-14 02:31 689,280 --a------ C:\WINDOWS\system32\aswBoot.exe
    2007-04-14 02:31 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
    2007-04-14 02:31 31,560 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
    2007-04-14 02:31 23,352 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
    2007-04-14 02:31 <DIR> d-------- C:\Program Files\Avast4
    2007-04-13 16:52 60,416 --a------ C:\WINDOWS\system32\drivers\fqqspars.sys
    2007-04-13 16:51 60,416 --a------ C:\WINDOWS\system32\drivers\sxpvcicy.sys
    2007-04-13 15:45 3,552 --a------ C:\WINDOWS\system32\tmp.reg
    2007-04-12 19:57 79,360 --a------ C:\WINDOWS\system32\swxcacls.exe
    2007-04-12 19:57 53,248 --a------ C:\WINDOWS\system32\Process.exe
    2007-04-12 19:57 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
    2007-04-12 19:57 40,960 --a------ C:\WINDOWS\system32\swsc.exe
    2007-04-12 19:57 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
    2007-04-12 19:57 135,168 --a------ C:\WINDOWS\system32\swreg.exe
    2007-04-10 15:33 <DIR> d-------- C:\Program Files\RSSoft
    2007-04-06 18:36 83,536 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
    2007-04-06 18:36 59,984 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
    2007-04-06 18:36 52,304 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
    2007-04-06 18:36 39,248 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys
    2007-04-06 18:36 26,064 --a------ C:\WINDOWS\system32\drivers\kcom.sys
    2007-04-06 18:35 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
    2007-04-06 18:35 <DIR> d-------- C:\Program Files\Spyware Doctor
    2007-04-06 18:35 <DIR> d-------- C:\DOCUME~1\CHEN-1~1\APPLIC~1\PC Tools
    2007-04-06 15:06 <DIR> d-------- C:\Temp\tn3
    2007-04-06 15:05 72,320 --a------ C:\WINDOWS\system32\drivers\core.sys
    2007-04-06 15:05 <DIR> d-------- C:\WINDOWS\system32\micro1
    2007-03-29 17:33 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems
    2007-03-29 17:30 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
    2007-03-29 17:24 <DIR> d-------- C:\DOCUME~1\CHEN-1~1\APPLIC~1\Adobe
    2007-03-29 16:39 <DIR> d-------- C:\Program Files\Common Files\Adobe
    2007-03-29 16:39 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
    2007-03-27 15:15 68,608 --------- C:\WINDOWS\system32\_000915_.tmp.dll
    2007-03-27 15:02 <DIR> d--h----- C:\WINDOWS\$hf_mig$
    2007-03-23 03:22 <DIR> d-------- C:\DOCUME~1\CHEN-1~1\APPLIC~1\Datalayer
    2007-03-22 17:12 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll
    2007-03-22 17:12 196,608 --a------ C:\WINDOWS\system32\EZCvrtWMA.dll
    2007-03-22 17:12 <DIR> d--hs---- C:\DOCUME~1\CHEN-1~1\Phone Browser
    2007-03-22 17:12 <DIR> d-------- C:\Program Files\MP3 Audio Converter
    2007-03-22 17:12 <DIR> d-------- C:\DOCUME~1\CHEN-1~1\APPLIC~1\Nokia Multimedia Player
    2007-03-22 17:08 <DIR> d-------- C:\Program Files\Common Files\PCSuite
    2007-03-22 17:08 <DIR> d-------- C:\Program Files\Common Files\Nokia
    2007-03-22 17:07 <DIR> d-------- C:\Program Files\Nokia
    2007-03-22 17:06 <DIR> d-------- C:\Program Files\Mp3 Knife
    2007-03-22 17:05 89,856 --a------ C:\WINDOWS\system32\drivers\usbvsp.sys
    2007-03-20 22:09 81,920 -ra------ C:\WINDOWS\system32\ZS211STI.dll
    2007-03-20 22:09 49,152 -ra------ C:\WINDOWS\ZSSnp211.EXE
    2007-03-20 22:09 49,152 -ra------ C:\WINDOWS\Domino.EXE
    2007-03-20 22:09 391,836 -ra------ C:\WINDOWS\system32\drivers\ZS211.sys
    2007-03-20 22:09 163,840 -ra------ C:\WINDOWS\amcap.exe
    2007-03-20 22:09 102,400 -ra------ C:\WINDOWS\ZS211Cap.exe


