Solved: Drives not opening!! Moved from Malware forum...

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

djkool

Thread Starter
Joined
Jun 8, 2006
Messages
98
i have been asked to contact the hardware forum by the Malware forum...I was in the malware forum and my computer has been cleaned up...

all the viruses have gone...but the after effects of the virus is still there...the only problem that i have is the opening of drives..

when i double click on any drive(C:, D:, E:, F: ), a new search window opens....
Also,when i right click on the drive,the first option in the right click drop down menu is "Search" and the second option is only "OPEN"...i mean to say that the default action for a drive has become "search"...how do i change it?what do i do to bring it back to the normal settings?I have attached the screen shots of both the right click n double click effects for your clear understanding...
 

Attachments

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
120,156
Are you using a flash drive or some sort of external drive?


Please remove the version of ComboFix that you currenlty have and redownload it:

Download ComboFix and save it to your desktop.

**Note: It is important that it is saved directly to your desktop**

  • Close any open browsers.
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix.
  • Double click on combofix.exe and follow the prompts.

When finished, it will produce a report for you. Please post the C:\ComboFix.txt along with a new HijackThis log for further review.

Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall.
 

djkool

Thread Starter
Joined
Jun 8, 2006
Messages
98
i just googled on this topic and i followed the following steps..it worked...the problem is solved...Thank you so much for your co-operation and efforts...

Steps:

1. Click Start
2. Click Run
3. Type in the run box: regedit
4. Click OK
5. When regedit opens, go to the following key:
HKEY_CLASSES_ROOT\directory\shell


6. Click Modify on the Edit menu
7. Type none in the Value data box
8. Click OK
9. Navigate to the following key:
HKEY_CLASSES_ROOT\drive\shell


10. Click Modify on the Edit menu
11. Type none in the Value data box
12. Click OK
13. Close regedit

PROBLEM SOLVED!!!!

Thank you so much....

TSG ROCKED,TSG ROCKS and TSG WILL ALWAYS ROCK!!!!

Hats off to u guys...great work!!!!
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
120,156
It's possible that there may still be things in the ComboFix log that need to be addressed. :)
 
Joined
Apr 10, 2000
Messages
9,288
I don't know how much help this is going to be; but, I am giving you my thoughts on it anyway.

About 50% of my income is derived directly from malware infestations and I have learned over time that attempts to absolutely and completely remove all malware and the damage it leaves behind are very, very rarely successful. Experience is that I save myself time and my customers' money by simply backing up all user-created data and then doing a completely clean, new installation of Windows and all other programs.

I've tried at the insistence of customers who complain they don't have the disks to reinstall valuable programs or maybe they say, "My brother set it up and he has all the disks and he is out of the country . . .", etc., etc. I get all kinds of reasons; but, it almost never works that way.

A few times people have turned down my offer and advice and I usually leave them with the advice that anyone who tells them they can get the mess out and all the damage it will leave behind without a clean, new installation is either incompetent or being less than truthful. Some have called The Geek Squad or someone else who came, stayed an hour or two, charged them a couple of hundred dollars or more and then they call me a day or three later complaining everything is as bad or worse than when they started and they are ready to succumb to a new, clean installation.

This method always works--always.

You may (or may not) have "cleaned" your system of all malware; but, you are now dealing with the damage it leaves behind, which is sometimes more difficult to fix than removing the malware in the first place.

Just for future reference, programs that keep out malware are NEVER as effective as their advistisements would lead the hopeful to believe. After installing these kinds of programs for many customers over the years, I have quit altogether. Those programs just aren't worth the ten-cent CD they are distributed on nor time it takes to install them, let alone the money they cost.

The best defence against malware is is now and always has been, a paranoid user.
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
120,156
Sure there are certain infections that cause irreparable damage to a system and it's best to reformat but not every infection requires a reformat. Developers work hard to create the tools that repair the damage or changes done to the registry, etc. for specific infections. They don't just remove the infected files.

