Google redirect and random pop-ups!

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

dwhiggins

Thread Starter
Joined
Apr 29, 2010
Messages
7
This seems to be a problem for a number of people. It started with the antivirus xp malware which I managed to remove with malwarebytes. Since then I get random pop-ups and redirected in google. This happens in Internet Explorer and Firefox. Google chrome won't load my home page and then says it's unresponsive and asks me to kill the page or wait.

I am also getting a resident shield alert in AVG saying accessed file infected.
File name - C:\WINDOWS\system32\drivers\AvgTdix.sys
Threat name - Win32/Patched.DO
This is coming up on screen every 30 seconds or so.

Any help would be greatly appreciated

Thanks
 

JSntgRvr

José
Retired Moderator and Malware Specialist
Joined
Jul 1, 2003
Messages
18,552
Hi, dwhiggins :)

Welcome.

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**
  1. If you are using Firefox, make sure that your download settings are as follows:
    • Tools->Options->Main tab
    • Set to "Always ask me where to Save the files".
  2. During the download, rename Combofix to Combo-Fix as follows:





  3. It is important you rename Combofix during the download, but not after.
  4. Please do not rename Combofix to other names, but only to the one indicated.
  5. Close any open browsers.
  6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    -----------------------------------------------------------​
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      -----------------------------------------------------------​
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    -----------------------------------------------------------​
  7. Double click on combo-Fix.exe & follow the prompts.
  8. Install the Recovery Console if prompted.
  9. When finished, it will produce a report for you.
  10. Please post the "C:\Combo-Fix.txt" .
**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**


Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.
 

dwhiggins

Thread Starter
Joined
Apr 29, 2010
Messages
7
I've used combofix as instructed but now my computer refuses to connect to the internet.
I'm using friends laptop for this.
It's nothing to do with my broadband or router so i'm guessing combofix did something.

Any ideas?

Thanks Again
 

JSntgRvr

José
Retired Moderator and Malware Specialist
Joined
Jul 1, 2003
Messages
18,552
A simple restart should have recovered the connection.

Go to Start->Run->Type CMD and click Ok. The MSDOS Window will be displayed. At the command prompt, type the following and press Enter after each line:

netsh int ip reset C:\Resetlog.txt
netsh winsock reset catalog
ipconfig /flushdns
(The space between g and / is needed)
Exit

Restart the computer. Test the connection.
 

dwhiggins

Thread Starter
Joined
Apr 29, 2010
Messages
7
When I enter the line
netsh int ip reset C:\Resetlog.txt
it says "the following helper DLL cannot be loaded"

After restart the internet connection works for a few seconds but then is lost like before

Any thoughts

Thanks
 

JSntgRvr

José
Retired Moderator and Malware Specialist
Joined
Jul 1, 2003
Messages
18,552
When I enter the line
netsh int ip reset C:\Resetlog.txt
it says "the following helper DLL cannot be loaded"

After restart the internet connection works for a few seconds but then is lost like before

Any thoughts

Thanks
Which helper dll? It should be part of the error message.
 

dwhiggins

Thread Starter
Joined
Apr 29, 2010
Messages
7
It doesn't say anything else. It just says
"the following helper dll cannot be loaded"

Here is the combo fix log as well in case that helps

ComboFix 10-04-29.05 - Daryl Higgins 30/04/2010 16:36:27.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1014.554 [GMT 1:00]
Running from: c:\documents and settings\Daryl Higgins\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\WinPCap
c:\program files\WinPCap\daemon_mgm.exe
c:\program files\WinPCap\npf_mgm.exe
c:\program files\WinPCap\rpcapd.exe
c:\windows\jestertb.dll
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
D:\Autorun.inf

Infected copy of c:\windows\system32\drivers\AvgTdiX.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2010-03-28 to 2010-04-30 )))))))))))))))))))))))))))))))
.

