Virus/Malware/Spyware attacks !!!

sonuteklists · Dec 13, 2005

This has happened on 3 machines (All XP SP2) here today (Dec 13 2005). Not sure how they got infected. Users claim innocence, but did admit clicking on some attachment. One machine wasnt used by anyone, but was just connected to the network.

All machines exhibit some or all of the symptoms,
- Browser being hijacked. Home page set to something random, but with the message on the browser saying that the machine has been compromised (though the machine IP it reports is wrong!!)
- Desktop hijacked. Message on browser says, machine has spyware. Unable to change desktop setting
- Unable to change most control panel settings.
- popus, popups and more popups
- slow down
- no suspicious processes in process tray
- strange security products installed on desktop, in system tray, etc ..

All machines, had auto-update, anti-spyware, anti-virus, spybot, with update feature set to scan regularly. The anti-spyware detected things as spyaxe, spy$$, etc, etc (different combinations of the word spy!!). When asked to remove, it says that it has been removed. But doesnt help at all.

The only thing it hasnt affected is the firefox browser!!

Microsoft was supposed to release some patches today as reported in,

http://www.computerweekly.com/Articles/Article.aspx?liArticleID=213386&liFlavourID=1&ebref=3191

There werent any in the morning, but in the afternoon I saw some patches. I Immedietely downloaded them and updated the
machines and rebooted. Ran the Anti-Spyware, Anti-Virus, Spybot again, deleted whatever it reported and rebooted.
No luck !! Is the only option to reformat??

Please advice.

electronicsfreak · Dec 13, 2005

Download ewido below and run it in safe mode. When done download hijackthis from the link below. Extract to desktop or prefered folder and choose do a system scan and save a logfile and post the logfile on here. Unless you know what your doing on hijackthis dont check anything till we go through it for not all items it shows are bad.

http://www.ewido.net/en/

( do a full system scan)

http://www.download.com/HijackThis/3000-8022_4-10379544.html?tag=lst-0-1

longhair · Dec 13, 2005

sonuteklists,
first make sure you take the machines off the network.
make sure to boot in safe mode when running your scans. it may take numerous scans to remove all of the baddies.
is the anti-spyware you refer to ms (formerly giant) anti-spyware?
have you tried hijackthis?
regards,
longhair

RobertT687 · Dec 13, 2005

Sounds very much like the 'Spy Axe' trojan.

Check out this link:

http://www.spyware-removal-guideline.com/spyaxe-removal

Also google for 'SPY AXE'. You will get LOTS of hits.

Good luck. It's a nasty one to remove.

sonuteklists · Dec 13, 2005

Yes indeed, I was using Giant. I will try hijackthis.
Thanks all for the most useful advice.
I will try all this and post back tomorrow.

The good news is they are off the production network. We have segmented our network by a firewall and these machines were on the "outside", not even on the dmz.

Thanks.

sonuteklists · Dec 14, 2005

Ok,
Here's the log from HijackThis,
Logfile of HijackThis v1.99.1
Scan saved at 9:49:27 AM, on 12/14/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Temporary Directory 3 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://www.dell.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www.dell.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\dumgy.dll/sp.html#83556
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\dumgy.dll/sp.html#83556
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\dumgy.dll/sp.html#83556
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =

http://www.dell.com/

O2 - BHO: HomepageBHO - {1ca480cd-c0e5-4548-874e-b85b17905b3a} - C:\WINDOWS\system32\hpCA35.tmp (file missing)
O2 - BHO: Class - {F8178FB3-8D25-D7C4-86A7-8FA8F80D9D53} - C:\WINDOWS\netay32.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll (file missing)
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [4C.tmp] C:\DOCUME~1\JAMESH~1\LOCALS~1\Temp\4C.tmp.exe
O4 - HKLM\..\Run: [4D.tmp.exe] C:\DOCUME~1\JAMESH~1\LOCALS~1\Temp\4D.tmp.exe
O4 - HKLM\..\Run: [4C.tmp.exe] C:\DOCUME~1\JAMESH~1\LOCALS~1\Temp\4C.tmp.exe
O4 - HKLM\..\RunOnce: [MicrosoftAntiSpywareCleaner] C:\Program Files\Microsoft AntiSpyware\gcASCleaner.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -

http://go.microsoft.com/fwlink/?linkid=39204

O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Network Security Service (NSS) ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\sysmg32.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

