Live Chat & Podcast at 1:00PM Eastern on Sunday!
There's no such thing as a stupid question, but they're the easiest to answer.
JoinTour
Login
Search
Virus & Other Malware Removal
Go to first new post Odd Processes/SCODEF-CREDAT/possible vir ...
Go to first new post Network, good; Internet, bad
Go to first new post Google Hijacker/Google Search Result vir ...
Go to first new post server not found
Go to first new post slow computer, downloads over a few mb f ...
Go to first new post Ramnit virus, nearly cleared
Go to first new post Trojan: Win32/Alureon.FK - hijack this l ...
Go to first new post Windows live Messenger Virus
Go to first new post We Got System Checked :-(
Go to first new post This setup thing keeps popping up everyd ...
Go to first new post Extremely unresponsive, massive hang-ups ...
Go to first new post Trojan:dos/alureon.E still here!
Go to first new post Cannot access any google sites - youtube ...
Go to first new post "Congratulations, you won" &am ...
Go to first new post Black desktop, missing all shortcuts, fi ...
Tag Cloud
access acer asus bios bsod computer crash desktop driver drivers error ethernet excel freeze gaming hard drive hardware hdmi internet laptop malware memory modem monitor motherboard network printer problem ram registry router security slow software sound toshiba trojan ubuntu 11.10 uninstall usb video virus vista wifi windows windows 7 windows 7 32 bit windows 7 64 bit windows xp wireless
Search
Search for:
Tech Support Guy Forums > Security & Malware Removal > Virus & Other Malware Removal >
iexplorer.exe randomly turning on malware problem (In Progress)

Reply  
Thread Tools
Jordik's Avatar
Junior Member with 4 posts.
  
Join Date: Apr 2009
15-Apr-2009, 06:32 PM #1
iexplorer.exe randomly turning on malware problem
My internet explorer randomly turns on for seconds and then shuts down.
It's really starting to annoy me. I read somewhere it is a result of a .dll file called arm32.dll. My antivirus (avg 8.0) doesn't seem to detect it and I've tried to remove it manually but i can't seem to find it. Can someone help.

Thanks in advance.

Cheers!

P.S. Im not even sure its that virus. It's just an assumption.
Register for free to hide this ad!
Cheeseball81's Avatar
Moderator & Malware Removal Specialist with 80,168 posts.
  
Join Date: Mar 2004
Location: Long Island, NY
Experience: Advanced
15-Apr-2009, 08:50 PM #2
Let's see if it's a virus at all.

Hi, Welcome to TSG!!


Click here to download HJTInstall.exe
  • Save HJTInstall.exe to your desktop.
  • Doubleclick on the HJTInstall.exe icon on your desktop.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed, it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.
__________________
Microsoft MVP - Consumer Security
If we've helped you, please donate to TSG!
Jordik's Avatar
Junior Member with 4 posts.
  
Join Date: Apr 2009
15-Apr-2009, 08:52 PM #3
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:51:53, on 16.4.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\services.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\cmd.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\services.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\services.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\services.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\services.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\services.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\services.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\services.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\services.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\services.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\services.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\services.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\services.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\services.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSour...ctid=CT1098640
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [services] C:\WINDOWS\services.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [svc] c:\program Files\ThunMail\testabd.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O17 - HKLM\System\CCS\Services\Tcpip\..\{5C08F363-CBF6-41B8-8080-4833F6406FCB}: NameServer = 195.29.166.116 195.29.149.196
O20 - AppInit_DLLs: c:\progra~1\ThunMail\testabd.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Windows Presentation Foundation Font Cache 3.0.0.0 (FontCache3.0.0.0) - Unknown owner - C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
--
End of file - 6649 bytes
Cheeseball81's Avatar
Moderator & Malware Removal Specialist with 80,168 posts.
  
Join Date: Mar 2004
Location: Long Island, NY
Experience: Advanced
15-Apr-2009, 08:59 PM #4
You're definitely infected.