2010-04-29 14:25 . 2010-04-29 14:25 -------- d-----w- c:\documents and settings\Daryl Higgins\Local Settings\Application Data\Mozilla
2010-04-29 14:02 . 2010-04-29 14:02 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-04-29 13:55 . 2010-04-29 21:53 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-04-28 13:15 . 2010-04-28 02:04 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-04-28 11:27 . 2010-04-28 11:27 -------- d-----w- c:\program files\Safari
2010-04-28 02:04 . 2010-02-04 15:53 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-04-28 02:04 . 2010-04-28 02:04 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-04-28 02:01 . 2010-04-28 02:01 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-04-28 01:59 . 2010-04-28 02:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-04-28 01:59 . 2010-04-28 02:01 -------- d-----w- c:\program files\Lavasoft
2010-04-28 00:28 . 2010-04-28 00:28 -------- d-----w- c:\program files\CCleaner
2010-04-23 10:18 . 2010-04-23 10:18 -------- d-----w- c:\documents and settings\Daryl Higgins\Application Data\Malwarebytes
2010-04-23 10:18 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-23 10:18 . 2010-04-23 10:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-04-23 10:18 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-23 10:18 . 2010-04-29 23:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-23 01:19 . 2010-04-23 01:19 -------- d-----w- c:\windows\system32\wbem\Repository
2010-04-23 00:58 . 2010-04-23 00:58 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-04-09 12:30 . 2001-08-17 12:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-04-09 12:30 . 2001-08-17 12:48 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys
2010-04-09 12:30 . 2008-04-13 18:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2010-04-09 12:30 . 2008-04-13 18:45 10368 ----a-w- c:\windows\system32\dllcache\hidusb.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-30 15:54 . 2009-04-08 20:31 -------- d-----w- c:\documents and settings\Daryl Higgins\Application Data\Affinegy
2010-04-29 23:05 . 2010-04-29 23:05 6153352 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-04-29 19:20 . 2009-10-24 15:08 242896 ----a-w- c:\windows\system32\drivers\AvgTdiX.sys
2010-04-29 16:16 . 2009-12-04 00:08 -------- d-----w- c:\documents and settings\Daryl Higgins\Application Data\HPAppData
2010-04-29 15:51 . 2009-03-14 17:33 -------- d-----w- c:\documents and settings\Daryl Higgins\Application Data\Spotify
2010-04-29 14:10 . 2006-10-15 22:33 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-29 13:58 . 2010-04-29 13:58 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-04-29 13:45 . 2010-04-28 02:04 893952 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2010-04-29 13:45 . 2010-04-28 02:04 574632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aawapi.dll
2010-04-29 13:45 . 2010-04-28 02:04 443344 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2010-04-29 13:45 . 2010-04-28 02:03 866224 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2010-04-29 13:45 . 2010-04-28 02:03 871320 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2010-04-29 13:45 . 2010-04-28 02:03 1598464 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2010-04-29 13:45 . 2010-04-28 02:03 834248 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2010-04-29 13:45 . 2010-04-28 02:03 1285864 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2010-04-28 13:36 . 2007-02-07 02:38 -------- d-----w- c:\documents and settings\Daryl Higgins\Application Data\Apple Computer
2010-04-28 11:23 . 2010-04-28 11:23 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.22.7\SetupAdmin.exe
2010-04-28 02:04 . 2010-04-28 02:04 95024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys
2010-04-28 02:04 . 2010-04-28 02:04 566432 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\EmailScanner.dll
2010-04-28 02:04 . 2010-04-28 02:04 566608 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\sbap.dll
2010-04-28 02:04 . 2010-04-28 02:04 211600 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2010-04-28 02:04 . 2010-04-28 02:04 15880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2010-04-28 02:04 . 2010-04-28 02:04 397480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2010-04-28 02:04 . 2010-04-28 02:04 221920 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\VipreBridge.dll
2010-04-28 02:04 . 2010-04-28 02:04 17632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\WSCUpdate.dll
2010-04-28 02:04 . 2010-04-28 02:04 167824 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2010-04-28 02:04 . 2010-04-28 02:04 1230160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBTE.dll
2010-04-28 02:04 . 2010-04-28 02:04 247120 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBRE.dll