Heres the log from EWIDO,
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 9:45:04 AM, 12/14/2005
+ Report-Checksum: 87A934E6

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{7C5CF0D8-6AA4-2FDF-1323-0AC6A9822AA3} -> Spyware.CoolWebSearch : Cleaned without backup
HKLM\SOFTWARE\Classes\CLSID\{7FEABB24-AC82-044D-9122-02B029F286B3} -> Spyware.CoolWebSearch : Cleaned without backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Update\{357A87ED-3E5D-437d-B334-DEB7EB4982A3} -> Trojan.Agent.eo : Cleaned without backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SE -> Spyware.CoolWebSearch : Cleaned without backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SW -> Spyware.CoolWebSearch : Cleaned without backup
C:\Documents and Settings\Administrator\Cookies\administrator@com[2].txt -> Spyware.Cookie.Com : Cleaned without backup
C:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned without backup
C:\Documents and Settings\James \Local Settings\Temp\1.tmp -> Trojan.Small.ga : Cleaned without backup
C:\Documents and Settings\James \Local Settings\Temp\2.tmp -> Trojan.Small.ga : Cleaned without backup
C:\Documents and Settings\James \Local Settings\Temp\3.tmp -> Trojan.Small.ga : Cleaned without backup
C:\Documents and Settings\James \Local Settings\Temp\4.tmp -> Trojan.Small.ga : Cleaned without backup
C:\Documents and Settings\James \Local Settings\Temp\4A.tmp -> Trojan.Small : Cleaned without backup
C:\Documents and Settings\James \Local Settings\Temp\4D.tmp -> Trojan.Small.ga : Cleaned without backup
C:\Documents and Settings\James \Local Settings\Temp\4D.tmp.exe -> Trojan.Small.ga : Cleaned without backup
C:\Documents and Settings\James \Local Settings\Temp\4E.tmp -> Trojan.Small.ga : Cleaned without backup
C:\Documents and Settings\James \Local Settings\Temp\5.tmp -> Trojan.Small.ga : Cleaned without backup
C:\Documents and Settings\James \Local Settings\Temp\6.tmp -> Trojan.Small.ga : Cleaned without backup
C:\Documents and Settings\James \Local Settings\Temp\7.tmp -> Trojan.Small.ga : Cleaned without backup
C:\Documents and Settings\James \Local Settings\Temp\8.tmp -> Trojan.Small.ga : Cleaned without backup
C:\Documents and Settings\James \Local Settings\Temp\9.tmp -> Trojan.Small.ga : Cleaned without backup
C:\Documents and Settings\James \Local Settings\Temp\A.tmp -> Trojan.Small.ga : Cleaned without backup
C:\Documents and Settings\James \Local Settings\Temp\B.tmp -> Trojan.Small.ga : Cleaned without backup
C:\Documents and Settings\James \Local Settings\Temp\C.tmp -> Trojan.Small.ga : Cleaned without backup
C:\Documents and Settings\James \Local Settings\Temp\D.tmp -> Trojan.Small.ga : Cleaned without backup
C:\Documents and Settings\James \Local Settings\Temp\E.tmp -> Trojan.Small.ga : Cleaned without backup
C:\Documents and Settings\James \Local Settings\Temp\F.tmp -> Trojan.Small.ga : Cleaned without backup
C:\Documents and Settings\James \Local Settings\Temp\mjgjdomd.exe -> Trojan.Dialer.ay : Cleaned without backup
C:\Documents and Settings\Michelle \Cookies\michelle @2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned without backup
C:\Documents and Settings\Michelle \Cookies\michelle @ads.pointroll[1].txt -> Spyware.Cookie.Pointroll : Cleaned without backup
C:\Documents and Settings\Michelle \Cookies\michelle @atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned without backup
C:\Documents and Settings\Michelle \Cookies\michelle @bfast[2].txt -> Spyware.Cookie.Bfast : Cleaned without backup
C:\Documents and Settings\Michelle \Cookies\michelle @burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned without backup
C:\Documents and Settings\Michelle \Cookies\michelle @casalemedia[2].txt -> Spyware.Cookie.Casalemedia : Cleaned without backup
C:\Documents and Settings\Michelle \Cookies\michelle @centrport[1].txt -> Spyware.Cookie.Centrport : Cleaned without backup
C:\Documents and Settings\Michelle \Cookies\michelle @data.coremetrics[1].txt -> Spyware.Cookie.Coremetrics : Cleaned without backup
C:\Documents and Settings\Michelle \Cookies\michelle @doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned without backup