Prevention is key but no program can protect users who insist on visiting suspect web sites and downloading cracks and illegal crap with P2P programs. That is asking for trouble.
 

djkool

Thread Starter
Joined
Jun 8, 2006
Messages
98
anyways il follow the combofix steps and wil post the log soon...thanks once again...
 

djkool

Thread Starter
Joined
Jun 8, 2006
Messages
98
ComboFix 07-10-25.4 - Administrator 2007-10-25 22:01:30.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.58 [GMT 5.5:30]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-09-25 to 2007-10-25 )))))))))))))))))))))))))))))))
.

2007-10-25 21:43 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\McAfee
2007-10-25 21:16 <DIR> d-------- C:\Program Files\SiteAdvisor
2007-10-25 21:16 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SiteAdvisor
2007-10-25 21:15 86,880 --a------ C:\WINDOWS\system32\drivers\WscNetDr.sys
2007-10-25 21:14 143,360 --a------ C:\WINDOWS\system32\dunzip32.dll
2007-10-25 21:12 161,768 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2007-10-25 21:12 104,024 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2007-10-25 21:12 84,744 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2007-10-25 21:12 37,800 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2007-10-25 21:12 33,896 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2007-10-25 21:12 31,560 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2007-10-25 21:11 <DIR> d-------- C:\WINDOWS\LastGood
2007-10-25 21:11 <DIR> d-------- C:\Program Files\McAfee.com
2007-10-25 21:11 <DIR> d-------- C:\Program Files\McAfee
2007-10-25 21:11 <DIR> d-------- C:\Program Files\Common Files\McAfee
2007-10-25 21:02 <DIR> d-------- C:\Program Files\Uniblue
2007-10-25 21:02 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Uniblue
2007-10-25 20:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2007-10-25 20:41 <DIR> d-------- C:\Program Files\MagicISO
2007-10-25 19:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WinZip
2007-10-24 17:49 <DIR> d-------- C:\Documents and Settings\Administrator\DoctorWeb
2007-10-24 14:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-10-24 14:42 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2007-10-24 14:34 788 --a------ C:\WINDOWS\system32\tmp.reg
2007-10-24 01:20 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-23 23:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Comodo
2007-10-23 23:28 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Comodo
2007-10-23 23:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-23 19:48 <DIR> d-------- C:\Program Files\PowerISO
2007-10-23 13:14 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-10-23 13:01 3,589,160 --a------ C:\WINDOWS\procexp.exe
2007-10-23 13:01 546,176 --a------ C:\WINDOWS\autoruns.exe
2007-10-23 13:01 456,064 --a------ C:\WINDOWS\autorunsc.exe
2007-10-22 15:53 28,672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys
2007-10-22 15:51 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-10-22 15:15 <DIR> d-------- C:\Documents and Settings\Administrator\.housecall6.6
2007-10-22 14:20 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-10-22 14:14 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2007-10-21 19:28 <DIR> d-------- C:\Program Files\Intel
2007-10-21 13:25 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Nero
2007-10-21 13:22 <DIR> d-------- C:\Program Files\Nero
2007-10-21 13:22 <DIR> d-------- C:\Program Files\Common Files\Nero
2007-10-21 13:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2007-10-20 17:30 <DIR> d-------- C:\Program Files\Xilisoft
2007-10-20 17:04 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2007-10-20 17:04 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-10-20 17:04 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2007-10-17 23:23 <DIR> d-------- C:\Program Files\Common Files\Adobe
2007-10-17 00:17 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AdobeUM
2007-10-16 21:16 <DIR> d-------- C:\Documents and Settings\Administrator\Contacts
2007-10-16 20:22 <DIR> d-------- C:\Program Files\MSN Messenger
2007-10-14 17:40 <DIR> d-------- C:\Program Files\Picasa2
2007-10-14 14:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-14 14:51 <DIR> d-------- C:\Program Files\Lavasoft
2007-10-14 14:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-10-14 14:50 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-10-13 22:10 <DIR> d-------- C:\WINDOWS\Sun
2007-10-13 17:31 114,688 --a------ C:\WINDOWS\system32\igfxzoom.exe
2007-10-13 17:31 106,496 --a------ C:\WINDOWS\system32\igfxext.exe
2007-10-13 17:31 61,440 --a------ C:\WINDOWS\system32\iAlmCoIn_v4342.dll
2007-10-13 17:31 36,864 --a------ C:\WINDOWS\system32\igfxexps.dll
2007-10-12 20:42 <DIR> d-------- C:\Documents and Settings\Administrator\Incomplete
2007-10-12 20:42 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\LimeWire
2007-10-12 17:09 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Leadertech
2007-10-12 16:56 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
2007-10-11 22:54 <DIR> d-------- C:\Program Files\Google
2007-10-11 20:35 <DIR> d--h----- C:\WINDOWS\PIF
2007-10-11 19:59 <DIR> d-------- C:\Program Files\VirtualDJ
2007-10-11 17:29 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-10-11 14:28 <DIR> d-------- C:\Program Files\Java
2007-10-11 14:18 <DIR> d-------- C:\Program Files\Common Files\Java
2007-10-11 14:17 0 --a------ C:\WINDOWS\mozver.dat
2007-10-11 14:04 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-10-11 14:03 <DIR> d-------- C:\WINDOWS\system32\drivers\umdf
2007-10-11 14:03 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-10-11 14:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2007-10-11 13:31 <DIR> d---s---- C:\Documents and Settings\Administrator\UserData
2007-10-11 00:50 <DIR> dr-h----- C:\Documents and Settings\Administrator\Application Data\yahoo!
2007-10-10 18:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2007-10-10 18:28 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Skype
2007-10-10 14:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-10-10 14:15 <DIR> d-------- C:\Program Files\Yahoo!
2007-10-10 00:35 <DIR> d-------- C:\Program Files\Skype
2007-10-10 00:28 <DIR> d-------- C:\Program Files\BitComet
2007-10-10 00:21 <DIR> d-------- C:\Program Files\VSTplugins
2007-10-10 00:17 <DIR> d-------- C:\Program Files\XviD
2007-10-10 00:17 <DIR> d-------- C:\Program Files\Auto Power-on
2007-10-10 00:17 761,856 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-10-10 00:17 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-10-10 00:13 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Publish Providers
2007-10-10 00:13 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\DivX
2007-10-10 00:10 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Sony
2007-10-10 00:08 <DIR> d-------- C:\Program Files\Sony
2007-10-10 00:04 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2007-10-10 00:03 <DIR> d-------- C:\Program Files\Sony Setup
2007-10-10 00:02 <DIR> d-------- C:\Program Files\iPod
2007-10-10 00:02 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2007-10-10 00:01 <DIR> d-------- C:\Program Files\iTunes
2007-10-10 00:00 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-10-10 00:00 <DIR> d-------- C:\Program Files\QuickTime