Please do this first....more steps will follow.

Download ComboFix from Here to your Desktop.

**Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer**
--------------------------------------------------------------------
1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results"
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Remember to re enable the protection again after combofix has finished
--------------------------------------------------------------------
2. Close any open browsers and any other programs you might have running
Double click on combofix.exe & follow the prompts.
If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
Please select yes & let it download the files it needs to do this
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review


****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read HERE why we disable autoruns
__________________
Microsoft MVP - Consumer Security
If we've helped you, please donate to TSG!
Jordik's Avatar
Junior Member with 4 posts.
  
Join Date: Apr 2009
15-Apr-2009, 09:10 PM #5
ComboFix 09-04-15.08 - Administrator 16.04.2009 2:06.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.385.1033.18.3070.2613 [GMT 2:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\services.exe
.
((((((((((((((((((((((((( Files Created from 2009-03-16 to 2009-04-16 )))))))))))))))))))))))))))))))
.
2009-04-15 23:50 . 2009-04-15 23:50 17376 ----a-w c:\windows\system32\drivers\bne4c92.sys
2009-04-15 23:50 . 2009-04-15 23:50 124 ----a-w c:\windows\system32\5.tmp
2009-04-15 19:12 . 2009-04-15 19:12 17376 ----a-w c:\windows\system32\drivers\tlcb614.sys
2009-04-15 19:12 . 2009-04-15 19:12 124 ----a-w c:\windows\system32\3.tmp
2009-04-15 17:39 . 2008-06-19 14:24 28544 ----a-w c:\windows\system32\drivers\pavboot.sys
2009-04-15 10:18 . 2009-04-15 10:18 17376 ----a-w c:\windows\system32\drivers\nfq736c.sys
2009-04-15 10:17 . 2009-04-15 10:17 80 ----a-w c:\windows\system32\C.tmp
2009-04-15 09:19 . 2009-04-15 09:19 17376 ----a-w c:\windows\system32\drivers\tkc249f.sys
2009-04-15 09:19 . 2009-04-15 09:19 19420 ----a-w c:\windows\system32\4.tmp
2009-04-15 09:19 . 2009-04-15 09:19 80 ----a-w c:\windows\system32\2.tmp
2009-04-15 07:47 . 2009-04-15 07:47 17376 ----a-w c:\windows\system32\drivers\neq3f4f.sys
2009-04-15 07:47 . 2009-04-15 07:47 0 ----a-w c:\windows\system32\37.tmp
2009-04-15 07:47 . 2009-04-15 07:47 80 ----a-w c:\windows\system32\34.tmp
2009-04-15 07:33 . 2009-04-15 07:33 -------- d-----w c:\documents and settings\Administrator\Application Data\gnupg
2009-04-15 07:16 . 2005-03-04 01:32 86094 ----a-w c:\windows\system32\ImageDrive.cpl
2009-04-15 07:10 . 2009-04-15 07:10 -------- d-----w c:\documents and settings\All Users\Application Data\DAEMON Tools Pro
2009-04-15 07:09 . 2009-04-15 07:09 -------- d-----w c:\documents and settings\Administrator\Application Data\DAEMON Tools Pro
2009-04-14 15:42 . 2009-04-14 19:54 -------- d-----w c:\documents and settings\Administrator\Application Data\Bioshock
2009-04-14 15:41 . 2009-04-14 15:41 -------- d--h--w c:\documents and settings\All Users\Application Data\CanonBJ
2009-04-14 15:41 . 2005-03-25 05:00 8704 ----a-w c:\windows\system32\CNMVS75.DLL
2009-04-14 15:41 . 2005-03-25 05:10 139776 ----a-w c:\windows\system32\CNMLM75.DLL
2009-03-27 00:41 . 2009-03-27 00:45 -------- d-----w c:\documents and settings\All Users\Application Data\POPWWPROFILES
2009-03-22 13:34 . 2009-03-22 13:34 -------- d-----w c:\documents and settings\Administrator\Application Data\InstallShield
2009-03-19 22:18 . 2009-03-19 22:18 -------- d-----w c:\documents and settings\Administrator\Application Data\Sibelius Software
2009-03-19 20:18 . 2009-03-19 20:18 -------- d-----w c:\windows\Sun
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-16 00:06 . 2009-02-27 23:46 -------- d-----w c:\documents and settings\Administrator\Application Data\uTorrent
2009-04-15 23:48 . 2009-04-15 16:29 16384 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
2009-04-15 23:48 . 2009-04-15 16:29 16384 --sha-w c:\windows\system32\config\systemprofile\Cookies\index.dat
2009-04-15 23:48 . 2009-04-15 09:17 32768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
2009-04-15 19:46 . 2009-04-15 19:46 -------- d-----w c:\program files\Trend Micro
2009-04-15 18:04 . 2009-02-27 23:39 -------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-04-15 17:39 . 2009-04-15 17:39 -------- d-----w c:\program files\Panda Security
2009-04-15 09:30 . 2009-02-27 23:40 -------- d-----w c:\program files\7-Zip
2009-04-15 07:47 . 2009-04-15 07:47 -------- d-sh--r c:\program files\ThunMail
