Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

A Big Big Mess

(In Progress)
(!)

noordinaryone's Avatar
noordinaryone noordinaryone is offline
Computer Specs
Junior Member with 29 posts.
THREAD STARTER
 
Join Date: Jul 2011
Experience: Beginner
09-Jul-2011, 07:57 PM #1
Exclamation A Big Big Mess
Okay so my virus scan discovered a backdoor virus and a p2p trojan virus. It said it was quarentined and fixed but as you can tell from the shotty typing, i'm having to post frommy tablet. I've confirmed that my wireless network is working and i can run mu outlook and vpn on the system but neither ie or safari can connect. And of course all of this happens when i have two major projects i need to finish this weekend.... grr

Now the issue i have is getting these log files attached because my ereader/tablet won't let me attach or copy paste in this forumn. Is there anyway i can email them to someone or something?
noordinaryone's Avatar
noordinaryone noordinaryone is offline
Computer Specs
Junior Member with 29 posts.
THREAD STARTER
 
Join Date: Jul 2011
Experience: Beginner
10-Jul-2011, 03:41 PM #2
Post Update
Borrowed a laptop from a friend so I could get you the logs you need. They are attached. Please let me know if there is anything else that you might need!
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,207 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
10-Jul-2011, 03:53 PM #3
Answer the following please:

There is a Proxy server running from Internet explorer, did you set that up?

There is evidence of 3 Antivirus programs on your system Norton, AVG and Lavasoft Adaware with AV. What is your preferred set up?
noordinaryone's Avatar
noordinaryone noordinaryone is offline
Computer Specs
Junior Member with 29 posts.
THREAD STARTER
 
Join Date: Jul 2011
Experience: Beginner
10-Jul-2011, 03:59 PM #4
The proxy is probably from when I VPN in to my office. But we can take it down if we need to.

I don't know where the Norton is coming from on the system. AVG and Adaware were both setup in an effort to get rid of this mess. I prefer AVG.
noordinaryone's Avatar
noordinaryone noordinaryone is offline
Computer Specs
Junior Member with 29 posts.
THREAD STARTER
 
Join Date: Jul 2011
Experience: Beginner
10-Jul-2011, 04:48 PM #5
Of course after reading that... I don't even know if a proxy can be taken down - so just disregard that if I don't know what I'm talking about.

Thanks!
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,207 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
10-Jul-2011, 05:03 PM #6
I`d rather get rid of the proxy, you can set it back up later if required, as follows please :-

Step 1

Check for proxy server settings in your browser, the following are the most common used, check which ever is applicable.

Internet Explorer:
Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" and check to "Automatically detect settings". ok, apply (only if applicable), ok.

Firefox:
Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection. "No Proxy" should be selected, unless you have one set up yourself.

Chrome:
Select -> Tools menu -> then "Options", then go to "Change Proxy Settings", then "LAN Settings" , then take out the check mark for "Use a proxy server for your LAN" if set, unless you set this up yourself.

Safari
  • Launch Safari
  • Go to general settings menu
  • Then in Preferences/ Advanced
  • Then on line click Proxies change settings ...
  • Click Internet Options, then click the Connections tab, click Network Settings.
  • Disable option (uncheck) for the use of proxy server ...

Step 2

Turn off the AV component in Adaware as follows:

You can turn off the anti-virus component as follows:
  • Open Ad-Aware
  • Click on switch to advanced mode
  • Click on Settings
  • Click on the Ad-watch live! tab and under Detection layers ensure Antivirus engine is UNchecked
  • Click OK and close Ad-Aware

If you cannot turn it off uninstall Lavasoft Adaware altogether.

Step 3

Download and install the Norton removal tool from Here

Alternative link

Install and run the tool, follow any prompts that are given.

Step 4

Please download Malwarebytes Anti-Malware and save it to your desktop.
Alernative D/L mirror
Alternative D/L mirror

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Post log from Malwarebytes in your reply, also give update on current issues/concerns...

Kevin
noordinaryone's Avatar
noordinaryone noordinaryone is offline
Computer Specs
Junior Member with 29 posts.
THREAD STARTER
 
Join Date: Jul 2011
Experience: Beginner
10-Jul-2011, 05:49 PM #7
Okay - I've run run everything as you instructed and am currently in the restart process. The log file for Malware Bytes is attached!

What's up next?!

