Cant Go to Microsoft Websites

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

dneighbor

Thread Starter
Joined
Dec 20, 2010
Messages
423
I did a complete retore on my laptop and it was doing fine for a whie. Now it will not let me go to alot of different websites. Encluding Microsoft or do any updates.
 

dneighbor

Thread Starter
Joined
Dec 20, 2010
Messages
423
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:07:43 AM, on 1/19/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1295210089418
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: bw+0 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
--
End of file - 16864 bytes
 

dneighbor

Thread Starter
Joined
Dec 20, 2010
Messages
423
DDS (Ver_10-12-12.02) - NTFSx86
Run by Donald Neighbor at 9:08:27.36 on Wed 01/19/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.958.689 [GMT -5:00]

============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Donald Neighbor\Desktop\repair items\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.yahoo.com/
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [LDM] c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [CARPService] carpserv.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LDMConf.exe
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1295210089418
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
============= SERVICES / DRIVERS ===============
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-1-17 136176]
S2 qxqgvhib;Microsoft Installer;c:\windows\system32\svchost.exe -k netsvcs [2002-8-29 14336]
=============== Created Last 30 ================
2011-01-19 13:47:04 -------- d-sha-r- C:\cmdcons
2011-01-19 13:46:00 89088 ----a-w- c:\windows\MBR.exe
2011-01-19 13:46:00 256512 ----a-w- c:\windows\PEV.exe
2011-01-19 13:45:59 98816 ----a-w- c:\windows\sed.exe
2011-01-19 13:45:59 161792 ----a-w- c:\windows\SWREG.exe
2011-01-18 12:07:16 -------- d-----w- c:\program files\common files\Logitech
2011-01-18 12:05:50 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\ctor.dll
2011-01-18 12:05:50 32768 ----a-w- c:\program files\common files\installshield\professional\runtime\Objectps.dll
2011-01-18 12:05:50 266240 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iscript.dll
2011-01-18 12:05:50 192512 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iuser.dll
2011-01-18 12:05:49 729088 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iKernel.dll
2011-01-18 12:05:49 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\DotNetInstaller.exe
2011-01-18 12:05:49 188548 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iGdi.dll
2011-01-18 12:05:48 311428 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\setup.dll
2011-01-18 05:34:58 -------- d-----w- c:\docume~1\donald~1\locals~1\applic~1\Yahoo!
2011-01-18 05:31:08 -------- d-----w- c:\program files\Yahoo!
2011-01-17 23:51:49 -------- d-----w- c:\docume~1\donald~1\applic~1\OpenOffice.org
2011-01-17 23:47:46 -------- d-----w- c:\program files\JRE
2011-01-17 23:47:40 -------- d-----w- c:\program files\OpenOffice.org 3
2011-01-17 23:47:22 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-01-17 23:47:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-01-17 15:23:14 -------- d-----w- c:\docume~1\donald~1\locals~1\applic~1\Help
2011-01-17 13:01:41 -------- d-----w- c:\docume~1\donald~1\locals~1\applic~1\Google
2011-01-17 12:57:13 -------- d-----w- c:\windows\Downloaded Installations
2011-01-17 04:38:56 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2011-01-17 04:07:20 103344 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2011-01-17 04:07:20 -------- d-----w- c:\windows\Profiles
2011-01-17 04:07:11 306688 ----a-w- c:\windows\IsUninst.exe
2011-01-17 04:00:17 -------- d-----w- c:\windows\pss
2011-01-17 02:51:06 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2011-01-17 02:50:24 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2011-01-17 02:49:46 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2011-01-17 02:49:46 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2011-01-17 02:48:48 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2011-01-17 02:28:30 -------- d-----w- c:\windows\system32\scripting
2011-01-17 02:28:28 -------- d-----w- c:\windows\system32\en
2011-01-17 02:28:28 -------- d-----w- c:\windows\l2schemas
2011-01-17 02:23:20 -------- d-----w- c:\windows\network diagnostic
2011-01-17 02:12:48 -------- d-sh--w- c:\documents and settings\donald neighbor\PrivacIE
2011-01-17 02:12:01 -------- d-sh--w- c:\documents and settings\donald neighbor\IETldCache
2011-01-17 02:05:39 -------- d-----w- c:\windows\ie8updates
2011-01-17 02:05:23 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-01-17 02:05:23 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2011-01-17 02:05:23 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-01-17 02:05:23 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-01-17 02:05:23 1991680 -c----w- c:\windows\system32\dllcache\iertutil.dll
2011-01-17 02:05:23 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-01-17 02:05:23 11080704 -c----w- c:\windows\system32\dllcache\ieframe.dll
