1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Firefox Hijacked

Discussion in 'Virus & Other Malware Removal' started by gtjlz, Mar 6, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. gtjlz

    gtjlz Thread Starter

    Joined:
    Mar 6, 2011
    Messages:
    15
    It seems as if my Firefox has been hijacked. I get redirected to places like flurrysearch and others. Windows XPSP2 I did get a virus a couple of weeks ago, which I eliminated a lot of with Spyware Dr. - but Kaspersky and Spyware Doctor can't seem to find what is hijacking my browser. I'm not very techie, so any help is much appreciated! Thank you.

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 11:33:17 AM, on 3/6/2011
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
    C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
    C:\Program Files\Common Files\InterVations\dbsrvnt.exe
    C:\Documents and Settings\Julie\Local Settings\Apps\2.0\LK7P3BTD.HAY\XJPW76RG.GP3\elsi..tion_4c6039112b69d4b5_0001.0005_8dc36f84962c02b4\Elsinore.ScreenConnect.GuestService.exe
    C:\Documents and Settings\Julie\Local Settings\Apps\2.0\LK7P3BTD.HAY\XJPW76RG.GP3\elsi..tion_4c6039112b69d4b5_0001.0005_8dc36f84962c02b4\Elsinore.ScreenConnect.GuestService.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\PurgeIE\PurgeIE_Service.exe
    C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    C:\Program Files\Spyware Doctor\pctsAuxs.exe
    C:\Program Files\Spyware Doctor\pctsSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
    C:\Program Files\Dantz\Retrospect 7.0\retrorun.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\msdtc.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe
    C:\Program Files\Spyware Doctor\pctsTray.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\PROGRA~1\DATACA~1\FLashKsk.exe
    C:\Program Files\IPEVO\free.2\free.2.exe
    C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
    C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Documents and Settings\Gala\Desktop\HijackThis.exe
    C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/mywaybiz
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [DataCaching] C:\PROGRA~1\DATACA~1\FLashKsk.exe
    O4 - HKLM\..\Run: [free.2] "C:\Program Files\IPEVO\free.2\free.2.exe"
    O4 - HKLM\..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10k_Plugin.exe -update plugin
    O4 - HKUS\S-1-5-21-3772008097-2017062998-1455893959-1008\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Gala')
    O4 - HKUS\S-1-5-21-3772008097-2017062998-1455893959-1008\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Gala')
    O4 - HKUS\S-1-5-21-3772008097-2017062998-1455893959-1008\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized (User 'Gala')
    O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\PROGRA~1\MOZILL~1\plugins\GetFlash.exe -p (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\PROGRA~1\MOZILL~1\plugins\GetFlash.exe -p (User 'Default user')
    O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O18 - Protocol: intu-help-qb2 - {84D77A00-41B5-4B8B-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
    O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
    O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Kaspersky Internet Security (avp) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
    O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
    O23 - Service: InterVations Database Server (dbsrv) - InterVations, Inc. - C:\Program Files\Common Files\InterVations\dbsrvnt.exe
    O23 - Service: Elsinore ScreenConnect Guest Service 3b19a49f-a089-464b-8311-b724822dfdd1 - Elsinore Technologies Inc. - C:\Documents and Settings\Julie\Local Settings\Apps\2.0\LK7P3BTD.HAY\XJPW76RG.GP3\elsi..tion_4c6039112b69d4b5_0001.0005_8dc36f84962c02b4\Elsinore.ScreenConnect.GuestService.exe
    O23 - Service: Elsinore ScreenConnect Guest Service 5b7f48fc-d9bd-4c9f-b4e4-0c137f8b07a4 - Elsinore Technologies Inc. - C:\Documents and Settings\Julie\Local Settings\Apps\2.0\LK7P3BTD.HAY\XJPW76RG.GP3\elsi..tion_4c6039112b69d4b5_0001.0005_8dc36f84962c02b4\Elsinore.ScreenConnect.GuestService.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: PurgeIE XP Service (PurgeIEservice) - Assistance & Resources for Computing, Inc. - C:\Program Files\PurgeIE\PurgeIE_Service.exe
    O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
    O23 - Service: Retrospect Launcher (RetroLauncher) - EMC Dantz - C:\Program Files\Dantz\Retrospect 7.0\retrorun.exe
    O23 - Service: Retrospect Helper - EMC Dantz - C:\Program Files\Dantz\Retrospect 7.0\rthlpsvc.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: ThreatFire - PC Tools - C:\Program Files\Spyware Doctor\TFEngine\TFService.exe