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2007-04-14 02:50 50040 --a------ C:\WINDOWS\system32\gdipfontcachev1.dat
    2007-04-14 02:32 96256 --a------ C:\WINDOWS\system32\drivers\sptd3629.sys
    2007-03-22 17:14 8 --a------ C:\DOCUME~1\CHEN-1~1\APPLIC~1\nmm-metadata.db
    2007-03-15 16:33 -------- d-------- C:\DOCUME~1\CHEN-1~1\APPLIC~1\sun
    2007-03-12 13:18 -------- d-------- C:\DOCUME~1\CHEN-1~1\APPLIC~1\help
    2007-03-08 16:24 -------- d-------- C:\DOCUME~1\CHEN-1~1\APPLIC~1\nokia
    2007-03-08 16:23 -------- d-------- C:\Program Files\pc connectivity solution
    2007-03-08 16:23 -------- d-------- C:\Program Files\difx
    2007-03-08 16:23 -------- d-------- C:\DOCUME~1\CHEN-1~1\APPLIC~1\pc suite
    2007-03-05 22:38 5632 --a------ C:\WINDOWS\system32\drivers\AWRTPD.sys
    2007-02-23 06:30 524288 --a------ C:\WINDOWS\system32\divxsm.exe
    2007-02-23 06:29 36624 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys
    2007-02-23 06:29 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
    2007-02-23 06:29 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
    2007-02-23 06:29 129784 --a------ C:\WINDOWS\system32\pxafs.dll
    2007-02-23 06:29 118520 --------- C:\WINDOWS\system32\pxinsi64.exe
    2007-02-23 06:29 116472 --------- C:\WINDOWS\system32\pxcpyi64.exe
    2007-02-23 06:29 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
    2007-02-23 06:25 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
    2007-02-23 06:25 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll
    2007-02-23 06:25 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll
    2007-02-23 06:25 73728 --a------ C:\WINDOWS\system32\dpl100.dll
    2007-02-23 06:25 639066 --a------ C:\WINDOWS\system32\divx.dll
    2007-02-23 06:25 593920 --a------ C:\WINDOWS\system32\dpugui11.dll
    2007-02-23 06:25 57344 --a------ C:\WINDOWS\system32\dpv11.dll
    2007-02-23 06:25 53248 --a------ C:\WINDOWS\system32\dpugui10.dll
    2007-02-23 06:25 344064 --a------ C:\WINDOWS\system32\dpus11.dll
    2007-02-23 06:25 294912 --a------ C:\WINDOWS\system32\dpu11.dll
    2007-02-23 06:25 294912 --a------ C:\WINDOWS\system32\dpu10.dll
    2007-02-23 06:25 196608 --a------ C:\WINDOWS\system32\dtu100.dll
    2007-02-16 03:40 124472 --a------ C:\WINDOWS\system32\divxcodecupdatechecker.exe
    2007-02-15 16:44 1407 --a------ C:\WINDOWS\mozver.dat
    2007-01-29 14:34 796672 --a------ C:\WINDOWS\gpinstall.exe
    2007-01-19 12:53 51056 --a------ C:\WINDOWS\system32\sirenacm.dll
    2007-01-18 02:43 50040 --a------ C:\DOCUME~1\CHEN-1~1\APPLIC~1\gdipfontcachev1.dat


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "D-Link AirPlus G "= "\ "C:\\Program Files\\D-Link\\AirPlus G\\AirGCFG.exe\" "
    "ANIWZCS2Service "= "\ "C:\\Program Files\\ANI\\ANIWZCS2 Service\\WZCSLDR2.exe\" "
    "NeroFilterCheck "= "C:\\WINDOWS\\system32\\NeroCheck.exe "
    "IntelliPoint "= "\ "C:\\Program Files\\Microsoft IntelliPoint\\point32.exe\" "
    "SoundMan "= "SOUNDMAN.EXE "
    "Logitech Utility "= "Logi_MwX.Exe "
    "TkBellExe "= "\ "C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot "
    "Premium Clock "= "D:\\Program Files\\Premium Clock\\Premium.exe /autorun "
    "UPSMON "= "\ "C:\\Program Files\\UPSMON\\UPSMON.exe\" "
    "SunJavaUpdateSched "= "\ "C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\" "
    "Domino "= "C:\\WINDOWS\\Domino.exe "
    "PCSuiteTrayApplication "= "\ "C:\\Program Files\\Nokia\\Nokia PC Suite 6\\LaunchApplication.exe\" -startup "
    "SDTray "= "\ "C:\\Program Files\\Spyware Doctor\\SDTrayApp.exe\" "
    "Red Swoosh "= "\ "C:\\Program Files\\RSSoft\\RedSwoosh.exe\" /S "
    "avast! "= "C:\\PROGRA~1\\Avast4\\ashDisp.exe "