2011-01-17 02:04:08 -------- dc-h--w- c:\windows\ie8
2011-01-16 21:46:19 357248 -c----w- c:\windows\system32\dllcache\srv.sys
2011-01-16 21:46:08 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2011-01-16 21:45:59 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2011-01-16 21:45:57 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2011-01-16 21:45:47 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2011-01-16 21:45:47 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2011-01-16 21:45:41 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2011-01-16 21:44:06 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2011-01-16 21:35:52 730112 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2011-01-16 21:35:52 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2011-01-16 21:35:52 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2011-01-16 21:35:52 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2011-01-16 21:35:52 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2011-01-16 21:35:52 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2011-01-16 21:35:52 110592 -c----w- c:\windows\system32\dllcache\services.exe
2011-01-16 21:35:51 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
2011-01-16 21:35:51 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2011-01-16 21:35:51 2146304 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2011-01-16 21:35:50 2189952 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2011-01-16 21:35:49 2024448 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2011-01-16 21:34:09 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2011-01-16 21:33:54 2066432 -c----w- c:\windows\system32\dllcache\mstscax.dll
2011-01-16 21:33:32 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2011-01-16 21:32:38 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2011-01-16 21:32:31 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2011-01-16 21:31:58 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-01-16 21:31:57 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe
2011-01-16 21:15:27 -------- d-----w- c:\windows\system32\wbem\AutoRecover
2011-01-16 21:10:08 -------- d-----w- c:\windows\peernet
2011-01-16 21:10:07 -------- d-----w- c:\windows\provisioning
2011-01-16 21:08:12 -------- d-----w- c:\windows\ServicePackFiles
2011-01-16 21:04:22 -------- d-----w- c:\windows\system32\ReinstallBackups
2011-01-16 21:02:27 -------- d-----w- c:\windows\EHome
2011-01-16 20:58:58 11264 ------w- c:\windows\system32\spnpinst.exe
2011-01-16 20:38:30 -------- d-----w- c:\windows\system32\PreInstall
2011-01-16 20:38:27 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2011-01-16 20:38:26 -------- d--h--w- c:\windows\$hf_mig$
2011-01-16 20:37:49 -------- d-----w- c:\windows\system32\bits
2011-01-16 20:37:22 8192 ------w- c:\windows\system32\bitsprx2.dll
2011-01-16 20:37:22 7168 ------w- c:\windows\system32\bitsprx3.dll
2011-01-16 20:37:22 438784 ----a-w- c:\windows\system32\xpob2res.dll
2011-01-16 20:37:22 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-01-16 20:37:22 18944 ----a-w- c:\windows\system32\qmgrprxy.dll
2011-01-16 20:35:38 217816 ----a-w- c:\windows\system32\wuaucpl.cpl
2011-01-16 20:35:38 21728 ----a-w- c:\windows\system32\wucltui.dll.mui
2011-01-16 20:35:38 17632 ----a-w- c:\windows\system32\wuaueng.dll.mui
2011-01-16 20:35:38 15072 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2011-01-16 20:35:38 15064 ----a-w- c:\windows\system32\wuapi.dll.mui
2011-01-16 20:22:44 -------- d-----w- c:\program files\CCleaner
2011-01-16 20:10:28 -------- d-----w- c:\program files\ESET
2011-01-16 20:08:34 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2011-01-16 20:08:34 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2011-01-16 20:08:31 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2011-01-16 20:03:41 -------- d-----w- c:\docume~1\donald~1\applic~1\Malwarebytes
2011-01-16 20:03:36 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-16 20:03:36 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-01-16 20:03:33 19288 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-16 20:03:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-16 19:52:17 388096 ----a-r- c:\docume~1\donald~1\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-01-16 19:52:16 -------- d-----w- c:\program files\Trend Micro
2011-01-16 19:50:24 -------- d-sh--w- c:\documents and settings\donald neighbor\UserData
2011-01-16 19:44:05 16128 -c--a-w- c:\windows\system32\dllcache\modemcsa.sys
2011-01-16 19:44:05 16128 ----a-w- c:\windows\system32\drivers\MODEMCSA.sys
2011-01-16 19:43:56 -------- d-----w- c:\program files\CONEXANT
2011-01-16 19:43:13 -------- d-----w- C:\WUTemp
2011-01-16 19:43:11 191488 ----a-w- c:\windows\system32\iuengine.dll
==================== Find3M ====================
2011-01-18 12:06:32 118784 ------r- c:\windows\bwUnin-7.2.0.137-8876480SL.exe
2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-09 14:52:35 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26:58 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec
2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys
============= FINISH: 9:08:39.56 ===============
 