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-21 13:56 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-14 09:29 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2007-10-14 09:29 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-10-09 18:29 --------- d-----w C:\Program Files\Common Files\Apple
2007-10-09 18:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-10-09 18:24 --------- d-----w C:\Program Files\DivX
2007-10-09 18:22 --------- d-----w C:\Program Files\LimeWire
2007-10-09 18:21 --------- d-----w C:\Program Files\Microsoft Works
2007-10-09 18:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-10-09 18:02 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-10-09 18:02 --------- d-----w C:\Program Files\C-Media 3D Audio
2007-10-09 17:50 --------- d-----w C:\Program Files\microsoft frontpage
2007-09-24 03:35 132,904 ----a-w C:\WINDOWS\system32\drivers\imagesrv.sys
2007-09-24 03:35 11,304 ----a-w C:\WINDOWS\system32\drivers\imagedrv.sys
2007-09-20 04:29 972,072 ----a-w C:\WINDOWS\UNRecode.exe
2007-09-20 04:25 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2007-09-20 04:25 95,600 ----a-w C:\WINDOWS\system32\NeroCo.dll
2007-09-17 18:23 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-09-17 18:23 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-09-17 18:22 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-09-17 18:22 739,840 ----a-w C:\WINDOWS\system32\DivX.dll
2007-09-11 23:14 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-08-21 00:26 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-08-21 00:26 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-08-15 22:33 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-08-15 22:33 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-08-15 22:33 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-08-15 22:33 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2007-08-15 22:33 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2007-08-15 22:33 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2007-08-15 22:33 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-08-15 22:31 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-08-15 22:31 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-08-15 22:31 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-08-15 22:31 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-08-15 22:31 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-08-15 22:31 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-08-15 22:30 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-07-30 13:49 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 13:49 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 13:49 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 13:49 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 13:49 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 13:49 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 13:48 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="cmicnfg.cpl" []
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-21 16:48]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-21 16:44]
"0021041193326951mcinstcleanup"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\002104~1.exe" []
"MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [2006-07-24 15:30]
"MWLExe"="C:\Program Files\Mcafee\MWL\MWLGui.exe" [2006-07-26 17:00]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoPowerOn]
C:\Program Files\Auto Power-on\AutoPowerOn.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avpa]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Desktop Calendar]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
C:\Program Files\Google\Google Talk\googletalk.exe /autostart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
"C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pwrmon]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
"C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
%systemroot%\system32\dumprep 0 -u