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "ctfmon.exe "= "C:\\WINDOWS\\system32\\ctfmon.exe "

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "PcSync "= "C:\\Program Files\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog "

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
    Source REG_SZ http://www.sport5.co.il/

    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
    Authentication Packages REG_MULTI_SZ msv1_0\0\0
    Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
    Notification Packages REG_MULTI_SZ scecli\0\0

    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdauxservice
    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdcoreservice

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
    LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
    NetworkService REG_MULTI_SZ DnsCache\0\0
    rpcss REG_MULTI_SZ RpcSs\0\0
    imgsvc REG_MULTI_SZ StiSvc\0\0
    termsvcs REG_MULTI_SZ TermService\0\0
    HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
    DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
    WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0


    ********************************************************************

    catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
    http://www.gmer.net

    scanning hidden processes ...

    scanning hidden services ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0

    ********************************************************************

    Completion time: 07-04-19 16:51:54
    C:\ComboFix-quarantined-files.txt ... 07-04-19 16:51


    Code:
    07-01-05 18:47      1120    --a------    C:\Qoobox\Quarantine\C\INSTALL.LOG.vir
07-03-08 09:22      1    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\bund1\temp.txt.vir
07-04-06 15:05      1176906    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\bund1\ClientBundle1.exe.vir


Folder PATH listing for volume CHEN - 1
Volume serial number is 191E-1001
C:\QOOBOX
\---Quarantine
    +---Registry_backups
    \---C
        |   INSTALL.LOG.vir
        |   
        \---WINDOWS
            \---system32
                \---bund1
                        ClientBundle1.exe.vir
                        temp.txt.vir

    Logfile of HijackThis v1.99.1
    Scan saved at 16:59:43, on 19/04/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
    C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    C:\Program Files\Microsoft IntelliPoint\point32.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    D:\Program Files\Premium Clock\Premium.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
    C:\WINDOWS\Domino.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\Program Files\Spyware Doctor\SDTrayApp.exe
    C:\Program Files\RSSoft\RedSwoosh.exe
    C:\PROGRA~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\ctfmon.exe
    D:\Program Files\Premium Clock\tclock.exe
    C:\Program Files\Ad-Aware\aawservice.exe
    C:\Program Files\Avast4\aswUpdSv.exe
    C:\Program Files\Avast4\ashServ.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Spyware Doctor\svcntaux.exe
    C:\Program Files\Spyware Doctor\swdsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\UPSMON\UPSMON_Service.Exe
    C:\Program Files\UPSMON\UPSInt2.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Avast4\ashMaiSv.exe
    C:\Program Files\Avast4\ashWebSv.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\ICQ\ICQLite.exe
    C:\Documents and Settings\Chen - 1\Desktop\הגנה\HJT.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.co.il/web/obox/sms/sendsms.aspx
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O4 - HKLM\..\Run: [D-Link AirPlus G] "C:\Program Files\D-Link\AirPlus G\AirGCFG.exe "
    O4 - HKLM\..\Run: [ANIWZCS2Service] "C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe "
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe "
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Premium Clock] D:\Program Files\Premium Clock\Premium.exe /autorun
    O4 - HKLM\..\Run: [UPSMON] "C:\Program Files\UPSMON\UPSMON.exe "
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe "
    O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.exe
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] "C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" -startup
    O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe "
    O4 - HKLM\..\Run: [Red Swoosh] "C:\Program Files\RSSoft\RedSwoosh.exe" /S
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQ\ICQLite.exe -trayboot
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &יצא ל- Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQ\ICQLite.exe
    O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQ\ICQLite.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
    O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.tvkoo.com/update/KooPlayer.ocx
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://chenamit.spaces.live.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9100BA25-85A6-4C80-86E9-426D2899F8EF} (WirelessContactHandler Class) - http://xtraz.icq.com/xtraz/products/wirelesscl/WirelessContact.cab
    O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.tapuz.co.il/albums/uploader/ImageUploader3.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Ad-Aware\aawservice.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: UPSMONService - Unknown owner - C:\Program Files\UPSMON\UPSMON_Service.Exe
     
    ca85,
    #7
  9. 2007/04/19
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi
    I can not find any info on This file, Please upload it to Jotti's like you did the other file.
    C:\WINDOWS\system32\EZCvrtWMA.dll

    Post the results here.