    --
    End of file - 11431 bytes




    .
    DDS (Ver_11-03-05.01) - NTFSx86
    Run by Gala at 11:52:51.89 on Sun 03/06/2011
    Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_17
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.877 [GMT -8:00]
    .
    AV: Kaspersky Internet Security *Enabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
    FW: Kaspersky Internet Security *Enabled*
    .
    ============== Running Processes ===============
    .
    SVCHOST.EXE
    SVCHOST.EXE
    SVCHOST.EXE
    SVCHOST.EXE
    SVCHOST.EXE
    SVCHOST.EXE
    SVCHOST.EXE
    SVCHOST.EXE
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe
    C:\Program Files\Spyware Doctor\pctsTray.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\PROGRA~1\DATACA~1\FLashKsk.exe
    C:\Program Files\IPEVO\free.2\free.2.exe
    C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Documents and Settings\Gala\Desktop\dds.scr
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uDefault_Page_URL = hxxp://www.dell4me.com/mywaybiz
    mDefault_Page_URL = hxxp://www.dell4me.com/mywaybiz
    mStart Page = hxxp://www.dell4me.com/mywaybiz
    uInternet Connection Wizard,ShellNext = hxxp://us.mcafee.com/root/redirects/support.asp?affid=105-36&dtag=9dqc071
    uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
    uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
    BHO: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
    BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2010\ievkbd.dll
    BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
    TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
    EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [Skype] "c:\program files\skype\\phone\Skype.exe" /nosplash /minimized
    mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
    mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
    mRun: [igfxtray] c:\windows\system32\igfxtray.exe
    mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
    mRun: [igfxpers] c:\windows\system32\igfxpers.exe
    mRun: [DataCaching] c:\progra~1\dataca~1\FLashKsk.exe
    mRun: [free.2] "c:\program files\ipevo\free.2\free.2.exe"
    mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
    mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [mmtask] c:\program files\musicmatch\musicmatch jukebox\mmtask.exe
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
    mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
    dRunOnce: [FlashPlayerUpdate] c:\progra~1\mozill~1\plugins\GetFlash.exe -p
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
    IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2010\ie_banner_deny.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
    LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
    DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc2.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2009\HelpAsyncPluggableProtocol.dll
    Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: igfxcui - igfxdev.dll
    Notify: klogon - c:\windows\system32\klogon.dll
    AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll,c:\progra~1\kasper~1\kasper~1\kloehk.dll
    SEH: Eudora's Shell Extension: {edb0e980-90bd-11d4-8599-0008c7d3b6f8} - c:\program files\qualcomm\eudora\EuShlExt.dll
    SecurityProviders: rpasspc.dll, msapsspc.dll,schannel.dll,digest.dll,msnsspc.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\docume~1\gala\applic~1\mozilla\firefox\profiles\9w1j5vmh.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
    FF - component: c:\documents and settings\gala\application data\mozilla\firefox\profiles\9w1j5vmh.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
    FF - component: c:\documents and settings\gala\application data\mozilla\firefox\profiles\9w1j5vmh.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
    FF - component: c:\documents and settings\gala\application data\mozilla\firefox\profiles\9w1j5vmh.default\extensions\[email protected]\components\Shim.dll
    FF - component: c:\program files\mozilla firefox\extensions\[email protected]\components\KavLinkFilter.dll
    FF - plugin: c:\documents and settings\gala\application data\facebook\npfbplugin_1_0_3.dll
    FF - plugin: c:\documents and settings\gala\application data\mozilla\firefox\profiles\9w1j5vmh.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
    FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
    FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\program files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
    FF - Ext: The Browser Highlighter: [email protected] - c:\program files\mozilla firefox\extensions\[email protected]
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - Ext: Kaspersky URL Advisor: [email protected] - c:\program files\mozilla firefox\extensions\[email protected]
    FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: The Browser Highlighter: [email protected] - %profile%\extensions\[email protected]
    FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: Java Quick Starter: [email protected] - c:\program files\java\jre6\lib\deploy\jqs\ff
    FF - Ext: XULRunner: {63E05FB2-1BA3-4DE2-9BAF-600A92074E9B} - c:\documents and settings\gala\local settings\application data\{63E05FB2-1BA3-4DE2-9BAF-600A92074E9B}
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880]
    R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-12-28 218592]
    R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2010-12-28 51984]
    R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2010-12-28 59664]
    R1 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2009-9-1 128016]
    R1 klif;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2009-10-14 315408]
    R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2010-12-28 233136]
    R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-8-4 14336]
    R2 avp;Kaspersky Internet Security;c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe -r --> c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe -r [?]
    R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-12-28 112592]
    R2 dbsrv;InterVations Database Server;c:\program files\common files\intervations\dbsrvnt.exe [2008-7-23 1520920]
    R2 Elsinore ScreenConnect Guest Service 3b19a49f-a089-464b-8311-b724822dfdd1;Elsinore ScreenConnect Guest Service 3b19a49f-a089-464b-8311-b724822dfdd1;"c:\documents and settings\julie\local settings\apps\2.0\lk7p3btd.hay\xjpw76rg.gp3\elsi..tion_4c6039112b69d4b5_0001.0005_8dc36f84962c02b4\elsinore.screenconnect.guestservice.exe" run ?y=guest&h=support.intervations.com&p=8041&s=3b19a49f-a089-464b-8311-b724822dfdd1&t=support3&k=fqmamb3et%2fzob8pdx4xmhg%3d%3d 1968 --> c:\documents and settings\julie\local settings\apps\2.0\lk7p3btd.hay\xjpw76rg.gp3\elsi..tion_4c6039112b69d4b5_0001.0005_8dc36f84962c02b4\Elsinore.ScreenConnect.GuestService.exe [?]
    R2 Elsinore ScreenConnect Guest Service 5b7f48fc-d9bd-4c9f-b4e4-0c137f8b07a4;Elsinore ScreenConnect Guest Service 5b7f48fc-d9bd-4c9f-b4e4-0c137f8b07a4;"c:\documents and settings\julie\local settings\apps\2.0\lk7p3btd.hay\xjpw76rg.gp3\elsi..tion_4c6039112b69d4b5_0001.0005_8dc36f84962c02b4\elsinore.screenconnect.guestservice.exe" run ?y=guest&h=support.intervations.com&p=8041&s=5b7f48fc-d9bd-4c9f-b4e4-0c137f8b07a4&t=support3&k=33ahndtukzx%2fdasxywynwa%3d%3d 3844 --> c:\documents and settings\julie\local settings\apps\2.0\lk7p3btd.hay\xjpw76rg.gp3\elsi..tion_4c6039112b69d4b5_0001.0005_8dc36f84962c02b4\Elsinore.ScreenConnect.GuestService.exe [?]
    R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-12-28 366840]
    R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-12-28 1142224]
    R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2007-12-13 32272]
    R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-10-2 19472]
    R3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2010-12-28 63360]
    R3 SNXUAAAF;Sonix USB Audio Filter Driver;c:\windows\system32\drivers\SNXUAAAF.sys [2008-4-30 13111]
    R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2010-12-28 33552]
    R3 ThreatFire;ThreatFire;c:\program files\spyware doctor\tfengine\tfservice.exe service --> c:\program files\spyware doctor\tfengine\TFService.exe service [?]
    S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-6 135664]
    S4 QuickBooksDB19;QuickBooksDB19;c:\progra~1\intuit\quickb~3\qbdbmgrn.exe -hvquickbooksdb19 --> c:\progra~1\intuit\quickb~3\QBDBMgrN.exe -hvQuickBooksDB19 [?]
    .
    =============== Created Last 30 ================
    .
    2011-02-14 19:18:55 -------- d-----w- c:\docume~1\gala\locals~1\applic~1\Threat Expert
    .
    ==================== Find3M ====================
    .
    .
    ============= FINISH: 12:00:16.70 ===============