R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3;C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
R2 SetupNT;SetupNT;C:\WINDOWS\system32\SetupNT.sys
S2 PCAutoPowerOnService;Auto Power-on & Shut-down Service;C:\Program Files\Auto Power-on\PCAutoPowerOnService.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{59f9191b-7806-11dc-94df-00115b6d9b7e}]

AutoRun\command - [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{59f9191b-7806-11dc-94df-00115b6d9b7e}]

explore\Command - [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{59f9191b-7806-11dc-94df-00115b6d9b7e}]
open\Command


*Newly Created Service* - EMPROXY
*Newly Created Service* - IPFILTERDRIVER
*Newly Created Service* - MCAFEE_HACKERWATCH_SERVICE
*Newly Created Service* - MCLOGMANAGERSERVICE
*Newly Created Service* - MCMISPUPDMGR
*Newly Created Service* - MCNASVC
*Newly Created Service* - MCODS
*Newly Created Service* - MCPROMGR
*Newly Created Service* - MCPROXY
*Newly Created Service* - MCREDIRECTOR
*Newly Created Service* - MCSHIELD
*Newly Created Service* - MCSYSMON
*Newly Created Service* - MCTSKSHD.EXE
*Newly Created Service* - MCUSRMGR
*Newly Created Service* - MFEAVFK
*Newly Created Service* - MFEBOPK
*Newly Created Service* - MFEHIDK
*Newly Created Service* - MFERKDK
*Newly Created Service* - MFESMFK
*Newly Created Service* - MPFP
*Newly Created Service* - MPFSERVICE
*Newly Created Service* - MPS9
*Newly Created Service* - MSK80SERVICE
*Newly Created Service* - MWLSVC
.
Contents of the 'Scheduled Tasks' folder
"2007-10-23 11:07:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
"2007-10-25 15:42:20 C:\WINDOWS\Tasks\McDefragTask.job"
- C:\WINDOWS\system32\defrag.exe
"2007-10-25 15:42:18 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-25 22:03:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-25 22:05:21
.
--- E O F ---
 

djkool

Thread Starter
Joined
Jun 8, 2006
Messages
98
Logfile of HijackThis v1.99.1
Scan saved at 10:06:48 PM, on 10/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\MSC\mctskshd.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\Mcafee\MWL\MWLGui.exe
C:\Program Files\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\Mcafee\MWL\MwlSvc.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
E:\HiJackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\SiteAdv.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\SiteAdv.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [MWLExe] C:\Program Files\Mcafee\MWL\MWLGui.exe /Start
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{3CB3777B-47D0-46E1-A49A-91C03877D38E}: NameServer = 203.153.47.251,203.153.41.28
O17 - HKLM\System\CS1\Services\Tcpip\..\{3CB3777B-47D0-46E1-A49A-91C03877D38E}: NameServer = 203.153.47.251,203.153.41.28
O17 - HKLM\System\CS2\Services\Tcpip\..\{3CB3777B-47D0-46E1-A49A-91C03877D38E}: NameServer = 203.153.47.251,203.153.41.28
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBackMonitor - - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Task Scheduler (mctskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\Program Files\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: McAfee Wireless Network Security Service (MWLSvc) - McAfee, Inc. - C:\Program Files\Mcafee\MWL\MwlSvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Auto Power-on & Shut-down Service (PCAutoPowerOnService) - Unknown owner - C:\Program Files\Auto Power-on\PCAutoPowerOnService.exe
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
120,156
Open Notepad and copy and paste the text in the quote box below into it:

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avpa]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{59f9191b-7806-11dc-94df-00115b6d9b7e}]
Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.