2010-04-28 02:04 . 2010-04-28 02:03 6306640 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2010-04-28 02:03 . 2010-04-28 02:03 95248 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2010-04-28 02:03 . 2010-04-28 02:03 335728 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2010-04-28 02:03 . 2010-04-28 02:03 16456 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\EmailScannerBridge.dll
2010-04-28 02:03 . 2010-04-28 02:03 967640 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2010-04-28 02:03 . 2010-04-28 02:03 755096 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2010-04-28 00:53 . 2006-10-16 14:18 -------- d-----w- c:\documents and settings\Daryl Higgins\Application Data\Azureus
2010-04-22 17:21 . 2007-10-23 12:14 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-17 18:44 . 2006-10-15 22:59 -------- d-----w- c:\program files\Azureus
2010-04-14 23:49 . 2007-03-20 16:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-04-05 14:55 . 2006-09-01 18:20 -------- d-----w- c:\program files\Common Files\Java
2010-04-05 14:54 . 2009-01-03 15:49 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-23 21:19 . 2010-03-23 21:19 1521152 ----a-w- c:\documents and settings\All Users\Application Data\Line 6\L6TWXG\data\twx\L6TWX.dll
2010-03-23 21:19 . 2009-02-02 23:15 571008 ----a-w- c:\windows\system32\drivers\L6TportK.sys
2010-03-23 21:19 . 2009-02-02 23:15 180224 ----a-w- c:\windows\system32\l6tpkb37.dll
2010-03-15 12:36 . 2010-03-15 12:36 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-15 12:36 . 2008-09-11 21:55 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-15 12:34 . 2008-09-11 21:55 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-10 06:15 . 2004-08-04 21:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-09 22:42 . 2010-03-09 22:42 1974272 ----a-w- c:\documents and settings\All Users\Application Data\Line 6\L6TWXG\L6TWXG.dll
2010-03-04 23:44 . 2009-12-19 13:11 -------- d-----w- c:\program files\Hotspot Shield
2010-02-26 18:42 . 2010-02-26 18:42 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-02-25 06:24 . 2004-08-04 21:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2005-01-19 12:26 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 14:08 . 2004-08-04 21:00 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2004-08-04 21:00 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 10:03 . 2010-03-02 13:07 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-12 04:33 . 2004-08-04 21:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-08-04 21:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-02-04 15:53 . 2010-04-28 02:01 2954656 -c--a-w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
2010-02-01 01:45 . 2010-04-29 14:12 38784 ----a-w- c:\documents and settings\Daryl Higgins\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2009-12-19 13:11 218160 ----a-w- c:\program files\Hotspot Shield\hssie\HssIE.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-15 454656]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-04-17 61952]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-01 761946]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-04-11 102400]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-23 131072]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2006-01-26 40960]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"Reminder"="c:\windows\CREATOR\Remind_XP.exe" [2006-02-09 643072]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-10-06 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-10-06 114688]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-10-06 94208]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2007-01-20 200704]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Wireless Manager"="c:\program files\Virgin Broadband Wireless\Wireless Manager.exe" [2008-05-26 585728]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"QuickTime Task"="c:\program files\QUICKTIME\QTTASK.EXE" [2009-11-10 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-15 141608]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-15 12:36 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Daryl Higgins^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\Daryl Higgins\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpofxs08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [28/04/2010 03:04 64288]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [11/09/2008 22:55 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\AvgTdiX.sys [24/10/2009 16:08 242896]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [15/03/2010 13:35 308064]
R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [09/01/2010 00:42 285744]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [04/02/2010 16:52 1285864]
R3 L6DP;L6DP;c:\windows\system32\drivers\l6dp.sys [29/09/2006 17:05 29312]
S3 Flash1;Flash1;c:\program files\SP35487\winphlash\FLASH1.sys [01/03/2006 17:54 3456]
S3 L6TportK;Service - Line 6 TonePort KB37;c:\windows\system32\drivers\L6TportK.sys [03/02/2009 00:15 571008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-04-28 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 13:45]