    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit quick scan 2011-03-06 12:09:39
    Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Maxtor_6Y080L0 rev.YAR41BW0
    Running: nn1c4wbv.exe; Driver: C:\DOCUME~1\Julie\LOCALS~1\Temp\pwtdypow.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateKey [0xB0564ECA]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateValueKey [0xB0564F74]

    Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) FsRtlCheckLockForReadAccess
    Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) IoIsOperationSynchronous

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs TfFsMon.sys (ThreatFire Filesystem Monitor/PC Tools)
    AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\Fastfat \Fat TfFsMon.sys (ThreatFire Filesystem Monitor/PC Tools)
    AttachedDevice \Driver\Tcpip \Device\Ip pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)
    AttachedDevice \Driver\Tcpip \Device\Ip kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
    AttachedDevice \Driver\Tcpip \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
    AttachedDevice \Driver\Tcpip \Device\Tcp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)
    AttachedDevice \Driver\Tcpip \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
    AttachedDevice \Driver\Tcpip \Device\Udp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)
    AttachedDevice \Driver\Tcpip \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
    AttachedDevice \Driver\Tcpip \Device\RawIp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)

    ---- EOF - GMER 1.0.15 ----
     

    Attached Files:

  2. gtjlz

    gtjlz Thread Starter

    Joined:
    Mar 6, 2011
    Messages:
    15
    bump
     
  3. Blade81

    Blade81 Malware Specialist

    Joined:
    Oct 27, 2006
    Messages:
    915
    Hi,

    If help still needed post fresh dds logs, please. Also let me know if the issue occurs with Internet Explorer too.
     
  4. gtjlz

    gtjlz Thread Starter

    Joined:
    Mar 6, 2011
    Messages:
    15
    Thank you Blade 81!

    Yes, this occurs with Internet Explorer as well.

    The dds.txt

    .
    DDS (Ver_11-03-05.01) - NTFSx86
    Run by Gala at 12:50:10.60 on Sat 03/19/2011
    Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_17
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1103 [GMT -7:00]
    .
    AV: Kaspersky Internet Security *Enabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
    FW: Kaspersky Internet Security *Enabled*
    .
    ============== Running Processes ===============
    .
    SVCHOST.EXE
    SVCHOST.EXE
    SVCHOST.EXE
    SVCHOST.EXE
    SVCHOST.EXE
    SVCHOST.EXE
    SVCHOST.EXE
    SVCHOST.EXE
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\PROGRA~1\DATACA~1\FLashKsk.exe
    C:\Program Files\IPEVO\free.2\free.2.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
    C:\Program Files\Spyware Doctor\pctsTray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Documents and Settings\Gala\Desktop\dds.scr
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uDefault_Page_URL = hxxp://www.dell4me.com/mywaybiz
    mDefault_Page_URL = hxxp://www.dell4me.com/mywaybiz
    mStart Page = hxxp://www.dell4me.com/mywaybiz
    uInternet Connection Wizard,ShellNext = hxxp://us.mcafee.com/root/redirects/support.asp?affid=105-36&dtag=9dqc071
    uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
    uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
    BHO: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
    BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2010\ievkbd.dll
    BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
    TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
    EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [Skype] "c:\program files\skype\\phone\Skype.exe" /nosplash /minimized
    mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
    mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
    mRun: [igfxtray] c:\windows\system32\igfxtray.exe
    mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
    mRun: [igfxpers] c:\windows\system32\igfxpers.exe
    mRun: [DataCaching] c:\progra~1\dataca~1\FLashKsk.exe
    mRun: [free.2] "c:\program files\ipevo\free.2\free.2.exe"
    mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
    mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
    mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
    dRunOnce: [FlashPlayerUpdate] c:\progra~1\mozill~1\plugins\GetFlash.exe -p
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
    IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2010\ie_banner_deny.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
    LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
    DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc2.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2009\HelpAsyncPluggableProtocol.dll
    Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: igfxcui - igfxdev.dll
    Notify: klogon - c:\windows\system32\klogon.dll
    AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll,c:\progra~1\kasper~1\kasper~1\kloehk.dll