2009-04-15 07:37 . 2009-02-27 21:55 107888 ----a-w c:\windows\system32\CmdLineExt.dll
2009-04-15 07:12 . 2009-04-15 07:10 -------- d-----w c:\program files\DAEMON Tools Pro
2009-04-15 07:09 . 2009-02-28 14:51 721904 ----a-w c:\windows\system32\drivers\sptd.sys
2009-04-10 18:37 . 2009-03-01 18:01 -------- d-----w c:\program files\Soulseek
2009-04-03 14:30 . 2009-02-27 22:28 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-25 21:16 . 2009-03-25 21:16 -------- d-----w c:\program files\G4FON Software
2009-03-24 16:38 . 2009-02-27 22:28 -------- d-----w c:\program files\Common Files\InstallShield
2009-03-20 00:36 . 2009-02-27 23:35 56280 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-19 22:18 . 2009-03-19 22:18 -------- d-----w c:\program files\Musicnotes
2009-03-07 00:33 . 2009-03-07 00:33 -------- d-----w c:\documents and settings\All Users\Application Data\Trymedia
2009-03-02 13:14 . 2009-02-27 23:39 10520 ----a-w c:\windows\system32\avgrsstx.dll
2009-03-02 13:14 . 2009-02-27 23:39 107272 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-03-02 13:14 . 2009-02-27 23:39 325128 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-02-28 15:23 . 2009-02-28 15:23 -------- d-----w c:\documents and settings\Administrator\Application Data\InstallShield Installation Information
2009-02-28 15:22 . 2009-02-28 15:22 -------- d-----w c:\program files\MSBuild
2009-02-28 15:22 . 2009-02-28 15:22 114856 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-02-28 15:20 . 2009-02-28 15:20 -------- d-----w c:\program files\Reference Assemblies
2009-02-28 15:10 . 2009-02-28 15:10 223128 ----a-w c:\windows\system32\drivers\vaxscsi.sys
2009-02-28 15:10 . 2009-02-28 15:10 -------- d-----w c:\program files\Alcohol Soft
2009-02-28 14:54 . 2009-02-28 14:54 -------- d-----w c:\program files\free-downloads.net
2009-02-28 14:54 . 2009-02-28 14:54 -------- d-----w c:\program files\Conduit
2009-02-28 11:17 . 2009-02-28 11:17 -------- d-----w c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-02-28 02:00 . 2009-02-28 01:24 -------- d-----w c:\program files\The KMPlayer
2009-02-28 00:57 . 2009-02-28 00:57 -------- d-----w c:\program files\Messenger Plus! Live
2009-02-28 00:27 . 2009-02-27 23:40 -------- d-----w c:\program files\Common Files\Adobe
2009-02-28 00:26 . 2009-02-28 00:26 -------- d-----w c:\program files\Common Files\Macrovision Shared
2009-02-28 00:08 . 2009-02-28 00:08 -------- d-----w c:\program files\Windows Live
2009-02-28 00:00 . 2009-02-28 00:00 -------- d-----w c:\program files\Windows Media Connect 2
2009-02-27 23:52 . 2009-02-27 23:52 268 ---ha-w C:\sqmdata00.sqm
2009-02-27 23:52 . 2009-02-27 23:52 244 ---ha-w C:\sqmnoopt00.sqm
2009-02-27 23:46 . 2009-02-27 23:46 -------- d-----w c:\program files\uTorrent
2009-02-27 23:41 . 2009-02-27 23:41 -------- d-----w c:\program files\K-Lite Codec Pack
2009-02-27 23:41 . 2009-02-27 23:41 -------- d-----w c:\program files\GRETECH
2009-02-27 23:40 . 2009-02-27 23:40 -------- d-----w c:\program files\Ahead
2009-02-27 23:40 . 2009-02-27 23:40 -------- d-----w c:\program files\Common Files\Ahead
2009-02-27 23:39 . 2009-02-27 23:39 -------- d-----w c:\program files\AVG
2009-02-27 23:38 . 2009-02-27 23:38 -------- d-----w c:\program files\Microsoft ActiveSync
2009-02-27 23:38 . 2009-02-27 23:38 -------- d-----w c:\program files\Microsoft.NET
2009-02-27 23:37 . 2009-02-27 23:37 410976 ----a-w c:\windows\system32\deploytk.dll
2009-02-27 23:37 . 2009-02-27 23:37 -------- d-----w c:\program files\Java
2009-02-27 23:12 . 2009-02-27 22:53 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-02-27 22:54 . 2009-02-27 22:54 -------- d-----w c:\program files\microsoft frontpage
2009-02-27 22:51 . 2009-02-27 22:51 21640 ----a-w c:\windows\system32\emptyregdb.dat
2009-02-27 22:36 . 2009-02-27 22:36 271360 ----a-w c:\windows\system32\drivers\atksgt.sys
2009-02-27 22:36 . 2009-02-27 22:36 18048 ----a-w c:\windows\system32\drivers\lirsgt.sys
2009-02-27 21:55 . 2009-02-27 21:55 -------- d--h--r c:\documents and settings\Administrator\Application Data\SecuROM
2009-02-27 21:50 . 2009-02-27 21:50 -------- d-----w c:\documents and settings\Administrator\Application Data\GRETECH
2009-02-27 21:44 . 2009-02-27 18:04 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-02-27 21:39 . 2009-02-27 23:41 -------- d-----w c:\documents and settings\Administrator\Application Data\Media Player Classic
2009-02-27 18:04 . 2009-02-27 18:04 -------- d-----w c:\program files\AGEIA Technologies
2009-02-27 17:30 . 2009-02-27 17:30 -------- d-----w c:\documents and settings\Administrator\Application Data\Winamp
2009-02-27 17:30 . 2009-02-27 17:30 -------- d-----w c:\program files\Winamp