2010-03-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-04-30 c:\windows\Tasks\User_Feed_Synchronization-{1A7C7059-D2F4-4973-ACEA-DE39AFE3BE8A}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 04:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://news.bbc.co.uk/
uInternet Connection Wizard,ShellNext = https://register.hp.com/servlet/Web...YEAR=2006&gwCountry=GB&language=17&prodOS=011
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: line6.net
FF - ProfilePath - c:\documents and settings\Daryl Higgins\Application Data\Mozilla\Firefox\Profiles\s9aeqftu.default\
FF - prefs.js: browser.startup.homepage - hxxp://news.bbc.co.uk/
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-30 16:56
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe?????? [email protected][email protected]? ????\[email protected][email protected]

scanning hidden files ...


c:\documents and settings\Daryl Higgins\Application Data\Affinegy\wpa_supplicant.conf 157 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2972)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Virgin Broadband Wireless\AffinegyService.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.EXE
c:\program files\Hotspot Shield\bin\openvpnas.exe
c:\program files\Hotspot Shield\HssWPR\hsssrv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\BT Home Hub\Wireless Configuration\WirelessDaemon.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\HPQ\Shared\HPQTOA~1.EXE
c:\program files\Hotspot Shield\bin\openvpntray.exe
c:\program files\Virgin Broadband Wireless\ndis_events.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Completion time: 2010-04-30 16:59:39 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-30 15:59

Pre-Run: 15,540,477,952 bytes free
Post-Run: 15,474,278,400 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 137A2A39825B81B43A601C45036C7F7A

Thanks
 

JSntgRvr

José
Retired Moderator and Malware Specialist
Joined
Jul 1, 2003
Messages
18,552
I need you to update and run Malwarebytes Antimalware and post its report. Perhaps during that small window you may be a able to update.
 

dwhiggins

Thread Starter
Joined
Apr 29, 2010
Messages
7
Managed to update but it doesn't seem to have found anything

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4066

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

05/05/2010 00:18:36
mbam-log-2010-05-05 (00-18-36).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 242481
Time elapsed: 1 hour(s), 37 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 

JSntgRvr

José
Retired Moderator and Malware Specialist
Joined
Jul 1, 2003
Messages
18,552
  • Copy the entire contents of the Quote Box below to Notepad.
  • Name the file as Query.bat
  • Change the Save as Type to All Files
  • and Save it on the desktop
  • Once saved, double click on the Query.bat file and post the resulting report in your next reply.

@Echo Off
Color 1f
Echo Please wait...
Dir /a C:\Qoobox /s >Log.txt
Start Log.txt
Exit
Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.
  • Double click GMER.exe.
  • If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
  • In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)

      Click the image to enlarge it
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
  • Save the log where you can easily find it, such as your desktop.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Please copy and paste the report into your Post.
 

dwhiggins

Thread Starter
Joined
Apr 29, 2010
Messages
7
Here is the Query log

Volume in drive C has no label.
Volume Serial Number is 0A66-748A

Directory of C:\Qoobox

30/04/2010 16:59 <DIR> .
30/04/2010 16:59 <DIR> ..
30/04/2010 16:58 13,111 Add-Remove Programs.txt
30/04/2010 16:26 <DIR> BackEnv
30/04/2010 16:59 1,867 ComboFix-quarantined-files.txt
30/04/2010 16:50 <DIR> Quarantine
30/04/2010 16:58 0 [email protected]_15.50.45.dat
3 File(s) 14,978 bytes

Directory of C:\Qoobox\BackEnv

30/04/2010 16:26 <DIR> .
30/04/2010 16:26 <DIR> ..
30/04/2010 16:26 297 appdata.folder.dat
30/04/2010 16:26 234 cache.folder.dat
30/04/2010 16:26 153 Cookies.folder.dat
30/04/2010 16:26 98 desktop.folder.dat
30/04/2010 16:26 156 favorites.folder.dat
30/04/2010 16:26 225 localappdata.folder.dat
30/04/2010 16:26 175 localsettings.folder.dat
30/04/2010 16:26 196 mypictures.folder.dat
30/04/2010 16:26 105 personal.folder.dat
30/04/2010 16:25 242 Profiles.Folder.dat
30/04/2010 16:26 373 Profiles.Folder.folder.dat
30/04/2010 16:26 184 programs.folder.dat
30/04/2010 16:25 6,199 SetPath.bat
30/04/2010 16:26 104 startmenu.folder.dat
30/04/2010 16:26 208 startup.folder.dat
30/04/2010 16:25 2,242 SysPath.dat
30/04/2010 16:26 102 templates.folder.dat
17 File(s) 11,293 bytes