C:\Documents and Settings\Michelle \Cookies\michelle @e-2dj6wfkiehdpaco.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned without backup
C:\Documents and Settings\Michelle \Cookies\michelle @e-2dj6wfkiskcpeko.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned without backup
C:\Documents and Settings\Michelle \Cookies\michelle @e-2dj6wfkiwjdzgcp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned without backup
C:\Documents and Settings\Michelle \Cookies\michelle @e-2dj6wfkyamdzekp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned without backup
C:\Documents and Settings\Michelle \Cookies\michelle @e-2dj6wflowicjglp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned without backup
C:\Documents and Settings\Michelle \Cookies\michelle @e-2dj6wfmiqhczgfp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned without backup
C:\Documents and Settings\Michelle \Cookies\michelle @e-2dj6wgkooidzccp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned without backup
C:\Documents and Settings\Michelle \Cookies\michelle @e-2dj6wjk4eoazaep.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned without backup
C:\Documents and Settings\Michelle \Cookies\michelle @e-2dj6wjk4ulczico.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned without backup
C:\Documents and Settings\Michelle \Cookies\michelle @e-2dj6wjkoagcjacq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned without backup
C:\Documents and Settings\Michelle \Cookies\michelle @e-2dj6wjkocncjmkp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned without backup
C:\Documents and Settings\Michelle \Cookies\michelle @e-2dj6wjkyckcjkkp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned without backup
C:\Documents and Settings\Michelle \Cookies\michelle @e-2dj6wjkycncjkgp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned without backup
C:\Documents and Settings\Michelle \Cookies\michelle @e-2dj6wjkyopdpgao.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned without backup
C:\Documents and Settings\Michelle \Cookies\michelle @e-2dj6wjliahazkgp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned without backup
C:\Documents and Settings\Michelle \Cookies\michelle @e-2dj6wjlielazsco.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned without backup
C:\Documents and Settings\Michelle \Cookies\michelle @e-2dj6wjligkczeco.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned without backup
C:\Documents and Settings\Michelle \Cookies\michelle @e-2dj6wjlogidjccq.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned without backup
C:\Documents and Settings\Michelle \Cookies\michelle @e-2dj6wjlyeodzeho.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned without backup
C:\Documents and Settings\Michelle \Cookies\michelle @e-2dj6wjlygndpmko.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned without backup
C:\Documents and Settings\Michelle \Cookies\michelle @e-2dj6wjlygpdjcbo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned without backup
C:\Documents and Settings\Michelle \Cookies\michelle @e-2dj6wjlyuidpaeo.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned without backup
C:\Documents and Settings\Michelle \Cookies\michelle @e-2dj6wjmygic5ggo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned without backup
C:\Documents and Settings\Michelle \Cookies\michelle @e-2dj6wjny-1kdzcc.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned without backup
C:\Documents and Settings\Michelle \Cookies\michelle @e-2dj6wjnychczoaq.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned without backup
C:\Documents and Settings\Michelle \Cookies\michelle @e-2dj6wjnycjc5olp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned without backup
C:\Documents and Settings\Michelle \Cookies\michelle @e-2dj6wjnyqic5olq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned without backup
C:\Documents and Settings\Michelle \Cookies\michelle @e-2dj6wjnyshajogo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned without backup
