Abebot - wml.exe malware PLEASE HELP

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

kpowning

Thread Starter
Joined
Apr 1, 2008
Messages
8
I have tried almost everyones post on removing this virus/maleware. I'm currently running Mcafree antivirus and Superantispyware software. I have performed the SDfix and ComboFix.exe programs but still it comes back. Any help would be much appreciated. This is the log after running those programs.
 

Attachments

kpowning

Thread Starter
Joined
Apr 1, 2008
Messages
8
Will someone please help me? I have attached the following image of the popup that I keep receiving. I would appreciate any help... PLEASE. :)
 

Attachments

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
120,084
Hi and welcome to TSG,

Pasting the log here for easier viewing.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:30:21 PM, on 4/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\gvurstin.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\LIUtilities\SpeedUpMyPC\speedupmypc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ishxgugr] C:\WINDOWS\system32\gvurstin.exe
O4 - HKCU\..\Run: [axaulrja] C:\WINDOWS\system32\dwjelsfi.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SpeedUpMyPC.lnk = C:\Program Files\LIUtilities\SpeedUpMyPC\speedupmypc.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://linktrader.cyberspacehq.com
O16 - DPF: Web-Based Email Tools - http://email.secureserver.net/Download.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1195797649444
O16 - DPF: {7876E4A5-78B7-4020-B08F-C960A1ED54C9} (WebWatch Class) - http://75.58.246.194/AL/WinWebPush.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{40CBE8CB-EC6F-4E88-B5AB-59ED807CE39D}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{9A2AC15A-00BD-46BE-90A7-911AC63823BC}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{D640C242-8A0D-4A6E-A635-602C09FDC74B}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{40CBE8CB-EC6F-4E88-B5AB-59ED807CE39D}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\..\{40CBE8CB-EC6F-4E88-B5AB-59ED807CE39D}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Webcam Corp. Service Starter - Unknown owner - C:\Program Files\Webcam\NetCamCtr1\dogsvc.exe (file missing)

--
End of file - 7107 bytes
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
120,084
Please post your ComboFix log.
 

kpowning

Thread Starter
Joined
Apr 1, 2008
Messages
8
ComboFix 08-04-01.2 - Kyle 2008-04-01 18:18:00.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.641 [GMT -7:00]
Running from: C:\Documents and Settings\Kyle\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Kyle\Desktopblackbird.jpg
C:\Documents and Settings\Kyle\DesktopEditorFKWP1.5.exe
C:\Documents and Settings\Kyle\DesktopEditorFKWP2.0.exe
C:\Documents and Settings\Kyle\Desktopfilemanagerclient.exe
C:\Documents and Settings\Kyle\Desktopfkwp1.5.exe
C:\Documents and Settings\Kyle\Desktopfkwp2.0.exe
C:\Documents and Settings\Kyle\Desktopfwebd.exe
C:\Documents and Settings\Kyle\DesktopFWebdEditor.exe
C:\Documents and Settings\Kyle\DesktopTrojan.Win32.BlackBird.exe
C:\Documents and Settings\Kyle\Desktopvirii
C:\WINDOWS\a.bat
C:\WINDOWS\base64.tmp
C:\WINDOWS\bdn.com
C:\WINDOWS\FVProtect.exe
C:\WINDOWS\mssecu.exe
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\wanpacket.dll
C:\WINDOWS\system32\wpcap.dll
C:\WINDOWS\system32akttzn.exe
C:\WINDOWS\system32anticipator.dll
C:\WINDOWS\system32awtoolb.dll
C:\WINDOWS\system32bdn.com
C:\WINDOWS\system32bsva-egihsg52.exe
C:\WINDOWS\system32dpcproxy.exe
C:\WINDOWS\system32emesx.dll
C:\WINDOWS\[email protected]@@k.dll
C:\WINDOWS\system32hoproxy.dll
C:\WINDOWS\system32hxiwlgpm.dat
C:\WINDOWS\system32hxiwlgpm.exe
C:\WINDOWS\system32medup012.dll
C:\WINDOWS\system32medup020.dll
C:\WINDOWS\system32msgp.exe
C:\WINDOWS\system32msnbho.dll
C:\WINDOWS\system32mssecu.exe
C:\WINDOWS\system32msvchost.exe
C:\WINDOWS\system32mtr2.exe
C:\WINDOWS\system32mwin32.exe
C:\WINDOWS\system32netode.exe
C:\WINDOWS\system32newsd32.exe
C:\WINDOWS\system32ps1.exe
C:\WINDOWS\system32psof1.exe
C:\WINDOWS\system32psoft1.exe
C:\WINDOWS\system32regc64.dll
C:\WINDOWS\system32regm64.dll
C:\WINDOWS\system32Rundl1.exe
C:\WINDOWS\system32sncntr.exe
C:\WINDOWS\system32ssurf022.dll
C:\WINDOWS\system32ssvchost.com
C:\WINDOWS\system32ssvchost.exe
C:\WINDOWS\system32sysreq.exe
C:\WINDOWS\system32taack.dat
C:\WINDOWS\system32taack.exe
C:\WINDOWS\system32temp#01.exe
C:\WINDOWS\system32thun.dll
C:\WINDOWS\system32thun32.dll
C:\WINDOWS\system32VBIEWER.OCX
C:\WINDOWS\system32vbsys2.dll
C:\WINDOWS\system32vcatchpi.dll
C:\WINDOWS\system32winlogonpc.exe
C:\WINDOWS\system32winsystem.exe
C:\WINDOWS\system32WINWGPX.EXE
C:\WINDOWS\userconfig9x.dll
C:\WINDOWS\winsystem.exe
C:\WINDOWS\zip1.tmp
C:\WINDOWS\zip2.tmp
C:\WINDOWS\zip3.tmp
C:\WINDOWS\zipped.tmp