    SEH: Eudora's Shell Extension: {edb0e980-90bd-11d4-8599-0008c7d3b6f8} - c:\program files\qualcomm\eudora\EuShlExt.dll
    SecurityProviders: rpasspc.dll, msapsspc.dll,schannel.dll,digest.dll,msnsspc.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\docume~1\gala\applic~1\mozilla\firefox\profiles\9w1j5vmh.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
    FF - component: c:\documents and settings\gala\application data\mozilla\firefox\profiles\9w1j5vmh.default\extensions\[email protected]\components\Shim.dll
    FF - component: c:\program files\mozilla firefox\extensions\[email protected]\components\KavLinkFilter.dll
    FF - plugin: c:\documents and settings\gala\application data\facebook\npfbplugin_1_0_3.dll
    FF - plugin: c:\documents and settings\gala\application data\mozilla\firefox\profiles\9w1j5vmh.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
    FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
    FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
    FF - Ext: The Browser Highlighter: [email protected] - c:\program files\mozilla firefox\extensions\[email protected]
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - Ext: Kaspersky URL Advisor: [email protected] - c:\program files\mozilla firefox\extensions\[email protected]
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: The Browser Highlighter: [email protected] - %profile%\extensions\[email protected]
    FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: Java Quick Starter: [email protected] - c:\program files\java\jre6\lib\deploy\jqs\ff
    FF - Ext: XULRunner: {63E05FB2-1BA3-4DE2-9BAF-600A92074E9B} - c:\documents and settings\gala\local settings\application data\{63E05FB2-1BA3-4DE2-9BAF-600A92074E9B}
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880]
    R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-12-28 218592]
    R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2010-12-28 51984]
    R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2010-12-28 59664]
    R1 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2009-9-1 128016]
    R1 klif;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2009-10-14 315408]
    R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2010-12-28 233136]
    R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-8-4 14336]
    R2 avp;Kaspersky Internet Security;c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe -r --> c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe -r [?]
    R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-12-28 112592]
    R2 dbsrv;InterVations Database Server;c:\program files\common files\intervations\dbsrvnt.exe [2008-7-23 1520920]
    R2 Elsinore ScreenConnect Guest Service 3b19a49f-a089-464b-8311-b724822dfdd1;Elsinore ScreenConnect Guest Service 3b19a49f-a089-464b-8311-b724822dfdd1;"c:\documents and settings\julie\local settings\apps\2.0\lk7p3btd.hay\xjpw76rg.gp3\elsi..tion_4c6039112b69d4b5_0001.0005_8dc36f84962c02b4\elsinore.screenconnect.guestservice.exe" run ?y=guest&h=support.intervations.com&p=8041&s=3b19a49f-a089-464b-8311-b724822dfdd1&t=support3&k=fqmamb3et%2fzob8pdx4xmhg%3d%3d 1968 --> c:\documents and settings\julie\local settings\apps\2.0\lk7p3btd.hay\xjpw76rg.gp3\elsi..tion_4c6039112b69d4b5_0001.0005_8dc36f84962c02b4\Elsinore.ScreenConnect.GuestService.exe [?]
    R2 Elsinore ScreenConnect Guest Service 5b7f48fc-d9bd-4c9f-b4e4-0c137f8b07a4;Elsinore ScreenConnect Guest Service 5b7f48fc-d9bd-4c9f-b4e4-0c137f8b07a4;"c:\documents and settings\julie\local settings\apps\2.0\lk7p3btd.hay\xjpw76rg.gp3\elsi..tion_4c6039112b69d4b5_0001.0005_8dc36f84962c02b4\elsinore.screenconnect.guestservice.exe" run ?y=guest&h=support.intervations.com&p=8041&s=5b7f48fc-d9bd-4c9f-b4e4-0c137f8b07a4&t=support3&k=33ahndtukzx%2fdasxywynwa%3d%3d 3844 --> c:\documents and settings\julie\local settings\apps\2.0\lk7p3btd.hay\xjpw76rg.gp3\elsi..tion_4c6039112b69d4b5_0001.0005_8dc36f84962c02b4\Elsinore.ScreenConnect.GuestService.exe [?]
    R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-12-28 366840]
    R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-12-28 1142224]
    R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2007-12-13 32272]
    R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-10-2 19472]
    R3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2010-12-28 63360]
    R3 SNXUAAAF;Sonix USB Audio Filter Driver;c:\windows\system32\drivers\SNXUAAAF.sys [2008-4-30 13111]
    R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2010-12-28 33552]
    R3 ThreatFire;ThreatFire;c:\program files\spyware doctor\tfengine\tfservice.exe service --> c:\program files\spyware doctor\tfengine\TFService.exe service [?]
    S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-6 135664]
    S4 QuickBooksDB19;QuickBooksDB19;c:\progra~1\intuit\quickb~3\qbdbmgrn.exe -hvquickbooksdb19 --> c:\progra~1\intuit\quickb~3\QBDBMgrN.exe -hvQuickBooksDB19 [?]
    .
    =============== Created Last 30 ================
    .
    .
    ==================== Find3M ====================
    .
    .
    ============= FINISH: 12:57:33.46 ===============
     