This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply together with a new HijackThis log.
 

djkool

Thread Starter
Joined
Jun 8, 2006
Messages
98
ComboFix 07-10-25.4 - Administrator 2007-10-26 15:53:25.3 - NTFSx86
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-09-26 to 2007-10-26 )))))))))))))))))))))))))))))))
.

2007-10-26 11:10 <DIR> d-------- C:\Program Files\FlashGet
2007-10-25 21:43 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\McAfee
2007-10-25 21:16 <DIR> d-------- C:\Program Files\SiteAdvisor
2007-10-25 21:16 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SiteAdvisor
2007-10-25 21:15 86,880 --a------ C:\WINDOWS\system32\drivers\WscNetDr.sys
2007-10-25 21:14 143,360 --a------ C:\WINDOWS\system32\dunzip32.dll
2007-10-25 21:12 170,408 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2007-10-25 21:12 109,608 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2007-10-25 21:12 71,496 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2007-10-25 21:12 37,480 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2007-10-25 21:12 34,184 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2007-10-25 21:12 32,008 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2007-10-25 21:11 <DIR> d-------- C:\Program Files\McAfee.com
2007-10-25 21:11 <DIR> d-------- C:\Program Files\McAfee
2007-10-25 21:11 <DIR> d-------- C:\Program Files\Common Files\McAfee
2007-10-25 21:02 <DIR> d-------- C:\Program Files\Uniblue
2007-10-25 21:02 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Uniblue
2007-10-25 20:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2007-10-25 20:41 <DIR> d-------- C:\Program Files\MagicISO
2007-10-25 19:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WinZip
2007-10-24 17:49 <DIR> d-------- C:\Documents and Settings\Administrator\DoctorWeb
2007-10-24 14:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-10-24 14:42 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2007-10-24 14:34 788 --a------ C:\WINDOWS\system32\tmp.reg
2007-10-24 01:20 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-23 23:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Comodo
2007-10-23 23:28 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Comodo
2007-10-23 23:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-23 13:14 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-10-23 13:01 3,589,160 --a------ C:\WINDOWS\procexp.exe
2007-10-23 13:01 546,176 --a------ C:\WINDOWS\autoruns.exe
2007-10-23 13:01 456,064 --a------ C:\WINDOWS\autorunsc.exe
2007-10-22 15:53 28,672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys
2007-10-22 15:51 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-10-22 15:15 <DIR> d-------- C:\Documents and Settings\Administrator\.housecall6.6
2007-10-22 14:20 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-10-22 14:14 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2007-10-21 19:28 <DIR> d-------- C:\Program Files\Intel
2007-10-21 13:25 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Nero
2007-10-21 13:22 <DIR> d-------- C:\Program Files\Nero
2007-10-21 13:22 <DIR> d-------- C:\Program Files\Common Files\Nero
2007-10-21 13:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2007-10-20 17:30 <DIR> d-------- C:\Program Files\Xilisoft
2007-10-20 17:04 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2007-10-20 17:04 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-10-20 17:04 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2007-10-17 23:23 <DIR> d-------- C:\Program Files\Common Files\Adobe
2007-10-17 00:17 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AdobeUM
2007-10-16 21:16 <DIR> d-------- C:\Documents and Settings\Administrator\Contacts
2007-10-16 20:22 <DIR> d-------- C:\Program Files\MSN Messenger
2007-10-14 17:40 <DIR> d-------- C:\Program Files\Picasa2
2007-10-14 14:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-14 14:51 <DIR> d-------- C:\Program Files\Lavasoft
2007-10-14 14:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-10-14 14:50 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-10-13 22:10 <DIR> d-------- C:\WINDOWS\Sun
2007-10-13 17:31 114,688 --a------ C:\WINDOWS\system32\igfxzoom.exe
2007-10-13 17:31 106,496 --a------ C:\WINDOWS\system32\igfxext.exe
2007-10-13 17:31 61,440 --a------ C:\WINDOWS\system32\iAlmCoIn_v4342.dll
2007-10-13 17:31 36,864 --a------ C:\WINDOWS\system32\igfxexps.dll
2007-10-12 20:42 <DIR> d-------- C:\Documents and Settings\Administrator\Incomplete
2007-10-12 20:42 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\LimeWire
2007-10-12 17:09 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Leadertech
2007-10-12 16:56 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
2007-10-11 22:54 <DIR> d-------- C:\Program Files\Google
2007-10-11 20:35 <DIR> d--h----- C:\WINDOWS\PIF
2007-10-11 19:59 <DIR> d-------- C:\Program Files\VirtualDJ
2007-10-11 17:29 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-10-11 14:28 <DIR> d-------- C:\Program Files\Java
2007-10-11 14:18 <DIR> d-------- C:\Program Files\Common Files\Java
2007-10-11 14:17 0 --a------ C:\WINDOWS\mozver.dat
2007-10-11 14:04 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-10-11 14:03 <DIR> d-------- C:\WINDOWS\system32\drivers\umdf
2007-10-11 14:03 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-10-11 14:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2007-10-11 13:31 <DIR> d---s---- C:\Documents and Settings\Administrator\UserData
2007-10-11 00:50 <DIR> dr-h----- C:\Documents and Settings\Administrator\Application Data\yahoo!
2007-10-10 18:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2007-10-10 18:28 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Skype
2007-10-10 14:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-10-10 14:15 <DIR> d-------- C:\Program Files\Yahoo!
2007-10-10 00:35 <DIR> d-------- C:\Program Files\Skype
2007-10-10 00:28 <DIR> d-------- C:\Program Files\BitComet
2007-10-10 00:21 <DIR> d-------- C:\Program Files\VSTplugins
2007-10-10 00:17 <DIR> d-------- C:\Program Files\XviD
2007-10-10 00:17 <DIR> d-------- C:\Program Files\Auto Power-on
2007-10-10 00:17 761,856 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-10-10 00:17 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-10-10 00:13 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Publish Providers
2007-10-10 00:13 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\DivX
2007-10-10 00:10 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Sony
2007-10-10 00:08 <DIR> d-------- C:\Program Files\Sony
2007-10-10 00:04 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2007-10-10 00:03 <DIR> d-------- C:\Program Files\Sony Setup
2007-10-10 00:02 <DIR> d-------- C:\Program Files\iPod
2007-10-10 00:02 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2007-10-10 00:01 <DIR> d-------- C:\Program Files\iTunes
2007-10-10 00:00 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-10-10 00:00 <DIR> d-------- C:\Program Files\QuickTime
2007-10-10 00:00 <DIR> d-------- C:\Program Files\Apple Software Update