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SZKG5
-------\Legacy_NPF
-------\NPF


((((((((((((((((((((((((( Files Created from 2008-03-02 to 2008-04-02 )))))))))))))))))))))))))))))))
.

2008-04-01 16:59 . 2008-04-01 16:59 <DIR> d-------- C:\hjk
2008-04-01 16:55 . 2008-04-01 16:55 <DIR> d-------- C:\VundoFix Backups
2008-04-01 06:42 . 2008-04-01 06:42 <DIR> d-------- C:\Program Files\PC-Cleaner
2008-03-26 23:05 . 2008-03-26 23:05 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-03-26 23:05 . 2008-03-26 23:05 <DIR> d-------- C:\Documents and Settings\Kyle\Application Data\Malwarebytes
2008-03-26 23:05 . 2008-03-26 23:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-26 22:58 . 2008-03-26 22:58 <DIR> d-------- C:\Program Files\CCleaner
2008-03-26 22:34 . 2008-03-26 22:55 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-03-26 22:34 . 2008-03-26 22:34 <DIR> d-------- C:\Documents and Settings\Kyle\Application Data\SUPERAntiSpyware.com
2008-03-26 22:34 . 2008-03-26 22:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-26 21:58 . 2008-03-26 21:58 <DIR> d-------- C:\WINDOWS\ERUNT
2008-03-26 21:58 . 2008-04-01 18:14 <DIR> d-------- C:\SDFix
2008-03-26 21:58 . 2008-03-26 21:58 <DIR> d-------- C:\Documents and Settings\Kyle\backups
2008-03-26 21:58 . 2008-03-26 21:58 <DIR> d-------- C:\Documents and Settings\Kyle\backupreg
2008-03-26 21:58 . 2004-08-04 00:56 146,432 --a------ C:\Documents and Settings\Kyle\regedit.exe
2008-03-26 21:58 . 2004-08-04 00:56 27,136 --a------ C:\Documents and Settings\Kyle\findstr.exe
2008-03-26 21:58 . 2001-08-23 05:00 11,264 --a------ C:\Documents and Settings\Kyle\attrib.exe
2008-03-26 21:58 . 2001-08-23 05:00 9,216 --a------ C:\Documents and Settings\Kyle\find.exe
2008-03-26 19:02 . 2008-03-26 19:02 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-26 19:02 . 2008-03-26 19:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-26 18:40 . 2008-03-26 18:40 <DIR> d-------- C:\Program Files\WinPcap
2008-03-26 18:28 . 2008-03-26 18:32 <DIR> d-------- C:\fixwareout
2008-03-26 17:02 . 2008-04-01 18:22 10,041 --a------ C:\WINDOWS\system32\Config.MPF
2008-03-26 17:00 . 2007-11-22 06:44 201,320 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2008-03-26 17:00 . 2007-07-13 06:20 113,952 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2008-03-26 17:00 . 2007-11-22 06:44 79,304 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2008-03-26 17:00 . 2007-12-02 12:51 40,488 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2008-03-26 17:00 . 2007-11-22 06:44 35,240 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2008-03-26 17:00 . 2007-11-22 06:44 33,832 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2008-03-26 16:59 . 2008-03-26 16:59 <DIR> d-------- C:\Program Files\McAfee.com
2008-03-26 16:59 . 2008-03-26 18:30 <DIR> d-------- C:\Program Files\McAfee
2008-03-26 16:59 . 2008-03-26 17:00 <DIR> d-------- C:\Program Files\Common Files\McAfee
2008-03-26 16:54 . 2008-03-26 16:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-03-25 23:28 . 2008-03-25 23:28 98,304 --a------ C:\WINDOWS\system32\dwjelsfi.exe
2008-03-25 20:18 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-03-25 20:18 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-03-25 20:18 . 2008-03-22 15:49 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-03-25 20:18 . 2008-03-15 17:16 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-03-25 20:18 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-03-25 20:18 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-03-25 19:44 . 2008-03-25 19:44 <DIR> d-a------ C:\WINDOWS\zts2.exe