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 7067

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

07.10.11 5:44:44 PM
mbam-log-2011-07-10 (17-44-44).txt

Scan type: Quick scan
Objects scanned: 220160
Time elapsed: 13 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 2
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 9

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell.Gen) -> Value: Shell -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanc ed\StartMenuLogoff (PUM.Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanc ed\Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\system32\aucplmnt32.exe (Trojan.Tracur.Wow) -> Quarantined and deleted successfully.
c:\documents and settings\localservice\application data\0200000019739ee61379c.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\localservice\application data\0200000019739ee61379o.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\localservice\application data\0200000019739ee61379p.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\localservice\application data\0200000019739ee61379s.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\0200000019739ee61379c.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\0200000019739ee61379o.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\0200000019739ee61379p.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\0200000019739ee61379s.manifest (Malware.Trace) -> Quarantined and deleted successfully.
noordinaryone's Avatar
noordinaryone noordinaryone is offline
Computer Specs
Junior Member with 29 posts.
THREAD STARTER
 
Join Date: Jul 2011
Experience: Beginner
10-Jul-2011, 05:51 PM #8
Oh I forgot to point out... after the virus happened a tmp file appeared on my desktop and it's still not going away. The file is titled ymfipcndzd.tmp
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,207 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
10-Jul-2011, 05:57 PM #9
What`s up next.....

You tell me how your system is responding and if there is any improvement. I`d also like a fresh set of DDS logs, please copy and paste to reply, do not attach them....
  • Download DDS by sUBs from one of the following links.* Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool.* *
  • When done, DDS will open two (2) logs
    * * * * *1. DDS.txt
    * * * * *2. Attach.txt
  • Save both reports to your desktop.
  • The instructions here ask you to attach the Attach.txt.

    *
  • Instead of attaching, please copy/past both logs into your next reply.
  • Close the program window, and delete the program from your desktop.
Please note:* You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.*
Information on A/V control HERE

Kevin
noordinaryone's Avatar
noordinaryone noordinaryone is offline
Computer Specs
Junior Member with 29 posts.
THREAD STARTER
 
Join Date: Jul 2011
Experience: Beginner
10-Jul-2011, 06:13 PM #10
Internet Explorer seems to be back up in running. Safari is running but extremely slow and the TMP file is still showing up on the desktop and keeps coming back even if I try to delete it.

Here are the logs:

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 7.0.5730.13
Run by KHillman at 18:05:48 on 2011-07-10
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.219 [GMT -4:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\DesktopCentral_Agent\bin\dcagentservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\KADxMain.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Citrix\GoToMeeting\457\g2mstart.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Citrix\GoToMeeting\457\g2mcomm.exe
C:\Program Files\Citrix\GoToMeeting\457\g2mlauncher.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\AVG\AVG10\avgmfapx.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar =
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://one.colonialprop.com
uWindow Title = Road Runner High Speed Online
mDefault_Page_URL = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
uURLSearchHooks: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - c:\program files\swag_bucks\prxtbSwag.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: {03502a7d-456b-4077-a4fe-6ba9d76b44e1} - c:\windows\system32\AUCPLMNT32.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - c:\program files\swag_bucks\prxtbSwag.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Ask Toolbar BHO: {d4027c7f-154a-4066-a1ad-4243d8127440} - LimeWire Toolbar
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: LimeWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} -
TB: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - c:\program files\swag_bucks\prxtbSwag.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [GoToMeeting] "c:\program files\citrix\gotomeeting\457\g2mstart.exe" "/Trigger RunAtLogon"
uRun: [ctfmon.exe (1)] c:\windows\system32\ctfmon.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [KADxMain] c:\windows\system32\KADxMain.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [Adobe Reader Speed Launcher (1)] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
mPolicies-system: DisableCAD = 1 (0x1)
mPolicies-system: DisableStatusMessages = 1 (0x1)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
Trusted Zone: bluemoon.com\www
Trusted Zone: colonialprop.com
Trusted Zone: colonialprop.com\cc
Trusted Zone: colonialprop.com\mriweb
Trusted Zone: colonialprop.com\one
Trusted Zone: colonialprop.com\vpn
Trusted Zone: craigslist.org
Trusted Zone: craigslist.org\post
Trusted Zone: gotomeeting.com\www
Trusted Zone: gotomeeting.com\www1
Trusted Zone: intersourcing.com\www6
Trusted Zone: residentworks.com\colonialproperties
Trusted Zone: ultiprotime.com\colonialtime
DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {0D221D00-A6ED-477C-8A91-41F3B660A832} - hxxp://bhmsqlbis/Reports/Reserved.ReportViewerWebControl.axd?ReportSession=sqfkesjeu0tapwa5ageoem2c& ControlID=cc57a7e9f66349808260aca270d26930&Culture=1033&UICulture=9&ReportS tack=1&OpType=PrintCab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {23A2712A-7A4F-4D0C-822C-D7BA9974447B} - hxxps://registration.rr.com/RegHelper.cab
DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.com/s/v/56.20/uploader2.cab
DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} - hxxp://coupons.smartsource.com/download/cscmv5X.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1266789087772
DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1266789069100
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} - hxxp://xserv.dell.com/DellDriverScanner/DellSystem.CAB
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {977231BF-B887-4CD7-8156-6F429268F7E2} - hxxp://mrispeedtest.colonialprop.com/MRINet.cab
DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} - hxxp://support.microsoft.com/mats/DiagWebControl.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.popcap.com/webgames/popcaploader_v10.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://bluemoon.webex.com/client/T27LB/support/ieatgpc.cab
DPF: {FA91DF8D-53AB-455D-AB20-F2F023E498D3} - hxxp://bhmsqlbis/Reports/Reserved.ReportViewerWebControl.axd?ReportSession=nonwskmnxh1g4knavjtmc355& ControlID=b0745b5a713e4f008994fa5cf3c363fd&Culture=1033&UICulture=9&ReportS tack=1&OpType=PrintCab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{CD73C668-6A1A-4BA3-BED6-3FA46E8009F2} : DhcpNameServer = 192.168.1.1
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\windows\system32\l2gpstore32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
============= SERVICES / DRIVERS ===============
.
R? apusbsnt;Sierra Wireless USB Modem Device Driver
R? AVG Security Toolbar Service;AVG Security Toolbar Service
R? easytether;easytether
R? F-Secure BlackLight Sensor;F-Secure BlackLight Sensor
R? fsbl;F-Secure BlackLight Engine Driver
R? Lavasoft Kernexplorer;Lavasoft helper driver
R? ManageEngine Desktop Central 6 - Remote Control;ManageEngine Desktop Central 6 - Remote Control
R? MBAMSwissArmy;MBAMSwissArmy
R? pneteth;PdaNet Broadband
R? PTDCWWAN;PANTECH PC Card WWAN Controller device driver
R? SwiWiFiComm;SwiWiFiComm
S? ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor
S? AVGIDSAgent;AVGIDSAgent
S? AVGIDSDriver;AVGIDSDriver
S? AVGIDSEH;AVGIDSEH
S? AVGIDSFilter;AVGIDSFilter
S? AVGIDSShim;AVGIDSShim
S? Avgldx86;AVG AVI Loader Driver
S? Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield
S? Avgrkx86;AVG Anti-Rootkit Driver
S? Avgtdix;AVG TDI Driver
S? avgwd;AVG WatchDog
S? DXEC01;DXEC01
S? Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service






UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 02.14.08 10:08:27 AM
System Uptime: 07.10.11 5:46:46 PM (1 hours ago)
.
Motherboard: Dell Inc. | | 0KU184
Processor: Intel(R) Core(TM)2 Duo CPU T7250 @ 2.00GHz | Microprocessor | 1994/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 56 GiB total, 23.288 GiB free.
D: is CDROM ()
E: is Removable
G: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: HP Color LaserJet 3000
Device ID: ROOT\MULTIFUNCTION\0001
Manufacturer: Hewlett-Packard
Name: HP Color LaserJet 3000
PNP Device ID: ROOT\MULTIFUNCTION\0001
Service:
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
PNP Device ID: ROOT\NET\0000
Service: vpnva
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
470_Help
470_Readme
Ad-Aware
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader 8.2.1
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG 2011
AVG PC Tuneup 2011
Bonjour
BPD_HPSU
BPDSoftware
BPDSoftware_Ini
Broadcom ASF Management Applications
Broadcom Management Programs
BufferChm
Byki
Byki Express
Cisco AnyConnect VPN Client
Conduit Engine
Conexant HDA D330 MDC V.92 Modem
Convert AVI to MP4 1.3
Coupon Printer for Windows
Dell Driver Download Manager
Dell Touchpad
Dell Wireless WLAN Card
DeviceDiscovery
DeviceManagementQFolder
Digital Line Detect
DVD Decoder Pak for Windows XP
eSupportQFolder
F-Secure PSC Prerequisites
GoToMeeting 4.8.0.721
H470
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Product Detection
HPProductAssistant
Intel(R) Graphics Media Accelerator Driver
IntelliSonic Speech Enhancement
iTunes
Java(TM) 6 Update 20
Malwarebytes' Anti-Malware version 1.51.0.1200
MetaFrame Presentation Server Client
MFCLOC
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft WinUsb 1.0
Microsoft WinUsb 2.0
MPM
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB933579)
NetWaiting
OGA Notifier 2.0.0048.0
Palm Desktop by ACCESS
Palm Outlook Conduits Updater
PDF Settings
Picasa 3
PolicyMaker™ Standard Edition Client
ProductContext
QuickTime
Rosetta Stone Ltd Services
Rosetta Stone TOTALe
Safari
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2466156)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2464583)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 9 (KB936782)
SigmaTel Audio
SolutionCenter
SP 5100N
SplashMoney
Status
Swag Bucks Toolbar
Toolbox
TrayApp
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2536413)
WebFldrs XP
WebReg
Windows Imaging Component
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows Rights Management Client Backwards Compatibility SP2
Windows Rights Management Client with Service Pack 2
Windows XP Service Pack 3
XML Paper Specification Shared Components Pack 1.0
.
==== Event Viewer Messages From Past Week ========
.
07.10.11 5:45:57 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the HP Network Devices Support service to connect.
07.10.11 5:45:57 PM, error: Service Control Manager [7000] - The HP Network Devices Support service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
07.10.11 5:45:57 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service HPSLPSVC with arguments "" in order to run the server: {10DA4F3C-CC99-4190-BE4D-58330754E882}
07.09.11 8:00:35 AM, error: NETLOGON [5719] - No Domain Controller is available for domain COLPROPB due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
07.09.11 6:35:43 PM, error: atapi [9] - The device, \Device\Ide\IdePort1, did not respond within the timeout period.
07.09.11 4:33:57 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgldx86 Avgmfx86 Avgtdix Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
07.09.11 4:33:57 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
07.09.11 4:33:57 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
07.09.11 4:33:57 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
07.09.11 4:33:57 PM, error: Service Control Manager [7001] - The Cisco AnyConnect VPN Agent service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
07.09.11 4:33:57 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
07.09.11 4:33:57 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
07.09.11 3:56:48 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
07.09.11 3:54:52 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service HPSLPSVC with arguments "" in order to run the server: {10DA4F3C-CC99-4190-BE4D-58330754E882}
07.09.11 12:25:20 AM, error: Service Control Manager [7001] - The Windows Search service depends on the Terminal Services service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
07.09.11 12:25:20 AM, error: DCOM [10005] - DCOM got error "%1068" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
07.09.11 11:30:58 AM, error: Service Control Manager [7034] - The SQL Server VSS Writer service terminated unexpectedly. It has done this 1 time(s).
07.09.11 10:28:51 AM, error: Service Control Manager [7000] - The SwiWiFiComm service failed to start due to the following error: The system cannot find the path specified.
07.09.11 10:28:51 AM, error: Service Control Manager [7000] - The DgiVecp service failed to start due to the following error: The system cannot find the device specified.
07.09.11 10:01:18 AM, error: DCOM [10005] - DCOM got error "%1068" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B68-F52A-11D8-B9A5-505054503030}
07.09.11 1:14:01 AM, error: Service Control Manager [7023] - The HP Network Devices Support service terminated with the following error: The specified module could not be found.
.
==== End Of File ===========================
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,207 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
10-Jul-2011, 06:28 PM #11
You will have to uninstall AVG to allow the next tool to run, go here http://www.avg.com/us-en/utilities and use the uninstall utility... Next,

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from either of the following links :-

Link 1
Link 2
  • Ensure that Combofix is saved directly to the Desktop <--- Very important
  • Disable all security programs as they will have a negative effect on Combofix, instructions available Here if required. Be aware the list may not have all programs listed, if you need more help please ask.
  • Close any open browsers and any other programs you might have running
  • Double click the icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
  • Instructions for running Combofix available Here if required.
  • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
  • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read Here why disabling autoruns is recommended.

*EXTRA NOTES*
  • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
  • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
  • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post the log in next reply please...

Kevin
noordinaryone's Avatar
noordinaryone noordinaryone is offline
Computer Specs
Junior Member with 29 posts.
THREAD STARTER
 
Join Date: Jul 2011
Experience: Beginner
10-Jul-2011, 06:50 PM #12
Okay so I am trying to run ComboFix, however it continues to tell me that AVG is still installed even though I ran the removal tool.
noordinaryone's Avatar
noordinaryone noordinaryone is offline
Computer Specs
Junior Member with 29 posts.
THREAD STARTER
 
Join Date: Jul 2011
Experience: Beginner
10-Jul-2011, 10:41 PM #13
Okay so the issue with combofix is because I also had an AVG registry cleaner that I forgot about. Once I removed that we were good to go. It took about 15 miniutes to run Combofix which I'm hoping is a good sign.