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-21 13:56 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-14 09:29 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2007-10-14 09:29 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-10-09 18:29 --------- d-----w C:\Program Files\Common Files\Apple
2007-10-09 18:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-10-09 18:24 --------- d-----w C:\Program Files\DivX
2007-10-09 18:22 --------- d-----w C:\Program Files\LimeWire
2007-10-09 18:21 --------- d-----w C:\Program Files\Microsoft Works
2007-10-09 18:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-10-09 18:02 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-10-09 18:02 --------- d-----w C:\Program Files\C-Media 3D Audio
2007-10-09 17:50 --------- d-----w C:\Program Files\microsoft frontpage
2007-09-24 03:35 132,904 ----a-w C:\WINDOWS\system32\drivers\imagesrv.sys
2007-09-24 03:35 11,304 ----a-w C:\WINDOWS\system32\drivers\imagedrv.sys
2007-09-20 04:29 972,072 ----a-w C:\WINDOWS\UNRecode.exe
2007-09-20 04:25 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2007-09-20 04:25 95,600 ----a-w C:\WINDOWS\system32\NeroCo.dll
2007-09-17 18:23 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-09-17 18:23 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-09-17 18:22 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-09-17 18:22 739,840 ----a-w C:\WINDOWS\system32\DivX.dll
2007-09-11 23:14 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-08-21 00:26 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-08-21 00:26 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-08-15 22:33 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-08-15 22:33 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-08-15 22:33 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-08-15 22:33 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2007-08-15 22:33 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2007-08-15 22:33 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2007-08-15 22:33 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-08-15 22:31 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-08-15 22:31 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-08-15 22:31 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-08-15 22:31 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-08-15 22:31 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-08-15 22:31 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-08-15 22:30 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-07-30 13:49 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 13:49 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 13:49 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 13:49 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 13:49 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 13:49 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 13:48 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="cmicnfg.cpl" []
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-21 16:48]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-21 16:44]
"MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [2007-01-17 15:30]
"MWLExe"="C:\Program Files\Mcafee\MWL\MWLGui.exe" [2007-03-12 11:40]
"MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [2006-11-01 10:35]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoPowerOn]
C:\Program Files\Auto Power-on\AutoPowerOn.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avpa]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Desktop Calendar]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
C:\Program Files\Google\Google Talk\googletalk.exe /autostart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
"C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pwrmon]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
"C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
%systemroot%\system32\dumprep 0 -u