2009-02-06 17:52 . 2009-02-06 17:52 49504 ----a-w c:\windows\system32\sirenacm.dll
.
------- Sigcheck -------
[-] 2008-04-14 03:42 1054208 4117579C8AAF44CAB0E4FADDDE68D1A6 c:\windows\explorer.exe
[-] 2008-04-14 03:42 1054208 EBB4A8DD5F9F72AEF2833F65FD238643 c:\windows\system32\dllcache\explorer.exe
[-] 2008-04-14 03:42 35840 25E4AD02F112D149E68523F410C21E3B c:\windows\system32\ctfmon.exe
[-] 2008-04-14 03:42 35840 6CC9D131FDB3CB67016C4E41D658ED0E c:\windows\system32\dllcache\ctfmon.exe
[-] 2008-04-14 03:42 78336 AE05F81D83F9FAB0D3B5F8999B15419F c:\windows\system32\spoolsv.exe
[-] 2008-04-14 03:42 78336 C161DC5ADF9D8946DE384BE201C9483A c:\windows\system32\dllcache\spoolsv.exe
[-] 2008-04-14 03:42 131584 50D29B275ECBBB8E701B61DAEB1EB254 c:\windows\system32\wuauclt.exe
[-] 2008-04-14 03:42 131584 30E0015F71D198D8880C1E97FA7F6679 c:\windows\system32\dllcache\wuauclt.exe
[-] 2008-04-14 03:42 46592 8CD6538C723776A4F110B43FEEA68A5D c:\windows\system32\userinit.exe
[-] 2008-04-14 03:42 46592 D35BCCA15867513466058514CAFFD024 c:\windows\system32\dllcache\userinit.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-04-15_18.14.36 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-14 03:42 . 2008-04-14 03:42 78336 c:\windows\system32\spoolsv.exe
+ 2009-04-15 19:12 . 2009-04-15 19:12 17376 c:\windows\system32\drivers\tlcb614.sys
+ 2009-04-15 23:50 . 2009-04-15 23:50 17376 c:\windows\system32\drivers\bne4c92.sys
+ 2009-04-15 09:17 . 2009-04-15 23:48 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-04-15 09:17 . 2009-04-15 18:10 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-04-15 16:29 . 2009-04-15 23:48 16384 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-04-15 16:29 . 2009-04-15 18:10 16384 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-04-15 16:29 . 2009-04-15 18:10 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-04-15 16:29 . 2009-04-15 23:48 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2008-02-14 1555480]
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
2008-02-14 13:54 1555480 ----a-w c:\program files\free-downloads.net\tbfree.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2008-02-14 1555480]
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2008-02-14 1555480]
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 35840]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-02 1601304]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13680640]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-15 86016]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-04-10 16882688]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-01-15 1657376]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 35840]
"svc"="c:\program files\ThunMail\testabd.exe" [2009-04-15 66760]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2008-04-23 124928]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explor er]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\expl orer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-03-02 13:14 10520 ----a-w c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\ThunMail\testabd.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"e:\\Program Files\\Ubisoft\\Gearbox Software\\Brothers in Arms - Hell's Highway\\Binaries\\biahh.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Soulseek\\slsk.exe"=
"e:\\Program Files\\Sierra\\FEAR\\FEAR.exe"=
"e:\\Program Files\\Sierra\\FEAR\\FEARMP.exe"=
"e:\\Program Files\\Sierra\\FEAR\\FEARXP\\FEARXP.exe"=
"e:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main.exe"=
"e:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe"=
"e:\\Program Files\\Atari\\Neverwinter Nights 2\\nwupdate.exe"=
"e:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2server.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List]
"4393:UDP"= 4393:UDP:Windows Media Format SDK (iexplore.exe)
"4392:UDP"= 4392:UDP:Windows Media Format SDK (iexplore.exe)
R1 tlcb614;tlcb614;c:\windows\System32\drivers\tlcb614.sys [2009-04-15 17376]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-06-19 28544]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-03-02 325128]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-03-02 107272]
S1 bne4c92;bne4c92;c:\windows\System32\drivers\bne4c92.sys [2009-04-15 17376]
S1 neq3f4f;neq3f4f;c:\windows\System32\drivers\neq3f4f.sys [2009-04-15 17376]
S1 nfq736c;nfq736c;c:\windows\System32\drivers\nfq736c.sys [2009-04-15 17376]
S1 tkc249f;tkc249f;c:\windows\System32\drivers\tkc249f.sys [2009-04-15 17376]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-03-02 903960]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-02 298264]