    Then please download and run AVG Anti-Spyware, making sure you follow the instructions.

    Download AVG Anti-Spyware from HERE and save that file to your desktop.
    This is a 30 day trial of the program
    1. Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
    2. Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
    3. On the main screen select the icon "Update" then select the "Update now" link.
      • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
    4. Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
    5. Once in the Settings screen click on "Recommended actions" and then select "Quarantine ".
    6. Under "Reports "
      • Select "Automatically generate report after every scan "
      • Un-Select "Only if threats were found "
    Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.
    1. Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
      IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
    2. Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
    3. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan ".
    4. AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
      Once the scan is complete do the following:
    5. If you have any infections you will prompted, then select "Apply all actions "
    6. Next select the "Reports" icon at the top.
    7. Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
    8. Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.

    Please post the 2 logs.
    Geri
     
    Geri,
    #8
  10. 2007/04/20
    ca85

    ca85 Inactive Thread Starter

    Joined:
    2007/04/14
    Messages:
    8
    Likes Received:
    0
    File: EZCvrtWMA.dll
    Status: OK
    MD5 fbd2c562b4cd14c0107804433acf7fe2
    Packers detected: -
    Scan taken on 20 Apr 2007 11:56:17 (GMT)
    AntiVir Found nothing
    ArcaVir Found nothing
    Avast Found nothing
    AVG Antivirus Found nothing
    BitDefender Found nothing
    ClamAV Found nothing
    Dr.Web Found nothing
    F-Prot Antivirus Found nothing
    F-Secure Anti-Virus Found nothing
    Fortinet Found nothing
    Kaspersky Anti-Virus Found nothing
    NOD32 Found nothing
    Norman Virus Control Found nothing
    Panda Antivirus Found nothing
    Rising Antivirus Found nothing
    VirusBuster Found nothing
    VBA32 Found nothing



    ---------------------------------------------------------
    AVG Anti-Spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 16:01:34 20/04/2007

    + Scan result:



    C:\QooBox\Quarantine\C\WINDOWS\system32\bund1\ClientBundle1.exe.vir -> Adware.NewDotNet : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{3CFEB30E-2DA9-4CDC-B9D1-892F7DE9DCF7}\RP343\A0041847.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{3CFEB30E-2DA9-4CDC-B9D1-892F7DE9DCF7}\RP328\A0037643.exe -> Adware.WebBuying : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\micro1\win5.exe -> Dropper.Agent.bfr : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\drivers\core.sys -> Rootkit.Agent.eq : Cleaned with backup (quarantined).
    :mozilla.68:C:\Documents and Settings\Chen - 1\Application Data\Mozilla\Firefox\Profiles\n5sl5vqc.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.69:C:\Documents and Settings\Chen - 1\Application Data\Mozilla\Firefox\Profiles\n5sl5vqc.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.70:C:\Documents and Settings\Chen - 1\Application Data\Mozilla\Firefox\Profiles\n5sl5vqc.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.72:C:\Documents and Settings\Chen - 1\Application Data\Mozilla\Firefox\Profiles\n5sl5vqc.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.128:C:\Documents and Settings\Chen - 1\Application Data\Mozilla\Firefox\Profiles\n5sl5vqc.default\cookies.txt -> TrackingCookie.Castup : Cleaned.
    C:\Documents and Settings\Chen - 1\Cookies\chen - 1@castup[1].txt -> TrackingCookie.Castup : Cleaned.
    :mozilla.140:C:\Documents and Settings\Chen - 1\Application Data\Mozilla\Firefox\Profiles\n5sl5vqc.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned.
    :mozilla.214:C:\Documents and Settings\Chen - 1\Application Data\Mozilla\Firefox\Profiles\n5sl5vqc.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
    C:\Documents and Settings\Chen - 1\Cookies\chen - 1@searchportal.information[1].txt -> TrackingCookie.Information : Cleaned.
    :mozilla.314:C:\Documents and Settings\Chen - 1\Application Data\Mozilla\Firefox\Profiles\n5sl5vqc.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned.
    :mozilla.151:C:\Documents and Settings\Chen - 1\Application Data\Mozilla\Firefox\Profiles\n5sl5vqc.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
    :mozilla.161:C:\Documents and Settings\Chen - 1\Application Data\Mozilla\Firefox\Profiles\n5sl5vqc.default\cookies.txt -> TrackingCookie.Toplist : Cleaned.
    :mozilla.134:C:\Documents and Settings\Chen - 1\Application Data\Mozilla\Firefox\Profiles\n5sl5vqc.default\cookies.txt -> TrackingCookie.Total-media : Cleaned.