dneighbor

Thread Starter
Joined
Dec 20, 2010
Messages
423
ComboFix 11-01-18.04 - Donald Neighbor 01/19/2011 8:56.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.958.768 [GMT -5:00]
Running from: c:\documents and settings\Donald Neighbor\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Search Toolbar
c:\program files\Search Toolbar\icon.ico
c:\program files\Search Toolbar\SearchToolbar.dll
c:\program files\Search Toolbar\SearchToolbarUninstall.exe
c:\program files\Search Toolbar\SearchToolbarUpdater.exe
c:\windows\system32\_003504_.tmp.dll
.
((((((((((((((((((((((((( Files Created from 2010-12-19 to 2011-01-19 )))))))))))))))))))))))))))))))
.
2011-01-16 19:43 . 2011-01-16 19:43 -------- d-----w- C:\WUTemp
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-09 14:52 . 2002-08-29 20:00 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-06 00:26 . 2002-08-29 20:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26 . 2002-08-29 20:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26 . 2002-08-29 20:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2002-08-29 20:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2002-08-29 20:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2002-08-29 20:00 1853312 ----a-w- c:\windows\system32\win32k.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2011-01-18 32768]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CARPService"="carpserv.exe" [2003-05-21 4608]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2011-1-18 450560]
[HKLM\~\startupfolder\C:^Documents and Settings^Donald Neighbor^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\documents and settings\Donald Neighbor\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2011-01-17 13:01 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4600:TCP"= 4600:TCP:hkuetcm
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/17/2011 8:01 AM 136176]
S2 qxqgvhib;Microsoft Installer;c:\windows\system32\svchost.exe -k netsvcs [8/29/2002 3:00 PM 14336]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
qxqgvhib
.
Contents of the 'Scheduled Tasks' folder
2011-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-17 13:01]
2011-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-17 13:01]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-CTFMON - (no file)
AddRemove-Search Toolbar - c:\program files\Search Toolbar\SearchToolbarUninstall.exe

**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-19 09:02
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\qxqgvhib]
"ServiceDll"="c:\windows\system32\etoljkyh.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2011-01-19 09:04:29
ComboFix-quarantined-files.txt 2011-01-19 14:04
Pre-Run: 71,492,796,416 bytes free
Post-Run: 71,527,444,480 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
- - End Of File - - 6A8642B76FC53A7C0496F2794A9A0DEB
 

dneighbor

Thread Starter
Joined
Dec 20, 2010
Messages
423
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-01-19 10:10:43
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 HTS721080G9AT00 rev.MC4OA51A
Running: 9rjnwm0t.exe; Driver: C:\DOCUME~1\DONALD~1\LOCALS~1\Temp\axkcqpoc.sys