--- Other Services/Drivers In Memory ---
*NewlyCreated* - BNE4C92
*NewlyCreated* - WUAUSERV
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1098640
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {5C08F363-CBF6-41B8-8080-4833F6406FCB} = 195.29.166.116 195.29.149.196
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jk146q4h.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-16 02:07
Windows 5.1.2600 Service Pack 3 NTFS
detected NTDLL code modification:
ZwOpenFile
scanning hidden processes ...
? [45604]
? [45468]
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1614895754-1450960922-1801674531-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:a3,58,1d,87,2d,9d,99,ce,2d,6c,5d,e4,0a,7f,1d,0f,c6,02,a0,0c,1e,9b, 95,
69,48,97,ba,a7,8f,e2,42,40,ac,9b,f5,84,b2,7f,be,a1,83,bc,d4,42,09,b8,05,0f, \
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
[HKEY_USERS\S-1-5-21-1614895754-1450960922-1801674531-500\Software\SecuROM\License information*]
"datasecu"=hex:e3,cc,59,b0,6e,2e,6d,d6,df,45,2a,e0,3d,6d,bf,69,f5,cd,6d,ad, 91,
b1,d9,88,32,ae,53,10,f8,09,ec,57,44,d9,c2,d9,cd,78,5d,88,9a,db,06,49,6e,af, \
"rkeysecu"=hex:51,7d,90,84,53,57,a8,8d,83,1c,93,5d,9f,6a,07,24
.
Completion time: 2009-04-16 2:08
ComboFix-quarantined-files.txt 2009-04-16 00:08
ComboFix2.txt 2009-04-15 18:15
Pre-Run: 33.331.150.848 bytes free
Post-Run: 33.368.248.320 bytes free
249
Jordik's Avatar
Junior Member with 4 posts.
  