Directory of C:\Qoobox\Quarantine

30/04/2010 16:50 <DIR> .
30/04/2010 16:50 <DIR> ..
30/04/2010 16:31 <DIR> C
30/04/2010 16:34 102 catchme.log
30/04/2010 16:50 <DIR> D
30/04/2010 16:58 <DIR> Registry_backups
1 File(s) 102 bytes

Directory of C:\Qoobox\Quarantine\C

30/04/2010 16:31 <DIR> .
30/04/2010 16:31 <DIR> ..
30/04/2010 16:46 <DIR> Program Files
30/04/2010 16:46 <DIR> WINDOWS
0 File(s) 0 bytes

Directory of C:\Qoobox\Quarantine\C\Program Files

30/04/2010 16:46 <DIR> .
30/04/2010 16:46 <DIR> ..
30/04/2010 16:46 <DIR> WinPcap
0 File(s) 0 bytes

Directory of C:\Qoobox\Quarantine\C\Program Files\WinPcap

30/04/2010 16:46 <DIR> .
30/04/2010 16:46 <DIR> ..
26/05/2008 16:07 49,152 daemon_mgm.exe.vir
26/05/2008 16:07 49,152 npf_mgm.exe.vir
26/05/2008 16:07 86,016 rpcapd.exe.vir
3 File(s) 184,320 bytes

Directory of C:\Qoobox\Quarantine\C\WINDOWS

30/04/2010 16:46 <DIR> .
30/04/2010 16:46 <DIR> ..
08/04/2010 14:27 21,504 jestertb.dll.vir
30/04/2010 16:46 <DIR> system32
1 File(s) 21,504 bytes

Directory of C:\Qoobox\Quarantine\C\WINDOWS\system32

30/04/2010 16:46 <DIR> .
30/04/2010 16:46 <DIR> ..
30/04/2010 16:46 <DIR> Drivers
26/05/2008 16:07 81,920 packet.dll.vir
26/05/2008 16:07 53,299 pthreadVC.dll.vir
26/05/2008 16:07 61,440 wanpacket.dll.vir
26/05/2008 16:07 233,472 wpcap.dll.vir
4 File(s) 430,131 bytes

Directory of C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers

30/04/2010 16:46 <DIR> .
30/04/2010 16:46 <DIR> ..
29/04/2010 20:20 242,896 AvgTdiX.sys.vir
26/05/2008 16:07 32,512 npf.sys.vir
2 File(s) 275,408 bytes

Directory of C:\Qoobox\Quarantine\D

30/04/2010 16:50 <DIR> .
30/04/2010 16:50 <DIR> ..
30/04/2004 06:01 53 Autorun.inf.vir
1 File(s) 53 bytes

Directory of C:\Qoobox\Quarantine\Registry_backups

30/04/2010 16:58 <DIR> .
30/04/2010 16:58 <DIR> ..
30/04/2010 16:45 1,372 Legacy_NPF.reg.dat
30/04/2010 16:45 2,418 Service_NPF.reg.dat
30/04/2010 16:45 8,507 tcpip.reg
3 File(s) 12,297 bytes

Total Files Listed:
35 File(s) 950,086 bytes
32 Dir(s) 15,296,909,312 bytes free

Whenever I use GMER my comp either crashes or cuts out. I also got the blue screen of death at one point.

Thanks
 

JSntgRvr

José
Retired Moderator and Malware Specialist
Joined
Jul 1, 2003
Messages
18,552
Remove AVG from your computer. Then download and run the AVG Removal Tool.

Test after a restart and let me know the outcome.
 

JSntgRvr

José
Retired Moderator and Malware Specialist
Joined
Jul 1, 2003
Messages
18,552
Now that AVG is removed, go to Start->Run->Type CMD and click Ok. The MSDOS Window will be displayed. At the command prompt, type the following and press Enter after each line:

netsh int ip reset C:\Resetlog.txt
netsh winsock reset catalog

ipconfig /flushdns (The space between g and / is needed)
Exit

Restart and test.

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • OTL should now start. Change the following settings
    • Change Drivers to All
    • Change Standard Registry to All
    • Under File Scans, change File age to 30
  • Under the Custom Scan box paste this in

    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    %SYSTEMDRIVE%\*.*
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt (first run only). These are saved in the same location as OTL.
    • Please post the contents of these files in your next reply.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top