C:\Documents and Settings\Michelle \Cookies\michelle @ehg-cafepress.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned without backup
C:\Documents and Settings\Michelle \Cookies\michelle @ehg-chicos.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned without backup
C:\Documents and Settings\Michelle \Cookies\michelle @ehg-fandango.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned without backup
C:\Documents and Settings\Michelle \Cookies\michelle @ehg-foxsports.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned without backup
C:\Documents and Settings\Michelle \Cookies\michelle @ehg-mjtrim.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned without backup
C:\Documents and Settings\Michelle \Cookies\michelle @ehg-traderelectronicmedia.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned without backup
C:\Documents and Settings\Michelle \Cookies\michelle @fastclick[1].txt -> Spyware.Cookie.Fastclick : Cleaned without backup
C:\Documents and Settings\Michelle \Cookies\michelle @hg1.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned without backup
C:\Documents and Settings\Michelle \Cookies\michelle @hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned without backup
C:\Documents and Settings\Michelle \Cookies\michelle @mediaplex[2].txt -> Spyware.Cookie.Mediaplex : Cleaned without backup
C:\Documents and Settings\Michelle \Cookies\michelle @msnportal.112.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned without backup
C:\Documents and Settings\Michelle \Cookies\michelle @overture[2].txt -> Spyware.Cookie.Overture : Cleaned without backup
C:\Documents and Settings\Michelle \Cookies\michelle @perf.overture[1].txt -> Spyware.Cookie.Overture : Cleaned without backup
C:\Documents and Settings\Michelle \Cookies\michelle @qksrv[1].txt -> Spyware.Cookie.Qksrv : Cleaned without backup
C:\Documents and Settings\Michelle \Cookies\michelle @questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned without backup
C:\Documents and Settings\Michelle \Cookies\michelle @sales.liveperson[1].txt -> Spyware.Cookie.Liveperson : Cleaned without backup
C:\Documents and Settings\Michelle \Cookies\michelle @server.iad.liveperson[2].txt -> Spyware.Cookie.Liveperson : Cleaned without backup
C:\Documents and Settings\Michelle \Cookies\michelle @serving-sys[2].txt -> Spyware.Cookie.Serving-sys : Cleaned without backup
C:\Documents and Settings\Michelle \Cookies\michelle @statcounter[2].txt -> Spyware.Cookie.Statcounter : Cleaned without backup
C:\Documents and Settings\Michelle \Cookies\michelle @stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned without backup
C:\Documents and Settings\Michelle \Cookies\michelle @statse.webtrendslive[2].txt -> Spyware.Cookie.Webtrendslive : Cleaned without backup
C:\Documents and Settings\Michelle \Cookies\michelle @test.coremetrics[1].txt -> Spyware.Cookie.Coremetrics : Cleaned without backup
C:\Documents and Settings\Michelle \Cookies\michelle @tribalfusion[2].txt -> Spyware.Cookie.Tribalfusion : Cleaned without backup
C:\Documents and Settings\Michelle \Cookies\michelle @www.burstbeacon[2].txt -> Spyware.Cookie.Burstbeacon : Cleaned without backup
C:\Documents and Settings\Michelle \Cookies\michelle @www.burstnet[1].txt -> Spyware.Cookie.Burstnet : Cleaned without backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\1C795DD9-F79C-4F34-B044-637473\5EF19D52-5F5C-46D2-8E3C-5A6BC9 -> Adware.Spyaxe : Cleaned without backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\2C054B19-F71C-4455-B9B9-FB609C\02EF637B-3DF2-4DF6-8389-8D7653 -> Adware.Spyaxe : Cleaned without backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\8FB423FF-8036-4C15-8AEC-DC25F2\AC58D8FA-1E03-41AB-A284-66A618 -> Adware.Spyaxe : Cleaned without backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\B5DC5A9C-CBB9-4590-9CA9-C26596\1ED33A60-1402-48CC-A7B4-550775 -> Spyware.SpywareNo : Cleaned without backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\B5DC5A9C-CBB9-4590-9CA9-C26596\74314143-2C27-43A3-A567-3B7F06 -> Adware.SpySheriff : Cleaned without backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\B5DC5A9C-CBB9-4590-9CA9-C26596\78C461B5-E49F-4693-9EE7-CDFE23 -> Adware.SpySheriff : Cleaned without backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\B5DC5A9C-CBB9-4590-9CA9-C26596\A5F8D2FC-8252-4201-B323-A22970 -> Adware.SpySheriff : Cleaned without backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\FF94EF14-F4DF-42FB-9369-90A84F\8859C70B-7907-4C80-9E0C-5E04A8 -> Adware.Spyaxe : Cleaned without backup