2008-03-25 19:44 . 2008-03-25 19:44 <DIR> d-a------ C:\WINDOWS\system32\vcmgcd32.dll
2008-03-25 19:44 . 2008-03-25 19:44 <DIR> d-a------ C:\WINDOWS\system32\iifgfgf.dll
2008-03-25 19:44 . 2008-03-25 19:44 <DIR> d-a------ C:\WINDOWS\rundll16.exe
2008-03-25 19:44 . 2008-03-25 19:44 <DIR> d-a------ C:\WINDOWS\rundl132.dll
2008-03-25 19:44 . 2008-03-25 19:44 <DIR> d-a------ C:\WINDOWS\logo1_.exe
2008-03-25 19:37 . 2004-08-04 00:56 146,432 --a------ C:\WINDOWS\R.COM
2008-03-25 19:37 . 2004-08-04 00:56 135,680 --a------ C:\WINDOWS\system32\T.COM
2008-03-25 19:37 . 2008-03-25 19:38 50 --a------ C:\WINDOWS\Lic.xxx
2008-03-25 19:29 . 2008-03-25 19:31 <DIR> d-------- C:\Downloads
2008-03-25 19:12 . 2008-03-25 19:12 <DIR> d-------- C:\Documents and Settings\Kyle\DoctorWeb
2008-03-25 06:39 . 2008-03-25 18:05 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-03-25 06:39 . 2008-03-25 18:05 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-03-25 06:33 . 2008-03-25 06:33 106,496 --a------ C:\WINDOWS\system32\gvurstin.exe
2008-03-24 21:51 . 2008-03-26 21:23 2,070 --a------ C:\WINDOWS\system32\tmp.reg
2008-03-24 21:00 . 2008-03-24 21:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SITEguard
2008-03-24 20:59 . 2008-03-24 20:59 <DIR> d-------- C:\Program Files\Common Files\iS3
2008-03-24 20:59 . 2008-03-24 21:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-03-24 17:51 . 2008-03-27 06:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\fwpovwnu
2008-03-24 17:23 . 2008-03-24 17:23 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-03-24 17:22 . 2008-03-24 17:23 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-01 03:56 --------- d-----w C:\Program Files\XBC
2008-03-27 05:34 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-27 00:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-03-26 23:56 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-26 23:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-25 02:30 --------- d-----w C:\Program Files\XLink Kai Evolution VII
2008-03-15 22:59 --------- d-----w C:\Program Files\Java
2008-02-09 03:16 --------- d-----w C:\Program Files\Hp
2008-02-09 03:16 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard
2008-01-19 20:00 25,456 ----a-w C:\Documents and Settings\Kyle\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"ishxgugr"="C:\WINDOWS\system32\gvurstin.exe" [2008-03-25 06:33 106496]
"axaulrja"="C:\WINDOWS\system32\dwjelsfi.exe" [2008-03-25 23:28 98304]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2002-01-10 04:26 47104 C:\WINDOWS\SOUNDMAN.EXE]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 13:22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 13:22 1622016 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 13:22 86016]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 19:12 582992]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-04-07 02:42:52 217190]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-11-23 00:09:47 113664]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04 83360]
SpeedUpMyPC.lnk - C:\Program Files\LIUtilities\SpeedUpMyPC\speedupmypc.exe [2004-10-06 12:21:30 3509760]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\XBC\\AppUpdater.exe"=
"C:\\Program Files\\Crystal FTP Pro\\crystalftp.exe"=
"C:\\Program Files\\Argus Surveillance DVR\\WebServerForAdmin.exe"=
"C:\\Program Files\\Macromedia\\Dreamweaver MX\\Dreamweaver.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8602:TCP"= 8602:TCP:xbc
"8602:UDP"= 8602:UDP:xbc