New addition to the issues I'm having... When I go into gmail, if type in my user name an hour glass comes up before it will allow a cursor in the password blank. I haven't used it since that is suspicious to me, but you've asked for an update on how things are running along with the logs so I wanted to bring that up.

Here is the log from the combofix run:

ComboFix 11-07-10.05 - KHillman 07.10.11 22:16:35.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.265 [GMT -4:00]
Running from: c:\documents and settings\khillman\Desktop\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\SplashMoney.ico
c:\documents and settings\Backup-khillman\g2mdlhlpx.exe
c:\documents and settings\khillman\g2mdlhlpx.exe
c:\documents and settings\khillman\GoToAssistDownloadHelper.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-06-11 to 2011-07-11 )))))))))))))))))))))))))))))))
.
.
2011-07-10 21:29 . 2011-05-29 13:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-10 21:29 . 2011-07-10 21:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-10 21:29 . 2011-05-29 13:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-10 16:40 . 2011-07-09 16:07 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-07-10 01:56 . 2011-07-10 01:56 -------- d-----w- C:\$AVG
2011-07-09 22:19 . 2011-07-09 22:19 -------- d-----w- c:\program files\Trend Micro
2011-07-09 16:07 . 2011-07-09 16:07 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-07-09 16:04 . 2011-06-20 14:31 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-07-09 16:03 . 2011-07-09 16:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2011-07-09 16:03 . 2011-07-09 16:03 -------- d-----w- c:\program files\Lavasoft
2011-07-09 14:36 . 2011-07-11 01:59 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2011-07-09 14:25 . 2011-07-09 14:25 -------- d-----w- C:\found.000
2011-07-08 17:59 . 2011-07-10 02:32 -------- d-----w- c:\windows\HaxFix
2011-07-08 01:05 . 2011-07-09 15:18 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-07-07 23:41 . 2011-07-07 23:41 0 ---ha-w- c:\documents and settings\khillman\ymfjpcndzd.tmp
2011-07-07 15:45 . 2011-07-07 15:45 160256 --sha-w- c:\windows\system32\l2gpstore32.dll
2011-07-07 03:40 . 2011-07-07 03:40 359936 ----a-w- c:\windows\system32\AUCPLMNT32.dll
2011-07-04 20:49 . 2011-07-04 21:27 -------- d-----w- c:\program files\softendo.com
2011-07-03 21:52 . 2011-07-03 21:52 -------- d-----w- c:\documents and settings\khillman\Application Data\Windows Search
2011-06-12 00:47 . 2011-06-12 00:47 -------- d-----w- c:\program files\iPod
2011-06-12 00:47 . 2011-06-12 00:49 -------- d-----w- c:\program files\iTunes
2011-06-12 00:44 . 2011-06-12 00:44 -------- d-----w- c:\program files\Apple Software Update
2011-06-12 00:44 . 2011-05-10 12:06 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-06-12 00:44 . 2011-05-10 12:06 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-06-12 00:43 . 2011-06-12 00:47 -------- d-----w- c:\program files\Common Files\Apple
2011-06-11 13:53 . 2011-06-11 13:53 -------- d-----w- c:\documents and settings\khillman\Application Data\Windows Desktop Search
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-14 13:06 . 2011-05-20 15:44 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-04-13 22:40 . 2011-04-13 22:40 4284416 ----a-w- c:\windows\system32\GPhotos.scr
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}"= "c:\program files\Swag_Bucks\prxtbSwag.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{03502A7D-456B-4077-A4FE-6BA9D76B44E1}]
2011-07-07 03:40 359936 ----a-w- c:\windows\system32\AUCPLMNT32.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 20:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}]
2011-01-17 20:54 175912 ----a-w- c:\program files\Swag_Bucks\prxtbSwag.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}"= "c:\program files\Swag_Bucks\prxtbSwag.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94}"= "c:\program files\Swag_Bucks\prxtbSwag.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GoToMeeting"="c:\program files\Citrix\GoToMeeting\457\g2mstart.exe" [2010-06-18 39816]
"ctfmon.exe (1)"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2007-02-19 303104]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-18 138008]
"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-18 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-18 162584]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-16 1392640]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-01-25 159744]
"Adobe Reader Speed Launcher (1)"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-1-5 50688]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"DisableCAD"= 1 (0x1)
"DisableStatusMessages"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\Shell ExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\l2gpstore32.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\g:\0autocheck autochk *\0lsdelete