---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\qxqgvhib\Parameters
Reg HKLM\SYSTEM\ControlSet002\Services\qxqgvhib\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet002\Services\[email protected] %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 0
Reg HKLM\SYSTEM\ControlSet002\Services\[email protected] 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 2
Reg HKLM\SYSTEM\ControlSet002\Services\[email protected] 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 32
Reg HKLM\SYSTEM\ControlSet002\Services\[email protected] 32
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\System32\svchost.exe[1044] NETAPI32.dll!NetpwPathCanonicalize 5B86A3A9 5 Bytes JMP 01E0AD74
.text C:\WINDOWS\System32\svchost.exe[1084] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes JMP 007AADDD
.text C:\WINDOWS\System32\svchost.exe[1044] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes JMP 01E0ADDD
---- Services - GMER 1.0.15 ----
Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] qxqgvhib <-- ROOTKIT !!!
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\qxqgvhib\[email protected] C:\WINDOWS\system32\etoljkyh.dll
Reg HKLM\SYSTEM\ControlSet002\Services\qxqgvhib\[email protected] C:\WINDOWS\system32\etoljkyh.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] LocalSystem
Reg HKLM\SYSTEM\ControlSet002\Services\[email protected] LocalSystem
Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] Manages network configuration by registering and updating IP addresses and DNS names.
Reg HKLM\SYSTEM\ControlSet002\Services\[email protected] Manages network configuration by registering and updating IP addresses and DNS names.
Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] Microsoft Installer
Reg HKLM\SYSTEM\ControlSet002\Services\[email protected] Microsoft Installer
---- System - GMER 1.0.15 ----
Code \??\C:\DOCUME~1\DONALD~1\LOCALS~1\Temp\catchme.sys pIofCallDriver
---- Kernel code sections - GMER 1.0.15 ----
? C:\DOCUME~1\DONALD~1\LOCALS~1\Temp\catchme.sys The system cannot find the file specified. !
? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS The system cannot find the file specified. !
? C:\DOCUME~1\DONALD~1\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !
---- EOF - GMER 1.0.15 ----
 

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,467
Hiya dneighbour,

You have a nasty Rootkit infection, please read the following before we go any further:

IMPORTANT NOTE: One or more of the identified infections was related to a rootkit component. Rootkits and Backdoor Trojans are very dangerous because they use advanced techniques (backdoors) as a means of accessing a computer system that bypasses security mechanisms and steal sensitive information which they send back to the hacker. Many rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. Remote attackers use backdoor Trojans and rootkits as part of an exploit to gain unauthorized access to a computer and take control of it without your knowledge.

If your computer was used for online banking, has credit card information or other sensitive data on it, all passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums. You should consider them to be compromised. They should be changed by using a different computer and not the infected one. If not, an attacker may get the new passwords and transaction information. Banking and credit card institutions should be notified of the possible security breach. Because your computer was compromised please read "How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?"

Although we MIGHT be able to remove the rootkit, your PC has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume that IF the rootkit can be removed the computer will then be secure.

In some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired. The malware may leave so many remnants behind that security tools cannot find them. Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:

• "When should I re-format? How should I reinstall?"
• "Help: I Got Hacked. Now What Do I Do?"
• "Where to draw the line? When to recommend a format and reinstall?"

Should you decide not to follow that advice, we will do our best to help clean the computer of any infections but we cannot guarantee it to be trustworthy or that the removal will be successful.

If you wish to proceed continue as follows :-

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the Codebox below into it:

Code:
KillAll::
File::
c:\windows\system32\etoljkyh.dll
Driver::
qxqgvhib
NetSvc::
qxqgvhib
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List]
"4600:TCP"=-
RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_Ac tiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
Save this as CFScript.txt, in the same location as ComboFix.exe





Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Kevin
 

dneighbor

Thread Starter
Joined
Dec 20, 2010
Messages
423
Kevin,
Thank You I have to leave for Church right now but as soon as I get back I will copy and paste that. Thank You Don
 

dneighbor

Thread Starter
Joined
Dec 20, 2010
Messages
423
ComboFix 11-01-22.03 - Donald Neighbor 01/23/2011 8:36.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.958.762 [GMT -5:00]
Running from: c:\documents and settings\Donald Neighbor\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Donald Neighbor\Desktop\CFScript.txt
* Created a new restore point
FILE ::
"c:\windows\system32\etoljkyh.dll"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\etoljkyh.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_QXQGVHIB
-------\Service_qxqgvhib

((((((((((((((((((((((((( Files Created from 2010-12-23 to 2011-01-23 )))))))))))))))))))))))))))))))
.
2011-01-16 19:43 . 2011-01-16 19:43 -------- d-----w- C:\WUTemp
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-09 14:52 . 2002-08-29 20:00 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-06 00:26 . 2002-08-29 20:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26 . 2002-08-29 20:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26 . 2002-08-29 20:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2002-08-29 20:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2002-08-29 20:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2002-08-29 20:00 1853312 ----a-w- c:\windows\system32\win32k.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2011-01-18 32768]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CARPService"="carpserv.exe" [2003-05-21 4608]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 488984]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 774168]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2011-1-18 450560]
[HKLM\~\startupfolder\C:^Documents and Settings^Donald Neighbor^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\documents and settings\Donald Neighbor\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2011-01-17 13:01 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4600:TCP"= 4600:TCP:hkuetcm
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/17/2011 8:01 AM 136176]
.
Contents of the 'Scheduled Tasks' folder
2011-01-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-17 13:01]
2011-01-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-17 13:01]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = iexplore
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Donald Neighbor\Application Data\Mozilla\Firefox\Profiles\1spzsois.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-23 08:44
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(716)
c:\windows\System32\l3codeca.acm
- - - - - - - > 'explorer.exe'(4508)
c:\windows\system32\WININET.dll
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
c:\docume~1\DONALD~1\LOCALS~1\Temp\IadHide5.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\System32\l3codeca.acm
.
------------------------ Other Running Processes ------------------------
.
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\carpserv.exe
c:\program files\Common Files\LogiShrd\LComMgr\LVComSX.exe
c:\windows\SoftwareDistribution\Download\Install\dotnetfx35_x86.exe
c:\66e207093166ca3a89d4a4754a655d\dotnetfx35setup.exe
c:\b75f48b55223fd689ec9486a235c58c5\setup.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
c:\windows\system32\msiexec.exe
.
**************************************************************************
.
Completion time: 2011-01-23 08:48:17 - machine was rebooted
ComboFix-quarantined-files.txt 2011-01-23 13:48
ComboFix2.txt 2011-01-19 14:04
Pre-Run: 70,990,196,736 bytes free
Post-Run: 70,862,241,792 bytes free
- - End Of File - - FE1F04DB45D3F702DF33750DE6730250
 

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,467
Hiya Don,

How is your system responding now, any better? Proceed as follows :-

Step 1

Run ESET Online Scan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the
    button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on
    to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the
    icon on your desktop.
  • Check
  • Click the
    button.
  • Accept any security warnings from your browser.
  • Check
  • Leave the tick out of remove found threats
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push
  • Push
    , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the
    button.
  • Push
You can refer to this animation by neomage if needed.
Frequently asked questions available Here Please read them before running the scan.

Also be aware this scan can take between one and several hours to complete depending on the size of your system.

I see you`ve already got ESET onboard, just use the above for the settings.

Step 2

Re-open HJT carry out a scan and save the log file.

Post the logs from ESET and HJT in your reply. Also give update on symptoms, any changes?

Kevin
 

dneighbor

Thread Starter
Joined
Dec 20, 2010
Messages
423
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:51:47 PM, on 1/23/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1295210089418
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: bw+0 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
--
End of file - 18073 bytes
 

dneighbor

Thread Starter
Joined
Dec 20, 2010
Messages
423
C:\Qoobox\Quarantine\C\WINDOWS\system32\_etoljkyh_.dll.zip a variant of Win32/Conficker.X worm
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top