R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [2004-08-03 22:31]
S3 kvpndev;Kerio VPN adapter;C:\WINDOWS\system32\DRIVERS\kvpndrv.sys [2007-12-07 13:02]
S3 kwflower;Kerio WinRoute Firewall Driver - Lower Layer;C:\WINDOWS\system32\DRIVERS\kwflower.sys []
S3 LNE100;Linksys LNE100TX(v5) Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\LNE100V5.sys [2001-10-24 17:16]
S3 MUD;Driver for Magellan USB Device;C:\WINDOWS\system32\DRIVERS\MUD.sys [2008-01-14 00:03]
S3 PsSdk30;PsSdk30;C:\WINDOWS\system32\Drivers\PsSdk30.drv []
S3 Webcam Corp. Service Starter;Webcam Corp. Service Starter;C:\Program Files\Webcam\NetCamCtr1\dogsvc.exe []

.
Contents of the 'Scheduled Tasks' folder
"2008-03-27 00:00:04 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-04-01 08:00:03 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-01 18:22:25
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PsSdk30]
"ImagePath"="\??\C:\WINDOWS\system32\Drivers\PsSdk30.drv"
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
.
**************************************************************************
.
Completion time: 2008-04-01 18:24:45 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-02 01:24:35
Pre-Run: 56,369,152,000 bytes free
Post-Run: 56,355,024,896 bytes free
.
2008-03-26 00:02:54 --- E O F ---
 

kpowning

Thread Starter
Joined
Apr 1, 2008
Messages
8
Thursday, April 03, 2008 4:48:57 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 3/04/2008
Kaspersky Anti-Virus database records: 679869


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\
E:\
F:\

Scan Statistics
Total number of scanned objects 75693
Number of viruses found 1
Number of infected objects 4
Number of suspicious objects 0
Duration of the scan process 01:25:44

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\Events.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\Kyle\Application Data\Microsoft\Outlook\Outlook.srs Object is locked skipped

C:\Documents and Settings\Kyle\Application Data\Microsoft\Templates\Normal.dot Object is locked skipped

C:\Documents and Settings\Kyle\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\AppLogs\SUPERANTISPYWARE-4-2-2008( 19-49-45 ).LOG Object is locked skipped

C:\Documents and Settings\Kyle\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Kyle\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\Documents and Settings\Kyle\Desktop\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\Documents and Settings\Kyle\Desktop\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\Documents and Settings\Kyle\Desktop\SmitfraudFix.exe RarSFX: infected - 2 skipped

C:\Documents and Settings\Kyle\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped

C:\Documents and Settings\Kyle\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped

C:\Documents and Settings\Kyle\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\pending.dat Object is locked skipped

C:\Documents and Settings\Kyle\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_A4C8_717C_C871_4E14\dfsr.db Object is locked skipped

C:\Documents and Settings\Kyle\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_A4C8_717C_C871_4E14\fsr.log Object is locked skipped

C:\Documents and Settings\Kyle\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_A4C8_717C_C871_4E14\fsrtmp.log Object is locked skipped

C:\Documents and Settings\Kyle\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_A4C8_717C_C871_4E14\tmp.edb Object is locked skipped

C:\Documents and Settings\Kyle\Local Settings\Application Data\Microsoft\Outlook\archive.pst Object is locked skipped

C:\Documents and Settings\Kyle\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst Object is locked skipped

C:\Documents and Settings\Kyle\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Kyle\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Kyle\Local Settings\Application Data\Microsoft\Windows Live Contacts\[email protected]\real\members.stg Object is locked skipped