Join Date: Apr 2009
15-Apr-2009, 09:11 PM #6
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:08:35, on 16.4.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\PROGRA~1\THEKMP~1\KMPlayer.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSour...ctid=CT1098640
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [svc] c:\program Files\ThunMail\testabd.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O17 - HKLM\System\CCS\Services\Tcpip\..\{5C08F363-CBF6-41B8-8080-4833F6406FCB}: NameServer = 195.29.166.116 195.29.149.196
O20 - AppInit_DLLs: c:\progra~1\ThunMail\testabd.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Windows Presentation Foundation Font Cache 3.0.0.0 (FontCache3.0.0.0) - Unknown owner - C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
--
End of file - 5593 bytes
Cheeseball81's Avatar
Moderator & Malware Removal Specialist with 80,168 posts.
  
Join Date: Mar 2004
Location: Long Island, NY
Experience: Advanced
16-Apr-2009, 02:00 PM #7
Next step.......

Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.
__________________
Microsoft MVP - Consumer Security
If we've helped you, please donate to TSG!
Email This Email  Print This Print  Tweet This Send to Facebook Send to MySpace Send to StumbleUpon Digg This | More Services More
Reply

THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!

« Previous Thread | Virus & Other Malware Removal | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
WELCOME TO TECH SUPPORT GUY! Are you looking for the solution to your computer problem? Join our site today to ask your question -- for free! Our site is run completely by volunteers who want to help you solve your computer problems. See our Welcome Guide to get started.
Thread Tools



Facebook Facebook Twitter Twitter TechGuy.tv TechGuy.tv Mobile TSG Mobile
Contact Us - HelpOnThe.Net - Archive - Terms of Service - Top
You Are Using:
Server ID
Advertisements do not imply our endorsement of that product or service.
All times are GMT -4. The time now is 10:26 PM.
Copyright © 1996 - 2011 TechGuy, Inc. All rights reserved.

 Powered by Cermak Technologies, Inc.