C:\WINDOWS\aqmoj.dll -> Adware.SearchPage : Cleaned without backup
C:\WINDOWS\bggyf.dll -> Adware.SearchPage : Cleaned without backup
C:\WINDOWS\desktop.html -> Hijacker.Generic : Cleaned without backup
C:\WINDOWS\dmown.dll -> Adware.SearchPage : Cleaned without backup
C:\WINDOWS\egvcd.dll -> Adware.SearchPage : Cleaned without backup
C:\WINDOWS\hmrbh.dll -> Adware.SearchPage : Cleaned without backup
C:\WINDOWS\hpgqc.dll -> Adware.SearchPage : Cleaned without backup
C:\WINDOWS\kcuud.dll -> Adware.SearchPage : Cleaned without backup
C:\WINDOWS\krdyu.dll -> Adware.SearchPage : Cleaned without backup
C:\WINDOWS\maqqu.dll -> Adware.SearchPage : Cleaned without backup
C:\WINDOWS\mfcjv.dll -> Downloader.WinShow.bg : Cleaned without backup
C:\WINDOWS\msim.dll -> Downloader.WinShow.bg : Cleaned without backup
C:\WINDOWS\msnfb.dll -> Adware.SearchPage : Cleaned without backup
C:\WINDOWS\quwai.dll -> Adware.SearchPage : Cleaned without backup
C:\WINDOWS\rgsis.dll -> Adware.SearchPage : Cleaned without backup
C:\WINDOWS\ruexu.dll -> Adware.SearchPage : Cleaned without backup
C:\WINDOWS\sdkpr.exe -> Downloader.Agent.td : Cleaned without backup
C:\WINDOWS\sysmg32.exe -> Trojan.Agent.bi : Cleaned without backup
C:\WINDOWS\system32\d3dg.dll -> Downloader.WinShow.bg : Cleaned without backup
C:\WINDOWS\system32\dumgy.dll -> Adware.SearchPage : Cleaned without backup
C:\WINDOWS\system32\etfuj.dll -> Adware.SearchPage : Cleaned without backup
C:\WINDOWS\system32\eubsf.dll -> Adware.SearchPage : Cleaned without backup
C:\WINDOWS\system32\fcqfy.dll -> Adware.SearchPage : Cleaned without backup
C:\WINDOWS\system32\gnwkt.dll -> Adware.SearchPage : Cleaned without backup
C:\WINDOWS\system32\hfkfm.dll -> Adware.SearchPage : Cleaned without backup
C:\WINDOWS\system32\hpCA35.tmp -> Downloader.Zlob.co : Cleaned without backup
C:\WINDOWS\system32\hpucy.dll -> Adware.SearchPage : Cleaned without backup
C:\WINDOWS\system32\intell32.exe -> Spyware.PSGuard : Cleaned without backup
C:\WINDOWS\system32\ioctrl.dll -> Adware.Spyaxe : Cleaned without backup
C:\WINDOWS\system32\ipzz32.dll -> Downloader.WinShow.bg : Cleaned without backup
C:\WINDOWS\system32\jnwxi.dll -> Adware.SearchPage : Cleaned without backup
C:\WINDOWS\system32\mfcox.exe -> Trojan.Agent.bi : Cleaned without backup
C:\WINDOWS\system32\mssearchnet.exe -> Downloader.Zlob.cs : Cleaned without backup
C:\WINDOWS\system32\netwf32.dll -> Downloader.WinShow.bg : Cleaned without backup
C:\WINDOWS\system32\nhhxj.dll -> Adware.SearchPage : Cleaned without backup
C:\WINDOWS\system32\nvctrl.exe -> Downloader.Zlob.cs : Cleaned without backup
C:\WINDOWS\system32\oxxio.dll -> Adware.SearchPage : Cleaned without backup
C:\WINDOWS\system32\pnsde.dll -> Adware.SearchPage : Cleaned without backup
C:\WINDOWS\system32\rmges.dll -> Adware.SearchPage : Cleaned without backup
C:\WINDOWS\system32\ruvqc.dll -> Adware.SearchPage : Cleaned without backup
C:\WINDOWS\system32\sdkkz32.dll -> Downloader.WinShow.bg : Cleaned without backup
C:\WINDOWS\system32\wpiyr.dll -> Adware.SearchPage : Cleaned without backup
C:\WINDOWS\system32\xkrxu.dll -> Adware.SearchPage : Cleaned without backup
C:\WINDOWS\tcvbr.dll -> Adware.SearchPage : Cleaned without backup
C:\WINDOWS\tsoc.log:axgoy -> Downloader.Agent.td : Cleaned without backup
C:\WINDOWS\ttcla.dll -> Adware.SearchPage : Cleaned without backup
C:\WINDOWS\ueqll.dll -> Adware.SearchPage : Cleaned without backup
C:\WINDOWS\uhaio.dll -> Adware.SearchPage : Cleaned without backup
C:\WINDOWS\uigou.dll -> Adware.SearchPage : Cleaned without backup
C:\WINDOWS\zmlea.dll -> Adware.SearchPage : Cleaned without backup
C:\winstall.exe -> Trojan.Small : Cleaned without backup