    Attached Files:

  5. Blade81

    Blade81 Malware Specialist

    Joined:
    Oct 27, 2006
    Messages:
    915
    Hi


    Please visit this webpage for download links, and instructions for running ComboFix tool:

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    Please ensure you read this guide carefully first.

    Please continue as follows:


    1. [*]Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
      Remember to re-enable them afterwards.

    2. Click Yes to allow ComboFix to continue scanning for malware.

    When the tool is finished, it will produce a report for you.

    Please include the following reports for further review, and so we may continue cleansing the system:

    C:\ComboFix.txt
    New dds log.


    A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
     
  6. gtjlz

    gtjlz Thread Starter

    Joined:
    Mar 6, 2011
    Messages:
    15
    Thank you , Blade81.
    I downloaded Combofix
    Disabled Kaspersky
    Spyware Doctor
    SpyBot
    LavaSoft folder was empty, so I don't think I have Ad-Aware any longer (I used to...)
    When I double Clicked ComboFix, I got the little loading box, then a windows error message came up "Windows cannot end C:\32788R22FWJFW\PEV.exe"
    I tried downloading ComboFix again, as I thought it may have expired? (It took me over 10 minutes to disable the anti-virus/malware)
    Tried also to run ComboFix as Administrator - still the same error message.
     
  7. Blade81

    Blade81 Malware Specialist

    Joined:
    Oct 27, 2006
    Messages:
    915
    Hi,

    Try to run ComboFix in safe mode (ensuring protection software is again disabled).
     
  8. gtjlz

    gtjlz Thread Starter

    Joined:
    Mar 6, 2011
    Messages:
    15
    Okay, I've been able to run it in safe mode - but ComboFix is now hung up. It got through all 50 stages in less than 10 minutes - then rebooted the machine (not in safe mode). When the machine rebooted Skype came up - I closed it. ComboFix is running, but has not posted a log, and it''s been over 30 minutes since the reboot.
     
  9. gtjlz

    gtjlz Thread Starter

    Joined:
    Mar 6, 2011
    Messages:
    15
    Ooops, never mind - it's now posting a log!
     
  10. gtjlz

    gtjlz Thread Starter

    Joined:
    Mar 6, 2011
    Messages:
    15
    The ComboFix Log!