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2111925415-921512754-2013803672-20026\Scripts\Logon\0\0]
"Script"=\\bhmsrv9\ezaudits\ezstart.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavaso ft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf010 00.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\program files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe"= c:\program files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe:127.0.0.1/255.255.255.255:Enabled:Rosetta Stone Ltd Services
"c:\program files\RosettaStoneLtdServices\RosettaStoneDaemon.exe"= c:\program files\RosettaStoneLtdServices\RosettaStoneDaemon.exe:127.0.0.1/255.255.255.255:Enabled:Rosetta Stone Daemon
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone TOTALe\\RosettaStoneTOTALe.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
"139:TCP"= 139:TCP:@xpsp2res.dll,-22004
"445:TCP"= 445:TCP:@xpsp2res.dll,-22005
"137:UDP"= 137:UDP:@xpsp2res.dll,-22001
"138:UDP"= 138:UDP:@xpsp2res.dll,-22002
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Remo teAdminSettings]
"Enabled"= 1 (0x1)
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [07.09.11 12:04 PM 64512]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [12.19.06 4:21 PM 79432]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [06.20.11 10:31 AM 2151640]
R2 RosettaStoneDaemon;RosettaStoneDaemon;c:\program files\RosettaStoneLtdServices\RosettaStoneDaemon.exe [05.17.10 2:45 PM 1615176]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [12.17.09 6:32 PM 497856]
R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [11.02.06 2:32 PM 97536]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [06.20.11 10:31 AM 15232]
S2 ManageEngine Desktop Central 6 - Agent;ManageEngine Desktop Central 6 - Agent;c:\program files\DesktopCentral_Agent\bin\dcagentservice.exe [12.08.08 7:06 PM 442368]
S2 SwiWiFiComm;SwiWiFiComm; [x]
S3 apusbsnt;Sierra Wireless USB Modem Device Driver; [x]
S3 easytether;easytether; [x]
S3 F-Secure BlackLight Sensor;F-Secure BlackLight Sensor; [x]
S3 fsbl;F-Secure BlackLight Engine Driver;\??\c:\program files\F-Secure\Anti-Virus\fsbldrv.sys --> c:\program files\F-Secure\Anti-Virus\fsbldrv.sys [?]
S3 ManageEngine Desktop Central 6 - Remote Control;ManageEngine Desktop Central 6 - Remote Control; [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [07.10.11 5:29 PM 39984]
S3 pneteth;PdaNet Broadband;c:\windows\system32\drivers\pneteth.sys [11.29.10 8:13 PM 13312]
S3 PTDCWWAN;PANTECH PC Card WWAN Controller device driver; [x]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-10 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-06-20 11:19]
.
2011-06-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2011-07-10 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2004-08-11 00:12]
.
2009-05-20 c:\windows\Tasks\System Restore.job
- c:\windows\system32\Restore\rstrui.exe [2004-08-11 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.yahoo.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
Trusted Zone: bluemoon.com\www
Trusted Zone: colonialprop.com
Trusted Zone: colonialprop.com\cc
Trusted Zone: colonialprop.com\mriweb
Trusted Zone: colonialprop.com\one
Trusted Zone: colonialprop.com\vpn
Trusted Zone: craigslist.org
Trusted Zone: craigslist.org\post
Trusted Zone: gotomeeting.com\www
Trusted Zone: gotomeeting.com\www1
Trusted Zone: intersourcing.com\www6
Trusted Zone: residentworks.com\colonialproperties
Trusted Zone: ultiprotime.com\colonialtime
TCP: DhcpNameServer = 192.168.1.1
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
DPF: {0D221D00-A6ED-477C-8A91-41F3B660A832} - hxxp://bhmsqlbis/Reports/Reserved.ReportViewerWebControl.axd?ReportSession=sqfkesjeu0tapwa5ageoem2c& ControlID=cc57a7e9f66349808260aca270d26930&Culture=1033&UICulture=9&ReportS tack=1&OpType=PrintCab
DPF: {23A2712A-7A4F-4D0C-822C-D7BA9974447B} - hxxps://registration.rr.com/RegHelper.cab
DPF: {977231BF-B887-4CD7-8156-6F429268F7E2} - hxxp://mrispeedtest.colonialprop.com/MRINet.cab
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Picasa 3 - g:\program files\Picasa3\Uninstall.exe
AddRemove-{9ECE13D2-C028-44CB-8A96-A65196E7BBE7}_is1 - g:\convert avi to mp4\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-10 22:32
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(596)
c:\windows\system32\igfxdev.dll
.
Completion time: 2011-07-10 22:37:30
ComboFix-quarantined-files.txt 2011-07-11 02:37
.
Pre-Run: 25,444,200,448 bytes free
Post-Run: 25,648,582,656 bytes free
.
- - End Of File - - 7521010F65AAEECFCC146F72A228B0FC
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,207 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
11-Jul-2011, 04:26 AM #14
I want you to upload a file for analysis before we go any further, as follows please...