::Report End

Thanks.

electronicsfreak · Dec 14, 2005

Check and remove these below.

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\dumgy.dll/sp.html#83556
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\dumgy.dll/sp.html#83556
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\dumgy.dll/sp.html#83556
O2 - BHO: HomepageBHO - {1ca480cd-c0e5-4548-874e-b85b17905b3a} - C:\WINDOWS\system32\hpCA35.tmp (file missing)
O2 - BHO: Class - {F8178FB3-8D25-D7C4-86A7-8FA8F80D9D53} - C:\WINDOWS\netay32.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll (file missing)
O4 - HKLM\..\Run: [4C.tmp] C:\DOCUME~1\JAMESH~1\LOCALS~1\Temp\4C.tmp.exe
O4 - HKLM\..\Run: [4D.tmp.exe] C:\DOCUME~1\JAMESH~1\LOCALS~1\Temp\4D.tmp.exe
O4 - HKLM\..\Run: [4C.tmp.exe] C:\DOCUME~1\JAMESH~1\LOCALS~1\Temp\4C.tmp.exe
O2 - BHO: HomepageBHO - {1ca480cd-c0e5-4548-874e-b85b17905b3a} - C:\WINDOWS\system32\hpCA35.tmp (file missing)
O2 - BHO: Class - {F8178FB3-8D25-D7C4-86A7-8FA8F80D9D53} - C:\WINDOWS\netay32.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll (file missing)
O4 - HKLM\..\Run: [4C.tmp] C:\DOCUME~1\JAMESH~1\LOCALS~1\Temp\4C.tmp.exe
O4 - HKLM\..\Run: [4D.tmp.exe] C:\DOCUME~1\JAMESH~1\LOCALS~1\Temp\4D.tmp.exe
O4 - HKLM\..\Run: [4C.tmp.exe] C:\DOCUME~1\JAMESH~1\LOCALS~1\Temp\4C.tmp.exe

Also download these 2 programs and run them.

http://www.trendmicro.com/cwshredder/

http://www.majorgeeks.com/download4289.html

sonuteklists · Dec 14, 2005

Sure thing,
Should I do all these in Safe Mode ??
Thanks a bunch.

electronicsfreak · Dec 14, 2005

It would probally function best to do so. Let me know what happens.

sonuteklists · Dec 14, 2005

Well, I did all of the prescribed actions and I did notice a lot of welcome changes.
I now have control of control panel, no more IE or desktop hijacking. Computer is not as slow anymore.
But, the only thing is that EWIDO as well as Giant still report Malware DLLs and BHOs respectively. I can clean and block them respectively and all things still seem normal, but why do I still keep getting the warnings. Does some threat still linger on ?? Is it safe to use the computer now, safe enough to online banking transactions OR as a good measure, should I reformat the system partition atleast??
Please advice.
Thanks.

sonuteklists · Dec 14, 2005

One other thing to note is that the dll files mentioned as corrupt in the warnings werent really therein the C:\Windows\system32 folder???
Thanks.

erikhertzel · Dec 14, 2005

Sounds like you are almost there....try one more thing:

Webroot Spysweeper 4.5 download:

http://www.download.com/3000-8022_4-10192729.html

It's a free 14 day trial and this should clean the remains of your issue.

Hope this helps,

Erik

traycee · Dec 14, 2005

Spyaxe 3.0 is actually a rogue program that your users were tricked into clicking on downloading and installing on their computers. It is difficult...but not impossible to clean out of the computers. Download, install and run Hijack This, it will allow you to get rid of the BHO's.

http://merijn.org/downloads.html.