C:\Documents and Settings\Kyle\Local Settings\Application Data\Microsoft\Windows Live Contacts\[email protected]\shadow\members.stg Object is locked skipped

C:\Documents and Settings\Kyle\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Kyle\Local Settings\History\History.IE5\MSHist012008040320080404\index.dat Object is locked skipped

C:\Documents and Settings\Kyle\Local Settings\Temp\Perflib_Perfdata_1d0.dat Object is locked skipped

C:\Documents and Settings\Kyle\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Kyle\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Kyle\NTUSER.DAT.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Program Files\LIUtilities\SpeedUpMyPC\pldt.dat Object is locked skipped

C:\Program Files\Microsoft Office\Office10\Startup\PDFMaker.dot Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{0DA9430B-1589-47DE-A2D9-1D02DCA140EF}\RP3\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\EventCache\{9738D4E8-6EAD-409D-AED4-216A9E84211B}.bin Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\TEMP\mcmsc_NPguB4cqO3P8t6v Object is locked skipped

C:\WINDOWS\TEMP\mcmsc_THd7R3psFeZIrSw Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
120,084
Open Notepad and copy and paste the text in the code box below into it:

Code:
File::
C:\WINDOWS\system32\dwjelsfi.exe
C:\WINDOWS\R.COM
C:\WINDOWS\system32\T.COM
C:\WINDOWS\Lic.xxx
C:\WINDOWS\system32\gvurstin.exe

Folder::
C:\Program Files\PC-Cleaner
C:\WINDOWS\zts2.exe
C:\WINDOWS\system32\vcmgcd32.dll
C:\WINDOWS\system32\iifgfgf.dll
C:\WINDOWS\rundll16.exe
C:\WINDOWS\rundl132.dll
C:\WINDOWS\logo1_.exe
C:\Documents and Settings\All Users\Application Data\fwpovwnu

DirLook::
C:\hjkProgram Files\XBC

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ishxgugr"=- 
"axaulrja"=-
Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.




This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply together with a new HijackThis log.
 

kpowning

Thread Starter
Joined
Apr 1, 2008
Messages
8
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:35:00 PM, on 4/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\LIUtilities\SpeedUpMyPC\speedupmypc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SpeedUpMyPC.lnk = C:\Program Files\LIUtilities\SpeedUpMyPC\speedupmypc.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://linktrader.cyberspacehq.com
O16 - DPF: Web-Based Email Tools - http://email.secureserver.net/Download.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1195797649444
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {7876E4A5-78B7-4020-B08F-C960A1ED54C9} (WebWatch Class) - http://75.58.246.194/AL/WinWebPush.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{40CBE8CB-EC6F-4E88-B5AB-59ED807CE39D}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{9A2AC15A-00BD-46BE-90A7-911AC63823BC}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{D640C242-8A0D-4A6E-A635-602C09FDC74B}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{40CBE8CB-EC6F-4E88-B5AB-59ED807CE39D}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\..\{40CBE8CB-EC6F-4E88-B5AB-59ED807CE39D}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Webcam Corp. Service Starter - Unknown owner - C:\Program Files\Webcam\NetCamCtr1\dogsvc.exe (file missing)

--
End of file - 6805 bytes
 

kpowning

Thread Starter
Joined
Apr 1, 2008
Messages
8
ComboFix 08-04-01.2 - Kyle 2008-04-04 16:24:04.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.714 [GMT -7:00]
Running from: C:\Documents and Settings\Kyle\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Kyle\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active


FILE ::
C:\WINDOWS\Lic.xxx
C:\WINDOWS\R.COM
C:\WINDOWS\system32\dwjelsfi.exe
C:\WINDOWS\system32\gvurstin.exe
C:\WINDOWS\system32\T.COM
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\fwpovwnu
C:\Program Files\PC-Cleaner
C:\WINDOWS\Lic.xxx
C:\WINDOWS\logo1_.exe
C:\WINDOWS\R.COM
C:\WINDOWS\rundl132.dll
C:\WINDOWS\rundll16.exe
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\dwjelsfi.exe
C:\WINDOWS\system32\gvurstin.exe
C:\WINDOWS\system32\iifgfgf.dll
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\T.COM
C:\WINDOWS\system32\vcmgcd32.dll
C:\WINDOWS\system32\wanpacket.dll
C:\WINDOWS\system32\wpcap.dll
C:\WINDOWS\zts2.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SZKG5
-------\Legacy_NPF
-------\NPF


((((((((((((((((((((((((( Files Created from 2008-03-04 to 2008-04-04 )))))))))))))))))))))))))))))))
.