We need to upload a file to Jotti

1. Click HERE to get to Jotti's site.

2. At the top of the Jotti window, use the Browse button to locate the following file on your system:

c:\windows\system32\l2gpstore32.dll

3. Once you have located the file, click SUBMIT and the content of the file will be uploaded by the site and analysed.

4. Please provide me with the results of the analysis.

Upload same File to Virustotal
Please visit Virustotal
  • Click the Browse... button
  • Navigate to the file c:\windows\system32\l2gpstore32.dll
  • Click the Open button
  • Click the Send button
  • If you get a message saying File has already been analyzed: click Reanalyze file now
  • Copy and paste the results back here please.

Let me see the results please..

Kevin
noordinaryone's Avatar
noordinaryone noordinaryone is offline
Computer Specs
Junior Member with 29 posts.
THREAD STARTER
 
Join Date: Jul 2011
Experience: Beginner
11-Jul-2011, 07:34 AM #15
Good Morning - Here are the results you asked for. And if I haven't mentioned it yet - I am SO SO very thankful for the help you're providing. Getting up and running for work this morning is KEY!

Jotti's malware scan

Filename: l2gpstore32.dll Status: Scan finished. 0 out of 20 scanners reported malware.
Scan taken on: Mon 11 Jul 2011 13:24:50 (CET) Permalink


Additional info

File size: 160256 bytes Filetype: PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit MD5: fccf4b5efa706d404eeed1849fe687e0 SHA1: ee6793f8e5d135a6a4ab6d6802735cd6d2f56d84








Scanners

2011-07-11 Found nothing
2011-07-11 Found nothing
2011-07-10 Found nothing
2011-07-11 Found nothing
2011-07-11 Found nothing
2011-07-11 Found nothing
2011-07-11 Found nothing
2011-07-11 Found nothing
2011-07-11 Found nothing
2011-07-11 Found nothing
2011-07-11 Found nothing
2011-07-10 Found nothing
2011-07-11 Found nothing
2011-07-11 Found nothing
2011-07-11 Found nothing
2011-07-11 Found nothing
2011-07-11 Found nothing
2011-07-11 Found nothing
2011-07-10 Found nothing
2011-07-10 Found nothing






AntivirusVersionLast UpdateResultAhnLab-V32011.07.11.012011.07.11-AntiVir7.11.11.532011.07.11-Antiy-AVL2.0.3.72011.07.11-Avast4.8.1351.02011.07.11-Avast55.0.677.02011.07.11-AVG10.0.0.11902011.07.11-BitDefender7.22011.07.11-CAT-QuickHeal11.002011.07.11-ClamAV0.97.0.02011.07.11-Commtouch5.3.2.62011.07.11-Comodo93502011.07.11-DrWeb5.0.2.033002011.07.11-Emsisoft5.1.0.82011.07.11-eSafe7.0.17.02011.07.07-eTrust-Vet36.1.84372011.07.11-F-Prot4.6.2.1172011.07.10-F-Secure9.0.16440.02011.07.11-Fortinet4.2.257.02011.07.11-GData222011.07.11-IkarusT3.1.1.104.02011.07.11-Jiangmin13.0.9002011.07.10-K7AntiVirus9.108.48912011.07.10-Kaspersky9.0.0.8372011.07.11-McAfee5.400.0.11582011.07.11-McAfee-GW-Edition2010.1D2011.07.11-Microsoft1.70002011.07.11TrojanDownloader:Win32/Tracur.BNOD3262832011.07.11-Norman6.07.102011.07.11-nProtect2011-07-11.012011.07.11-Panda10.0.3.52011.07.10Suspicious filePCTools8.0.0.52011.07.11-Prevx3.02011.07.11-Rising23.66.00.032011.07.11-Sophos4.67.02011.07.11-SUPERAntiSpyware4.40.0.10062011.07.11-Symantec20111.1.0.1862011.07.11-TheHacker6.7.0.1.2522011.07.11-TrendMicro9.200.0.10122011.07.11-TrendMicro-HouseCall9.200.0.10122011.07.11-VBA323.12.16.42011.07.11-VIPRE98322011.07.11-ViRobot2011.7.11.45622011.07.11-VirusBuster14.0.117.02011.07.10-Additional information
Show all
MD5 : fccf4b5efa706d404eeed1849fe687e0SHA1 : ee6793f8e5d135a6a4ab6d6802735cd6d2f56d84SHA256: acf04b312a26a2ab51de82e91767e8eddc4b0e29497e394ccc7f7a371050bbc0ssdeep: 3072:BO5hpDyVqUM4GaEaNTFPLcbG0+pJ8tUYGVNk0CC7zvTP7i:ChB54Xzh8OYMNk0CC/r7File size : 160256 bytesFirst seen: 2011-07-08 12:30:43Last seen : 2011-07-11 11:19:31TrID:
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
VXD Driver (0.1%)sigcheck:
publisher....: CrypKey Inc.
copyright....: Copyright (c) 2000-2006
product......: Casper
description..: InternetClient DLL
original name: InetCli.dll
internal name: InternetClient
file version.: 2, 0, 0, 225
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x7B3A
timedatestamp....: 0x4BAE1790 (Sat Mar 27 14:34:56 2010)
machinetype......: 0x14c (I386)