    ComboFix 11-03-21.01 - Julieadmin 03/21/2011 18:04:29.1.2 - x86 MINIMAL
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1795 [GMT -7:00]
    Running from: c:\documents and settings\Julie\Desktop\ComboFix.exe
    AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
    FW: Kaspersky Internet Security *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
    .
    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files\MyWaySA
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-02-22 to 2011-03-22 )))))))))))))))))))))))))))))))
    .
    .
    No new files created in this timespan
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-12-28 23:03 . 2010-12-28 22:51 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
    2010-12-28 23:03 . 2010-12-28 22:51 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-18 149280]
    "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
    "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
    "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
    "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
    "DataCaching"="c:\progra~1\DATACA~1\FLashKsk.exe" [2001-11-28 262144]
    "free.2"="c:\program files\IPEVO\free.2\free.2.exe" [2007-03-02 528384]
    "Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2009-12-22 1092872]
    "UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-06 413696]
    "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 57344]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2010-12-28 1287120]
    "avp"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2010-08-18 340520]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2010-2-2 984352]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= "c:\program files\Qualcomm\Eudora\EuShlExt.dll" [2005-11-15 86016]
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders rpasspc.dll, msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\WINDOWS\\SYSTEM32\\USMT\\MIGWIZ.EXE"=
    "c:\\Program Files\\Dantz\\Retrospect 7.0\\Retrospect.exe"=
    "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    "c:\\Program Files\\MailCOPA\\mailcopa.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\kav\\kav7\\setup.exe"=
    "c:\\Program Files\\Intuit\\QuickBooks 2009\\QBDBMgrN.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "7491:TCP"= 7491:TCP:MailCOPA Inter-Process Communication
    "7492:TCP"= 7492:TCP:InterVations Database Server (TCP)
    "7492:UDP"= 7492:UDP:InterVations Database Server (UDP)
    "1036:TCP"= 1036:TCP:Akamai NetSession Interface
    "5000:UDP"= 5000:UDP:Akamai NetSession Interface
    .
    R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\SYSTEM32\DRIVERS\klbg.sys [10/14/2009 10:18 PM 36880]
    R0 PCTCore;PCTools KDS;c:\windows\SYSTEM32\DRIVERS\PCTCore.sys [12/28/2010 3:51 PM 218592]
    R0 TfFsMon;TfFsMon;c:\windows\SYSTEM32\DRIVERS\TfFsMon.sys [12/28/2010 5:19 PM 51984]
    R0 TfSysMon;TfSysMon;c:\windows\SYSTEM32\DRIVERS\TfSysMon.sys [12/28/2010 5:19 PM 59664]
    R1 pctgntdi;pctgntdi;c:\windows\SYSTEM32\DRIVERS\pctgntdi.sys [12/28/2010 3:52 PM 233136]
    R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/4/2004 4:00 AM 14336]
    R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [12/28/2010 3:59 PM 112592]
    R2 dbsrv;InterVations Database Server;c:\program files\Common Files\InterVations\dbsrvnt.exe [7/23/2008 3:23 PM 1520920]
    R2 Elsinore ScreenConnect Guest Service 3b19a49f-a089-464b-8311-b724822dfdd1;Elsinore ScreenConnect Guest Service 3b19a49f-a089-464b-8311-b724822dfdd1;c:\documents and settings\Julie\Local Settings\Apps\2.0\LK7P3BTD.HAY\XJPW76RG.GP3\elsi..tion_4c6039112b69d4b5_0001.0005_8dc36f84962c02b4\Elsinore.ScreenConnect.GuestService.exe [1/18/2010 11:18 AM 39760]
    R2 Elsinore ScreenConnect Guest Service 5b7f48fc-d9bd-4c9f-b4e4-0c137f8b07a4;Elsinore ScreenConnect Guest Service 5b7f48fc-d9bd-4c9f-b4e4-0c137f8b07a4;c:\documents and settings\Julie\Local Settings\Apps\2.0\LK7P3BTD.HAY\XJPW76RG.GP3\elsi..tion_4c6039112b69d4b5_0001.0005_8dc36f84962c02b4\Elsinore.ScreenConnect.GuestService.exe [1/18/2010 11:18 AM 39760]
    R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [12/28/2010 3:51 PM 366840]
    R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\SYSTEM32\DRIVERS\klim5.sys [12/13/2007 2:28 PM 32272]
    R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\SYSTEM32\DRIVERS\klmouflt.sys [10/2/2009 8:39 PM 19472]
    R3 pctplsg;pctplsg;c:\windows\SYSTEM32\DRIVERS\pctplsg.sys [12/28/2010 3:51 PM 63360]
    R3 SNXUAAAF;Sonix USB Audio Filter Driver;c:\windows\SYSTEM32\DRIVERS\SNXUAAAF.sys [4/30/2008 9:40 AM 13111]
    R3 TfNetMon;TfNetMon;c:\windows\SYSTEM32\DRIVERS\TfNetMon.sys [12/28/2010 5:19 PM 33552]
    R3 ThreatFire;ThreatFire;c:\program files\Spyware Doctor\TFEngine\TFService.exe service --> c:\program files\Spyware Doctor\TFEngine\TFService.exe service [?]
    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/6/2010 11:59 AM 135664]
    S4 QuickBooksDB19;QuickBooksDB19;c:\progra~1\Intuit\QUICKB~3\QBDBMgrN.exe -hvQuickBooksDB19 --> c:\progra~1\Intuit\QUICKB~3\QBDBMgrN.exe -hvQuickBooksDB19 [?]
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - PCTSDInjDriver32
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    Akamai REG_MULTI_SZ Akamai
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-03-22 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-03-27 17:07]
    .
    2011-03-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 18:59]
    .
    2011-03-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 18:59]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    mStart Page = hxxp://www.dell4me.com/mywaybiz
    IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
    Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
    FF - ProfilePath - c:\documents and settings\Julie\Application Data\Mozilla\Firefox\Profiles\z0tq1x9f.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - Ext: Kaspersky URL Advisor: [email protected] - c:\program files\Mozilla Firefox\extensions\[email protected]
    FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKLM-Run-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
    HKU-Default-RunOnce-FlashPlayerUpdate - c:\progra~1\MOZILL~1\plugins\GetFlash.exe
    AddRemove-CS30DeinstKey - c:\cserve~1.2\CS3\DeIsL1.isu
    AddRemove-ONEWORLD - c:\progra~1\ONEWOR~1\Unwise32.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-03-21 18:22
    Windows 5.1.2600 Service Pack 2 NTFS
    .
    detected NTDLL code modification:
    ZwClose
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(1020)
    c:\program files\Spyware Doctor\TFEngine\TFWAH.dll
    c:\program files\Spyware Doctor\TFEngine\TFNI.dll
    c:\program files\Spyware Doctor\TFEngine\TFMon.dll
    c:\program files\Spyware Doctor\TFEngine\TFRK.dll
    .
    - - - - - - - > 'lsass.exe'(1076)
    c:\windows\system32\rpasspc.dll
    c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
    c:\program files\Spyware Doctor\TFEngine\TFWAH.dll
    .
    - - - - - - - > 'explorer.exe'(984)
    c:\program files\Spyware Doctor\pctgmhk.dll
    c:\program files\Spyware Doctor\TFEngine\TfWah.dll
    c:\windows\system32\WS2_32.dll
    c:\windows\system32\WS2HELP.dll
    c:\windows\system32\WSOCK32.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\program files\PurgeIE\PurgeIE_Service.exe
    c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    c:\program files\Dantz\Retrospect 7.0\retrorun.exe
    c:\program files\Spyware Doctor\pctsSvc.exe
    c:\windows\system32\wdfmgr.exe
    c:\windows\system32\wscntfy.exe
    c:\program files\Spyware Doctor\TFEngine\TFService.exe
    c:\program files\Java\jre6\bin\jucheck.exe
    c:\windows\system32\taskmgr.exe
    c:\program files\Skype\Phone\Skype.exe
    .
    **************************************************************************
    .
    Completion time: 2011-03-21 18:50:44 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-03-22 01:50
    .
    Pre-Run: 39,181,426,688 bytes free
    Post-Run: 37,523,841,024 bytes free
    .
    - - End Of File - - 670EC8DE2C104B475C7B9C1B031154B1
     