    ::Report end
     
    ca85,
    #9
  11. 2007/04/20
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi
    Please do this next. I don't like this in the AVG log and want to make sure there is nothing else hiding.
    C:\WINDOWS\system32\drivers\core.sys -> Rootkit.Agent.eq : Cleaned with backup (quarantined).


    Download Dr.Webs CureIt to your desktop:
    ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

    Double-click the drweb-cureit.exe file and allow it to run the express scan.

    This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.

    Once the short scan has finished, select the drives that you want to scan.

    Select all drives. A red dot shows which drives have been chosen.

    Click the green arrow > to the right and the scan will begin.

    At the first infection, select 'Yes to all' if it asks if you want to cure/move the file.

    When the scan has finished, click the "Select all" toggle button (if available) next to the files found

    Then click the green cup icon right below and select Move incurable

    This will move any infected files to the %userprofile%\DoctorWeb\quarantaine-folder that can't be cured (in case if we need samples).

    Then, from the main Dr.Web CureIt menu (top left), click File and choose save report list
    Save the report to your desktop. The report will be called DrWeb.csv

    Close Dr.Web Cureit and Restart your computer to completely remove any stubborn files in reboot.
    Please post the report here.

    Please download Rootkit Revealer (link is at the very bottom of the page)
    • Unzip it to your desktop.
    • Open the rootkitrevealer folder and double-click rootkitrevealer.exe
    • Close ALL windows and programs and do nothing on the pc while the scan runs. This includes games, browser windows, email clients, etc.
    • Click the Scan button (bottom right)
    • It may take a while to scan (don't do anything while it's running)
    • When it's done, go up to File > Save. Choose to save it to your desktop.
    • Open rootkitrevealer.txt on your desktop and copy the entire contents and paste them here

    Thanks
    Geri
     
    Geri,
    #10
  12. 2007/04/21
    ca85

    ca85 Inactive Thread Starter

    Joined:
    2007/04/14
    Messages:
    8
    Likes Received:
    0
    Process.exe;C:\WINDOWS\system32;Tool.Prockill;Incurable.Moved.;
    Silent Runners.vbs;C:\Documents and Settings\Chen - 1\Desktop\äâðä;Probably BATCH.Virus;Incurable.Moved.;
    A0041912.sys;C:\System Volume Information\_restore{3CFEB30E-2DA9-4CDC-B9D1-892F7DE9DCF7}\RP344;Trojan.NtRootKit.239;Deleted.;
    A0041913.exe;C:\System Volume Information\_restore{3CFEB30E-2DA9-4CDC-B9D1-892F7DE9DCF7}\RP344;Trojan.MulDrop.6135;Deleted.;
    Process.exe;D:\úåëðåú\SmitfraudFix;Tool.Prockill;Incurable.Moved.;
    restart.exe;D:\úåëðåú\SmitfraudFix;Tool.ShutDown.11;Incurable.Moved.;