[[ 8 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0x9000, 0x8200, 6.52, 766d926320ea3bbb53a6c3facdaaf0b5
.data, 0xA000, 0xF000, 0xF000, 7.53, b0b514cc3b532be3d4eed741c039c5f3
.rdata, 0x19000, 0xF000, 0xEC00, 7.48, 33ed3f8edfdf4058ede353b55a79c7c9
.bss, 0x28000, 0x4000, 0x0, 0.00, d41d8cd98f00b204e9800998ecf8427e
.edata, 0x2C000, 0x1000, 0x200, 3.95, 366fd233aa7907cc65de9e5c817fe186
.idata, 0x2D000, 0x1000, 0x600, 4.47, 7ed9a33c963d5ac65ded35875e3719b3
.rsrc, 0x2E000, 0x1000, 0x400, 2.71, b9e1fe5229bb5e3a4cdfb436d8033bd2
.reloc, 0x2F000, 0x38C, 0x400, 5.15, 1cf37a55314c723caeae28e217675265

[[ 6 import(s) ]]
ADVAPI32.dll: LookupAccountSidA, RegDeleteValueA, SetPrivateObjectSecurityEx, GetSecurityDescriptorSacl
KERNEL32.dll: ExitProcess, GetModuleHandleA, GetProcAddress, GlobalReAlloc, LoadLibraryA, SetPriorityClass, VirtualAlloc, VirtualFree
ole32.dll: CoTaskMemAlloc, CreateAntiMoniker, IIDFromString, IsValidPtrOut, IsEqualGUID, IsAccelerator
USER32.dll: CharNextW, GetAltTabInfoW, GetIconInfo, IsDialogMessageA, MessageBoxIndirectA, NotifyWinEvent, OpenClipboard, RegisterDeviceNotificationW, ScreenToClient, TileWindows, UnhookWinEvent, FindWindowExA
security.dll: DeleteSecurityContext, MakeSignature
MSVCRT.dll: exit, _stricmp, _except_handler3, __set_app_type, __p__commode, __getmainargs

[[ 11 export(s) ]]
FazbeznitkzHi, MxjbgakplAXqkj, csqukIgIqcfaydYcmf, dldbdfmVadYibecz, enRcNbvwupgbx, foUtwcfKwtPulfu, muqitjWtGjawfuhod, pVDedkvlrfxoqyFchU, vgtxbzzxMffFh, xqJzegxmVjYyyoAfdj, yHfvwtHyDgdf
ExifTool:
file metadata
CharacterSet: Unicode
CodeSize: 36864
CompanyName: CrypKey Inc.
EntryPoint: 0x7b3a
FileDescription: InternetClient DLL
FileFlagsMask: 0x003f
FileOS: Windows NT 32-bit
FileSize: 156 kB
FileSubtype: 0
FileType: Win32 DLL
FileVersion: 2, 0, 0, 225
FileVersionNumber: 2.0.0.225
ImageVersion: 1.0
InitializedDataSize: 173056
InternalName: InternetClient
LanguageCode: English (U.S.)
LegalCopyright: Copyright 2000-2006
LinkerVersion: 2.38
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OSVersion: 4.0
ObjectFileType: Dynamic link library
OriginalFilename: InetCli.dll
PEType: PE32
ProductName: Casper
ProductVersion: 2, 0, 0, 0
ProductVersionNumber: 2.0.0.0
Subsystem: Windows GUI
SubsystemVersion: 4.0
TimeStamp: 2010:03:27 15:34:56+01:00
UninitializedDataSize: 16384
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