2008-04-04 14:23 . 2008-04-04 14:23 <DIR> d-------- C:\Program Files\WinPcap
2008-04-02 15:50 . 2008-04-02 15:53 <DIR> d-------- C:\TEMP\HP All-in-One Series Web Release
2008-04-01 20:26 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-04-01 16:59 . 2008-04-01 16:59 <DIR> d-------- C:\hjk
2008-04-01 16:55 . 2008-04-01 16:55 <DIR> d-------- C:\VundoFix Backups
2008-03-26 23:05 . 2008-03-26 23:05 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-03-26 23:05 . 2008-03-26 23:05 <DIR> d-------- C:\Documents and Settings\Kyle\Application Data\Malwarebytes
2008-03-26 23:05 . 2008-03-26 23:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-26 22:58 . 2008-03-26 22:58 <DIR> d-------- C:\Program Files\CCleaner
2008-03-26 22:34 . 2008-03-26 22:55 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-03-26 22:34 . 2008-03-26 22:34 <DIR> d-------- C:\Documents and Settings\Kyle\Application Data\SUPERAntiSpyware.com
2008-03-26 22:34 . 2008-03-26 22:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-26 21:58 . 2008-03-26 21:58 <DIR> d-------- C:\WINDOWS\ERUNT
2008-03-26 21:58 . 2008-04-01 18:14 <DIR> d-------- C:\SDFix
2008-03-26 21:58 . 2008-03-26 21:58 <DIR> d-------- C:\Documents and Settings\Kyle\backups
2008-03-26 21:58 . 2008-03-26 21:58 <DIR> d-------- C:\Documents and Settings\Kyle\backupreg
2008-03-26 21:58 . 2004-08-04 00:56 146,432 --a------ C:\Documents and Settings\Kyle\regedit.exe
2008-03-26 21:58 . 2004-08-04 00:56 27,136 --a------ C:\Documents and Settings\Kyle\findstr.exe
2008-03-26 21:58 . 2001-08-23 05:00 11,264 --a------ C:\Documents and Settings\Kyle\attrib.exe
2008-03-26 21:58 . 2001-08-23 05:00 9,216 --a------ C:\Documents and Settings\Kyle\find.exe
2008-03-26 19:02 . 2008-03-26 19:02 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-26 19:02 . 2008-03-26 19:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-26 18:28 . 2008-03-26 18:32 <DIR> d-------- C:\fixwareout
2008-03-26 17:02 . 2008-04-04 16:26 10,415 --a------ C:\WINDOWS\system32\Config.MPF
2008-03-26 17:00 . 2007-11-22 06:44 201,320 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2008-03-26 17:00 . 2007-07-13 06:20 113,952 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2008-03-26 17:00 . 2007-11-22 06:44 79,304 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2008-03-26 17:00 . 2007-12-02 12:51 40,488 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2008-03-26 17:00 . 2007-11-22 06:44 35,240 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2008-03-26 17:00 . 2007-11-22 06:44 33,832 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2008-03-26 16:59 . 2008-03-26 16:59 <DIR> d-------- C:\Program Files\McAfee.com
2008-03-26 16:59 . 2008-03-26 18:30 <DIR> d-------- C:\Program Files\McAfee
2008-03-26 16:59 . 2008-03-26 17:00 <DIR> d-------- C:\Program Files\Common Files\McAfee
2008-03-26 16:54 . 2008-03-26 16:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-03-25 20:18 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-03-25 20:18 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-03-25 20:18 . 2008-03-22 15:49 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-03-25 20:18 . 2008-03-15 17:16 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-03-25 20:18 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-03-25 20:18 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-03-25 19:29 . 2008-03-25 19:31 <DIR> d-------- C:\Downloads
2008-03-25 19:12 . 2008-03-25 19:12 <DIR> d-------- C:\Documents and Settings\Kyle\DoctorWeb
2008-03-25 06:39 . 2008-03-25 18:05 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-03-25 06:39 . 2008-03-25 18:05 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-03-24 21:51 . 2008-04-01 20:29 2,070 --a------ C:\WINDOWS\system32\tmp.reg
2008-03-24 21:00 . 2008-03-24 21:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SITEguard
2008-03-24 20:59 . 2008-03-24 20:59 <DIR> d-------- C:\Program Files\Common Files\iS3
2008-03-24 20:59 . 2008-03-24 21:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-03-24 17:23 . 2008-03-24 17:23 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-03-24 17:22 . 2008-03-24 17:23 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-04 22:37 --------- d-----w C:\Program Files\XBC
2008-04-03 02:32 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-27 05:34 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-27 00:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-03-26 23:56 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-26 23:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-25 02:30 --------- d-----w C:\Program Files\XLink Kai Evolution VII
2008-03-15 22:59 --------- d-----w C:\Program Files\Java
2008-02-09 03:16 --------- d-----w C:\Program Files\Hp
2008-02-09 03:16 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard
2008-01-19 20:00 25,456 ----a-w C:\Documents and Settings\Kyle\Application Data\GDIPFONTCACHEV1.DAT
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\hjkProgram Files\XBC ----