  11. Blade81

    Blade81 Malware Specialist

    Joined:
    Oct 27, 2006
    Messages:
    915
    Hi,

    Post fresh dds.txt log too.
     
  12. gtjlz

    gtjlz Thread Starter

    Joined:
    Mar 6, 2011
    Messages:
    15
    Here you go!

    .
    DDS (Ver_11-03-05.01) - NTFSx86
    Run by Gala at 7:11:27.87 on Tue 03/22/2011
    Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_17
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1164 [GMT -7:00]
    .
    AV: Kaspersky Internet Security *Enabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
    FW: Kaspersky Internet Security *Enabled*
    .
    ============== Running Processes ===============
    .
    SVCHOST.EXE
    SVCHOST.EXE
    SVCHOST.EXE
    SVCHOST.EXE
    SVCHOST.EXE
    SVCHOST.EXE
    SVCHOST.EXE
    SVCHOST.EXE
    C:\Program Files\Spyware Doctor\pctsTray.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\PROGRA~1\DATACA~1\FLashKsk.exe
    C:\Program Files\IPEVO\free.2\free.2.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    C:\Documents and Settings\Gala\Desktop\dds.scr
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uDefault_Page_URL = hxxp://www.dell4me.com/mywaybiz
    mStart Page = hxxp://www.dell4me.com/mywaybiz
    uInternet Connection Wizard,ShellNext = hxxp://us.mcafee.com/root/redirects/support.asp?affid=105-36&dtag=9dqc071
    uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
    uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
    BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2010\ievkbd.dll
    BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
    TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
    mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
    mRun: [igfxtray] c:\windows\system32\igfxtray.exe
    mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
    mRun: [igfxpers] c:\windows\system32\igfxpers.exe
    mRun: [DataCaching] c:\progra~1\dataca~1\FLashKsk.exe
    mRun: [free.2] "c:\program files\ipevo\free.2\free.2.exe"
    mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
    mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
    mRun: [avp] "c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe"
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
    IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2010\ie_banner_deny.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
    LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
    DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc2.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2009\HelpAsyncPluggableProtocol.dll
    Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: igfxcui - igfxdev.dll
    Notify: klogon - c:\windows\system32\klogon.dll
    AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\kloehk.dll
    SEH: Eudora's Shell Extension: {edb0e980-90bd-11d4-8599-0008c7d3b6f8} - c:\program files\qualcomm\eudora\EuShlExt.dll
    SecurityProviders: rpasspc.dll, msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\docume~1\gala\applic~1\mozilla\firefox\profiles\9w1j5vmh.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
    FF - component: c:\documents and settings\gala\application data\mozilla\firefox\profiles\9w1j5vmh.default\extensions\[email protected]\components\Shim.dll
    FF - component: c:\program files\mozilla firefox\extensions\[email protected]\components\KavLinkFilter.dll
    FF - plugin: c:\documents and settings\gala\application data\facebook\npfbplugin_1_0_3.dll
    FF - plugin: c:\documents and settings\gala\application data\mozilla\firefox\profiles\9w1j5vmh.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
    FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
    FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
    FF - Ext: The Browser Highlighter: [email protected] - c:\program files\mozilla firefox\extensions\[email protected]
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - Ext: Kaspersky URL Advisor: [email protected] - c:\program files\mozilla firefox\extensions\[email protected]
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: The Browser Highlighter: [email protected] - %profile%\extensions\[email protected]
    FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: Java Quick Starter: [email protected] - c:\program files\java\jre6\lib\deploy\jqs\ff
    FF - Ext: XULRunner: {63E05FB2-1BA3-4DE2-9BAF-600A92074E9B} - c:\documents and settings\gala\local settings\application data\{63E05FB2-1BA3-4DE2-9BAF-600A92074E9B}
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880]
    R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-12-28 218592]
    R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2010-12-28 51984]
    R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2010-12-28 59664]
    R1 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2009-9-1 128016]
    R1 klif;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2009-10-14 315408]
    R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2010-12-28 233136]
    R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-8-4 14336]
    R2 avp;Kaspersky Internet Security;c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe -r --> c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe -r [?]
    R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-12-28 112592]
    R2 dbsrv;InterVations Database Server;c:\program files\common files\intervations\dbsrvnt.exe [2008-7-23 1520920]
    R2 Elsinore ScreenConnect Guest Service 5b7f48fc-d9bd-4c9f-b4e4-0c137f8b07a4;Elsinore ScreenConnect Guest Service 5b7f48fc-d9bd-4c9f-b4e4-0c137f8b07a4;"c:\documents and settings\julie\local settings\apps\2.0\lk7p3btd.hay\xjpw76rg.gp3\elsi..tion_4c6039112b69d4b5_0001.0005_8dc36f84962c02b4\elsinore.screenconnect.guestservice.exe" run ?y=guest&h=support.intervations.com&p=8041&s=5b7f48fc-d9bd-4c9f-b4e4-0c137f8b07a4&t=support3&k=33ahndtukzx%2fdasxywynwa%3d%3d 3844 --> c:\documents and settings\julie\local settings\apps\2.0\lk7p3btd.hay\xjpw76rg.gp3\elsi..tion_4c6039112b69d4b5_0001.0005_8dc36f84962c02b4\Elsinore.ScreenConnect.GuestService.exe [?]
    R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-12-28 366840]
    R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-12-28 1142224]
    R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2007-12-13 32272]
    R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-10-2 19472]
    R3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2010-12-28 63360]
    R3 SNXUAAAF;Sonix USB Audio Filter Driver;c:\windows\system32\drivers\SNXUAAAF.sys [2008-4-30 13111]
    R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2010-12-28 33552]
    R3 ThreatFire;ThreatFire;c:\program files\spyware doctor\tfengine\tfservice.exe service --> c:\program files\spyware doctor\tfengine\TFService.exe service [?]
    S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
    S2 Elsinore ScreenConnect Guest Service 3b19a49f-a089-464b-8311-b724822dfdd1;Elsinore ScreenConnect Guest Service 3b19a49f-a089-464b-8311-b724822dfdd1;"c:\documents and settings\julie\local settings\apps\2.0\lk7p3btd.hay\xjpw76rg.gp3\elsi..tion_4c6039112b69d4b5_0001.0005_8dc36f84962c02b4\elsinore.screenconnect.guestservice.exe" run ?y=guest&h=support.intervations.com&p=8041&s=3b19a49f-a089-464b-8311-b724822dfdd1&t=support3&k=fqmamb3et%2fzob8pdx4xmhg%3d%3d 1968 --> c:\documents and settings\julie\local settings\apps\2.0\lk7p3btd.hay\xjpw76rg.gp3\elsi..tion_4c6039112b69d4b5_0001.0005_8dc36f84962c02b4\Elsinore.ScreenConnect.GuestService.exe [?]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-6 135664]
    S4 QuickBooksDB19;QuickBooksDB19;c:\progra~1\intuit\quickb~3\qbdbmgrn.exe -hvquickbooksdb19 --> c:\progra~1\intuit\quickb~3\QBDBMgrN.exe -hvQuickBooksDB19 [?]
    .
    =============== Created Last 30 ================
    .
    2011-03-22 01:00:03 98816 ----a-w- c:\windows\sed.exe
    2011-03-22 01:00:03 89088 ----a-w- c:\windows\MBR.exe
    2011-03-22 01:00:03 256512 ----a-w- c:\windows\PEV.exe
    2011-03-22 01:00:03 161792 ----a-w- c:\windows\SWREG.exe
    .
    ==================== Find3M ====================
    .
    .
    ============= FINISH: 7:20:20.87 ===============
     

    Attached Files:

  13. Blade81

    Blade81 Malware Specialist

    Joined:
    Oct 27, 2006
    Messages:
    915
    Hi,

    Please run ComboFix in normal mode again. If it stalls again please uninstall Spyware Doctor for now and then retry.
     
  14. gtjlz

    gtjlz Thread Starter

    Joined:
    Mar 6, 2011
    Messages:
    15
    Had to uninstall Spyware Doctor, but it worked! (Thank you for your continued help on this....) :)