I've seen it on a few client computers in the last few weeks. What you need to look at from a maintenance stand point is a way to keep anything like this from happening in the future. We use a product called Deep Freeze on our organizations computers.

http://www.faronics.com/index.asp.

When the user restarts their computer...it always comes up the way I set it up originally. Anything they may have downloaded, installed etc. is gone. They save their data to our file server. In the smaller offices, I partition the drives and the data saves to the partition. Keeps the computers humming along nicely. I think there are other products that do this to.

DTSMAN · Dec 14, 2005

Yes run hijack this in safe mode. A couple of freewares that can do some cleaning are, Ccleaner, and AdawareSe

Bo

Kentucky phone support-
"Mash the Kentrol key and hit scape."

electronicsfreak · Dec 14, 2005

Since your in windows now go to command prompt, put your system disc in and run sfc/scannow . In case your disc is sp1 and your hard drive has sp2 follow the link below to make a sp2 disc and then run the sfc scan. This will replace any corrupt or missing system files.

http://www.petri.co.il/windows_2000_xp_sp_slipstreaming.htm

And also when done doing this post the hijacklog as posted and give the other post a try also as they might find something ewido has missed.

sonuteklists · Dec 14, 2005

Thanks all. I will definitely try all of that and post back.

One thing,
edit, "One other thing to note is that the dll files mentioned as corrupt in the warnings werent really therein the C:\Windows\system32 folder???"
-> but it does report some dlls which were infact there!!

..

sonuteklists · Dec 14, 2005

Sorry, one more note.
Even though, there are no more stuff on the desktop, I am still unable to change the desktop settings, like changing the wallpaper, the option is grayed out.
I will try all and see if it makes any difference.
Thanks.

sonuteklists · Dec 15, 2005

Sorry, there are no updates yet. Will post as soon as I have some!!
Thanks.

sonuteklists · Dec 16, 2005

This is the HijackThis log from another machine which advertises itself to buy spyaxe, spytrooper, etc.

What could be removed from this??
Logfile of HijackThis v1.99.1
Scan saved at 2:12:51 PM, on 12/16/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MSMPSVC.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dantz\Client\Remotsvc.exe
C:\Program Files\Dantz\Client\retroclient.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\mpssvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~2\VPTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Dantz\Retrospect 7.0\Retrospect.exe
C:\Program Files\Dantz\Retrospect 7.0\retrorun.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\nvctrl.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ewido\security suite\SecuritySuite.exe
C:\Documents and Settings\Dave l.DAVE\Desktop\SecurityTools\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www.g.edu/

O2 - BHO: HomepageBHO - {1ca480cd-c0e5-4548-874e-b85b17905b3a} - C:\WINDOWS\system32\hpA7AB.tmp
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (file missing)
O3 - Toolbar: (no name) - {736b5468-bdad-41be-92d0-22ae2ddf7bcb} - (no file)
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\VPTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) -

https://www.windowsonecare.com/install/cli/0.8.0794.38/WinSSWebAgent.CAB

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -

http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1134391804515

O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: MSMPSVC - Unknown owner - C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MSMPSVC.exe" -n 4 (file missing)
O23 - Service: Retrospect Launcher (RetroLauncher) - EMC Dantz - C:\Program Files\Dantz\Retrospect 7.0\retrorun.exe
O23 - Service: Retrospect Client - EMC Dantz - C:\Program Files\Dantz\Client\Remotsvc.exe
O23 - Service: Retrospect Helper - EMC Dantz - C:\Program Files\Dantz\Retrospect 7.0\rthlpsvc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

Please advice.
Thanks.

erikhertzel · Dec 16, 2005

Remove the following:

C:\WINDOWS\system32\nvctrl.exe (Trojan.StartPage.adh)

O3 - Toolbar: (no name) - {736b5468-bdad-41be-92d0-22ae2ddf7bcb} - (no file)

You need to get rid of that trojan and I would do a full scan with something like this:

housecall.trendmicro.com

See if that helps,

Erik

Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Virus/Malware/Spyware attacks !!!

Technical User

Technical User

MIS

Programmer

Technical User

Technical User

Technical User

Technical User

Technical User

Technical User

Technical User

MIS

IS-IT--Management

Technical User

Technical User

Technical User

Technical User

Technical User

Technical User

MIS

Similar threads

Log in

Part and Inventory Search

Sponsor