R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3;C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
R2 SetupNT;SetupNT;C:\WINDOWS\system32\SetupNT.sys
S2 PCAutoPowerOnService;Auto Power-on & Shut-down Service;C:\Program Files\Auto Power-on\PCAutoPowerOnService.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{59f9191b-7806-11dc-94df-00115b6d9b7e}]

AutoRun\command - [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{59f9191b-7806-11dc-94df-00115b6d9b7e}]

explore\Command - [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{59f9191b-7806-11dc-94df-00115b6d9b7e}]
open\Command


*Newly Created Service* - MBACKMONITOR
.
Contents of the 'Scheduled Tasks' folder
"2007-10-23 11:07:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
"2007-10-25 15:42:20 C:\WINDOWS\Tasks\McDefragTask.job"
- C:\WINDOWS\system32\defrag.exe
"2007-10-25 15:42:18 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-26 15:55:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-26 15:57:03
C:\ComboFix2.txt ... 2007-10-25 22:05
.
--- E O F ---
Logfile of HijackThis v1.99.1
Scan saved at 4:13:12 PM, on 10/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\Mcafee\MWL\MWLGui.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mcafee\MWL\MwlSvc.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
E:\HiJackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\SiteAdv.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\SiteAdv.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [MWLExe] C:\Program Files\Mcafee\MWL\MWLGui.exe /Start
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{3CB3777B-47D0-46E1-A49A-91C03877D38E}: NameServer = 203.153.47.251,203.153.41.28
O17 - HKLM\System\CS1\Services\Tcpip\..\{3CB3777B-47D0-46E1-A49A-91C03877D38E}: NameServer = 203.153.47.251,203.153.41.28
O17 - HKLM\System\CS2\Services\Tcpip\..\{3CB3777B-47D0-46E1-A49A-91C03877D38E}: NameServer = 203.153.47.251,203.153.41.28
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBackMonitor - - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: McAfee Wireless Network Security Service (MWLSvc) - McAfee, Inc. - C:\Program Files\Mcafee\MWL\MwlSvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Auto Power-on & Shut-down Service (PCAutoPowerOnService) - Unknown owner - C:\Program Files\Auto Power-on\PCAutoPowerOnService.exe
 
Joined
Apr 10, 2000
Messages
9,288
Cookiegal said:
Sure there are certain infections that cause irreparable damage to a system and it's best to reformat but not every infection requires a reformat. Developers work hard to create the tools that repair the damage or changes done to the registry, etc. for specific infections. They don't just remove the infected files.
I think my point is gradually being made. I wonder how many more days it is going to take to find a solution to this problem (or never find it and just give up) as compared to the few hours it would take to do a system recovery. Another advantage of a complete and clean reinstallation is that there is no possibility of discovering more malware droppings left behind after this one is fixed (or the effort to fix it is abandoned).

To be clear, I have respect for those whose opinions were developed from their own experience and whose methods work for them. It's just that I've never seen a result where time spent and thoroughness of the cleaning equals that of a clean installation. Also, I understand the need one has to find the specific and detailed cause of a problem like this and the desire to "win" against the miscreants who did these things to us; but, I decided the lesser of the evils is to just choose the path that is always successful and, on average, costs the least time.

Although I have always recommended imaging all OS partitions, the threat of malware infestations has become the number-one reason.
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
120,156
Please boot to safe mode and repeat the script again.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top