    ComboFix 11-03-22.04 - Julieadmin 03/22/2011 17:31:32.2.2 - x86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1471 [GMT -7:00]
    Running from: c:\documents and settings\Julie\Desktop\ComboFix.exe
    AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
    FW: Kaspersky Internet Security *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\Gala\Application Data\Adobe\AdobeUpdate .exe
    c:\documents and settings\Gala\Application Data\Adobe\plugs
    c:\documents and settings\Gala\Application Data\Adobe\plugs\KB16510546.exe
    c:\documents and settings\Gala\Local Settings\Application Data\{63E05FB2-1BA3-4DE2-9BAF-600A92074E9B}
    c:\documents and settings\Gala\Local Settings\Application Data\{63E05FB2-1BA3-4DE2-9BAF-600A92074E9B}\chrome.manifest
    c:\documents and settings\Gala\Local Settings\Application Data\{63E05FB2-1BA3-4DE2-9BAF-600A92074E9B}\chrome\content\_cfg.js
    c:\documents and settings\Gala\Local Settings\Application Data\{63E05FB2-1BA3-4DE2-9BAF-600A92074E9B}\chrome\content\overlay.xul
    c:\documents and settings\Gala\Local Settings\Application Data\{63E05FB2-1BA3-4DE2-9BAF-600A92074E9B}\install.rdf
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-02-23 to 2011-03-23 )))))))))))))))))))))))))))))))
    .
    .
    No new files created in this timespan
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-01-19 17:30 . 2010-12-28 21:35 0 ----a-w- c:\documents and settings\Gala\Local Settings\Application Data\Dgisapoxulod.bin
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-18 149280]
    "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
    "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
    "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
    "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
    "DataCaching"="c:\progra~1\DATACA~1\FLashKsk.exe" [2001-11-28 262144]
    "free.2"="c:\program files\IPEVO\free.2\free.2.exe" [2007-03-02 528384]
    "Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2009-12-22 1092872]
    "UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-06 413696]
    "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 57344]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "avp"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2010-08-18 340520]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2010-2-2 984352]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= "c:\program files\Qualcomm\Eudora\EuShlExt.dll" [2005-11-15 86016]
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders rpasspc.dll, msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\WINDOWS\\SYSTEM32\\USMT\\MIGWIZ.EXE"=
    "c:\\Program Files\\Dantz\\Retrospect 7.0\\Retrospect.exe"=
    "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    "c:\\Program Files\\MailCOPA\\mailcopa.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\kav\\kav7\\setup.exe"=
    "c:\\Program Files\\Intuit\\QuickBooks 2009\\QBDBMgrN.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "7491:TCP"= 7491:TCP:MailCOPA Inter-Process Communication
    "7492:TCP"= 7492:TCP:InterVations Database Server (TCP)
    "7492:UDP"= 7492:UDP:InterVations Database Server (UDP)
    "3519:TCP"= 3519:TCP:Akamai NetSession Interface
    "5000:UDP"= 5000:UDP:Akamai NetSession Interface
    .
    R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\SYSTEM32\DRIVERS\klbg.sys [10/14/2009 10:18 PM 36880]
    R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/4/2004 4:00 AM 14336]
    R2 dbsrv;InterVations Database Server;c:\program files\Common Files\InterVations\dbsrvnt.exe [7/23/2008 3:23 PM 1520920]
    R2 Elsinore ScreenConnect Guest Service 3b19a49f-a089-464b-8311-b724822dfdd1;Elsinore ScreenConnect Guest Service 3b19a49f-a089-464b-8311-b724822dfdd1;c:\documents and settings\Julie\Local Settings\Apps\2.0\LK7P3BTD.HAY\XJPW76RG.GP3\elsi..tion_4c6039112b69d4b5_0001.0005_8dc36f84962c02b4\Elsinore.ScreenConnect.GuestService.exe [1/18/2010 11:18 AM 39760]
    R2 Elsinore ScreenConnect Guest Service 5b7f48fc-d9bd-4c9f-b4e4-0c137f8b07a4;Elsinore ScreenConnect Guest Service 5b7f48fc-d9bd-4c9f-b4e4-0c137f8b07a4;c:\documents and settings\Julie\Local Settings\Apps\2.0\LK7P3BTD.HAY\XJPW76RG.GP3\elsi..tion_4c6039112b69d4b5_0001.0005_8dc36f84962c02b4\Elsinore.ScreenConnect.GuestService.exe [1/18/2010 11:18 AM 39760]
    R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\SYSTEM32\DRIVERS\klim5.sys [12/13/2007 2:28 PM 32272]
    R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\SYSTEM32\DRIVERS\klmouflt.sys [10/2/2009 8:39 PM 19472]
    R3 SNXUAAAF;Sonix USB Audio Filter Driver;c:\windows\SYSTEM32\DRIVERS\SNXUAAAF.sys [4/30/2008 9:40 AM 13111]
    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
    S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
    S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/6/2010 11:59 AM 135664]
    S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
    S4 QuickBooksDB19;QuickBooksDB19;c:\progra~1\Intuit\QUICKB~3\QBDBMgrN.exe -hvQuickBooksDB19 --> c:\progra~1\Intuit\QUICKB~3\QBDBMgrN.exe -hvQuickBooksDB19 [?]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    Akamai REG_MULTI_SZ Akamai
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-03-23 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-03-27 17:07]
    .
    2011-03-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 18:59]
    .
    2011-03-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 18:59]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    mStart Page = hxxp://www.dell4me.com/mywaybiz
    IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
    FF - ProfilePath - c:\documents and settings\Julie\Application Data\Mozilla\Firefox\Profiles\z0tq1x9f.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - Ext: Kaspersky URL Advisor: [email protected] - c:\program files\Mozilla Firefox\extensions\[email protected]
    FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-03-22 17:39
    Windows 5.1.2600 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    Completion time: 2011-03-22 17:42:51
    ComboFix-quarantined-files.txt 2011-03-23 00:42
    ComboFix2.txt 2011-03-22 01:50
    .
    Pre-Run: 37,856,980,992 bytes free
    Post-Run: 38,555,443,200 bytes free
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
    .
    - - End Of File - - F67FB723F103D508EDB03407FC7FF943
     
  15. Blade81

    Blade81 Malware Specialist

    Joined:
    Oct 27, 2006
    Messages:
    915
    Glad to hear that worked :)

    Let's see some further steps.

    Open notepad and copy/paste the text in the quotebox below into it:

    Code:
    File::
    c:\documents and settings\Gala\Local Settings\Application Data\Dgisapoxulod.bin
    

    Save this as
    CFScript

    A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

    [​IMG]

    Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
    Then post the resultant log.


    Uninstall old Adobe Reader versions and get the latest one ((Adobe Reader X + 10.0.1 update for it)) here or get Foxit Reader here. Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here.


    Uninstall vulnerable Flash versions by following instructions here. Fresh version can be obtained here.


    Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

    Updating Java:
    • Download the latest version of Java Runtime Environment (JRE) 6 Update 24.
    • Click the
      Download
      button to the right.
    • Select Windows on platform combobox and check the box that says:
      Accept License Agreement. Click continue.
    • The page will refresh.
    • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
    • Close any programs you may have running - especially your web browser.
    • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
    • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    • Click the Remove or Change/Remove button.
    • Repeat as many times as necessary to remove each Java versions.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on jre-6u24-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.


    * Go here to run an online scanner from ESET.
    • Note: You will need to use Internet explorer for this scan
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the activex control to install
    • Click Start
    • Make sure that the option Remove found threats is not checked.
    • Click Scan
    • Wait for the scan to finish.

    Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/984444