C:\hjkProgram Files\XBC\


((((((((((((((((((((((((((((( [email protected]_18.24.12.68 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-10-18 17:04:16 341,296 ----a-w C:\WINDOWS\Downloaded Program Files\HPDEXAXO.dll
+ 2008-04-03 02:33:04 295,606 ----a-r C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A81200000003}\SC_Reader.exe
- 2008-04-01 22:07:46 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-04-04 20:00:41 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-04-01 22:07:46 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-04-04 20:00:41 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-04-01 22:07:46 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-04 20:00:41 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2002-01-10 04:26 47104 C:\WINDOWS\SOUNDMAN.EXE]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 13:22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 13:22 1622016 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 13:22 86016]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 19:12 582992]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-04-07 02:42:52 217190]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-11-23 00:09:47 113664]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04 83360]
SpeedUpMyPC.lnk - C:\Program Files\LIUtilities\SpeedUpMyPC\speedupmypc.exe [2004-10-06 12:21:30 3509760]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\XBC\\AppUpdater.exe"=
"C:\\Program Files\\Crystal FTP Pro\\crystalftp.exe"=
"C:\\Program Files\\Argus Surveillance DVR\\WebServerForAdmin.exe"=
"C:\\Program Files\\Macromedia\\Dreamweaver MX\\Dreamweaver.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8602:TCP"= 8602:TCP:xbc
"8602:UDP"= 8602:UDP:xbc

R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [2004-08-03 22:31]
S3 kvpndev;Kerio VPN adapter;C:\WINDOWS\system32\DRIVERS\kvpndrv.sys [2007-12-07 13:02]
S3 kwflower;Kerio WinRoute Firewall Driver - Lower Layer;C:\WINDOWS\system32\DRIVERS\kwflower.sys []
S3 LNE100;Linksys LNE100TX(v5) Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\LNE100V5.sys [2001-10-24 17:16]
S3 MUD;Driver for Magellan USB Device;C:\WINDOWS\system32\DRIVERS\MUD.sys [2008-01-14 00:03]
S3 PsSdk30;PsSdk30;C:\WINDOWS\system32\Drivers\PsSdk30.drv []
S3 Webcam Corp. Service Starter;Webcam Corp. Service Starter;C:\Program Files\Webcam\NetCamCtr1\dogsvc.exe []

.
Contents of the 'Scheduled Tasks' folder
"2008-03-27 00:00:04 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-04-01 08:00:03 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-04 16:41:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PsSdk30]
"ImagePath"="\??\C:\WINDOWS\system32\Drivers\PsSdk30.drv"
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wscntfy.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
.
**************************************************************************
.
Completion time: 2008-04-04 16:44:45 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-04 23:44:33
ComboFix2.txt 2008-04-02 01:24:46
Pre-Run: 55,914,389,504 bytes free
Post-Run: 55,903,559,680 bytes free
.
2008-03-26 00:02:54 --- E O F ---
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
120,084
Run Kaspersky online virus scan Kaspersky Online Scanner.

After the updates have downloaded, click on the "Scan Settings" button.
Choose the "Extended database" for the scan.
Under "Please select a target to scan", click "My Computer".
When the scan is finished, Save the results from the scan!

Note: You have to use Internet Explorer to do the online scan.

Post a new HiJackThis log along with the results from the Kaspersky scan
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top