    HKU\.DEFAULT\Control Panel\International 19/04/2007 16:51 0 bytes Security mismatch.
    HKU\.DEFAULT\Control Panel\International\Geo 19/04/2007 16:51 0 bytes Security mismatch.
    HKU\S-1-5-21-861567501-1532298954-725345543-1003\Control Panel\International 19/04/2007 16:51 0 bytes Security mismatch.
    HKU\S-1-5-21-861567501-1532298954-725345543-1003\Control Panel\International\Geo 19/04/2007 16:51 0 bytes Security mismatch.
    HKU\S-1-5-21-861567501-1532298954-725345543-1003\Software\Microsoft\Command Processor 19/04/2007 16:51 0 bytes Security mismatch.
    HKU\S-1-5-21-861567501-1532298954-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D12DAF6D-6780-A537-6DD3-AE60DDA9C338}* 18/04/2007 10:37 0 bytes Key name contains embedded nulls (*)
    HKU\S-1-5-18\Control Panel\International 19/04/2007 16:51 0 bytes Security mismatch.
    HKU\S-1-5-18\Control Panel\International\Geo 19/04/2007 16:51 0 bytes Security mismatch.
    HKLM\SECURITY\Policy\Secrets\SAC* 07/04/2006 09:21 0 bytes Key name contains embedded nulls (*)
    HKLM\SECURITY\Policy\Secrets\SAI* 07/04/2006 09:21 0 bytes Key name contains embedded nulls (*)
    HKLM\SOFTWARE\Classes\cfexefile\DefaultIcon 19/04/2007 16:48 0 bytes Security mismatch.
    HKLM\SOFTWARE\Classes\cfexefile\shell 19/04/2007 16:48 0 bytes Security mismatch.
    HKLM\SOFTWARE\Classes\cfexefile\shell\open 19/04/2007 16:48 0 bytes Security mismatch.
    HKLM\SOFTWARE\Classes\cfexefile\shell\open\command 19/04/2007 16:48 0 bytes Security mismatch.
    HKLM\SOFTWARE\Classes\cfexefile\shell\runas 19/04/2007 16:48 0 bytes Security mismatch.
    HKLM\SOFTWARE\Classes\cfexefile\shell\runas\command 19/04/2007 16:48 0 bytes Security mismatch.
    HKLM\SOFTWARE\Classes\cfexefile\shellex 19/04/2007 16:48 0 bytes Security mismatch.
    HKLM\SOFTWARE\Classes\cfexefile\shellex\ContextMenuHandlers 19/04/2007 16:48 0 bytes Security mismatch.
    HKLM\SOFTWARE\Classes\cfexefile\shellex\ContextMenuHandlers\CmdLineExt 19/04/2007 16:48 0 bytes Security mismatch.
    HKLM\SOFTWARE\Classes\cfexefile\shellex\DropHandler 19/04/2007 16:48 0 bytes Security mismatch.
    HKLM\SOFTWARE\Classes\cfexefile\shellex\PropertySheetHandlers 19/04/2007 16:48 0 bytes Security mismatch.
    HKLM\SOFTWARE\Classes\cfexefile\shellex\PropertySheetHandlers\PifProps 19/04/2007 16:48 0 bytes Security mismatch.
    HKLM\SOFTWARE\Classes\cfexefile\shellex\PropertySheetHandlers\ShimLayer Property Page 19/04/2007 16:48 0 bytes Security mismatch.
    HKLM\SOFTWARE\Classes\cfexefile\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA} 19/04/2007 16:48 0 bytes Security mismatch.
    HKLM\SOFTWARE\Microsoft\Command Processor 19/04/2007 16:51 0 bytes Security mismatch.
    HKLM\SOFTWARE\PCTools\Spyware Doctor\AUXSVCSTAT 21/04/2007 15:51 22 bytes Data mismatch between Windows API and raw hive data.
    HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\s0 17/04/2006 15:25 4 bytes Hidden from Windows API.
    HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\s1 17/04/2006 15:25 4 bytes Hidden from Windows API.
    HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\s2 17/04/2006 15:25 4 bytes Hidden from Windows API.
    HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\g0 17/04/2006 15:25 32 bytes Hidden from Windows API.
    HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\h0 17/04/2006 15:25 4 bytes Hidden from Windows API.
    HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 06/01/2007 02:21 0 bytes Hidden from Windows API.
     
    ca85,
    #11
  13. 2007/04/22
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi ca85
    Soryy this took so long, I had to go out of town.

    Can you tell me how things are at this time?
    Warnings/Pop Ups ?

    I didn't see anything in the log.

    Please post a new HJT log for me.

    Geri
     
    Geri,
    #12
  14. 2007/04/27
    ca85

    ca85 Inactive Thread Starter

    Joined:
    2007/04/14
    Messages:
    8
    Likes Received:
    0
    I think it's gone some how...but I'm not using the computer all lot now, need to study math...:)
    I'll report how it's going...
    thank for your time man....
     
    Last edited: 2007/04/27
    ca85,
    #13

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...