Solved: HJT log after 'fixing' spyware: Desktop image prob & svchost.exe constantly running

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

aferroyt

Thread Starter
Joined
Jan 3, 2006
Messages
14
Hi there,

Background: I had some spyware on my PC (possibly SpyAxe and/or Spy Sheriff and/or others), so I decided to embark on the l-o-n-g journey to try and fix it. I think I removed it by running a program called smitRem. Also, Windows couldn't find a "kernels64.dll" file, so I used HijackThis (HJT) to delete the associated registry file. I also purchased the Spyware Doctor software. Anyway, I still have 3 strange things happening:

1. When Windows loads, my cursor goes into hourglass mode every two seconds or so (like it's constantly working on something). The Task Manager shows the svchost.exe task intermittently running, plus there are a couple other processes that seem normal.

2. I cannot change the image on my Desktop, nor can I access the Browse menu to get images. The only images that will display are those that came with the OS.

3. In the past I used to be able to simply click Outlook Express or Internet Explorer and my Dial-up Connection window would pop up, asking me whether or not I'd like to connect to the Internet. Now this doesn't work. I have to double-click the actual connection BEFORE opening any web-dependant programs.

Below is my HJT log. This is a brand new computer and is the first time I've had any issues with it. I'm very curious to understand whether or not these issues are leftovers from the spyware. If you have any suggestions to fix these issues, can you please explain why you've chosen them? Just trying to learn a bit... (smile)

Any help you could provide would be very much appreciated!!!

Thanks,
-aferroyt-

---------------------------

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\sysldr32.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\xxxxxxxx\Local Settings\Temp\HijackThis.exe
C:\WINDOWS\system32\svchost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\kernels64.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [System] C:\WINDOWS\system32\kernels64.exe
O4 - HKLM\..\Run: [SystemLoader] C:\WINDOWS\sysldr32.exe
O4 - HKLM\..\Run: [HostSrv] C:\WINDOWS\sachostx.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{1338DB03-74C0-44CB-842B-72D2B66F29E3}: NameServer = 206.47.244.57 206.47.244.89
O17 - HKLM\System\CS1\Services\Tcpip\..\{1338DB03-74C0-44CB-842B-72D2B66F29E3}: NameServer = 206.47.244.57 206.47.244.89
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: st3d - C:\WINDOWS\g575640.dll
O21 - SSODL: zGFAd - {CC6A5F0F-66C0-F5A5-7DCA-184EAFCB3259} - C:\WINDOWS\system32\qlfxii.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe
 

JSntgRvr

José
Retired Moderator and Malware Specialist
Joined
Jul 1, 2003
Messages
18,552
Please Download win32delfkil.exe:

http://users.telenet.be/marcvn/tools/win32delfkil.exe

Save it on your desktop.

Double click on win32delfkil.exe and install it.

This creates a new folder on your desktop: win32delfkil.

Close all windows, open the win32delfkil folder and double click on "fix.bat".

The computer will reboot automatically.

Please download WebRoot SpySweeper (It's a 2 week trial):

http://www.webroot.com/consumer/products/spysweeper/index.html?acode=af1&rc=4129

Click the Free Trial link under "Downloads/SpySweeper" to download the program.

Install it. Once the program is installed, it will open.

It will prompt you to update to the latest definitions, click Yes.
Once the definitions are installed, click Options on the left side.
Click the Sweep Options tab.

Under What to Sweep please put a check next to the following:

* Sweep Memory
* Sweep Registry
* Sweep Cookies
* Sweep All User Accounts
* Enable Direct Disk Sweeping
* Sweep Contents of Compressed Files
* Sweep for Rootkits

Please UNCHECK Do not Sweep System Restore Folder.

Click Sweep Now on the left side.

Click the Start button.

When it's done scanning, click the Next button.

Make sure everything has a check next to it, then click the Next button.

It will remove all of the items found.

Click Session Log in the upper right corner, copy everything in that window.

Click the Summary tab and click Finish.

Perform an ActiveSCan:

http://www.pandasoftware.com/activescan/

Save the report to the desktop.

Post a new HijackThis log and the results of the ActiveScan, the contents of the Spysweeper session log you copied and the contents of the logfile c:\windelf.txt.
 

aferroyt

Thread Starter
Joined
Jan 3, 2006
Messages
14
Hi there,

Ok, below are the results from the scans. I couldn't do the ActiveScan because of an error (which I've noted at the end of this posting). Also, please note that I've xxxxxx'd out any personal names associated with my computer.

Any help you could provide would be VERY much appreciated!!

-aferroyt-

-----------------------
This came up while performing the scan:

Scan type: Realtime Protection Scan
Event: Virus Found!
Virus name: Trojan.Abwiz
File: C:\documents and settings\xxxxxxx\local settings\temporary internet files\content.ie5\w9ezkp63\paradise[1].raw
Location: Quarantine
Computer: xxxxxx
User: SYSTEM
Action taken: Clean failed : Quarantine succeeded : Access denied
Date found: Wed Jan 04 21:10:46 2006
-----------------------

WEBROOT

9:03 PM: | Start of Session, January 4, 2006 |
9:03 PM: Spy Sweeper started
9:03 PM: Sweep initiated using definitions version 596
9:03 PM: Found Trojan Horse: trojan_downloader_harnig
9:03 PM: HKLM\software\microsoft\windows\currentversion\run\ || systemloader (ID = 1098837)
9:03 PM: sysldr32.exe (ID = 1098837)
9:03 PM: Starting Memory Sweep
9:05 PM: Detected running threat: C:\WINDOWS\sysldr32.exe (ID = 217730)
9:05 PM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || SystemLoader (ID = 0)
9:06 PM: Memory Sweep Complete, Elapsed Time: 00:02:57
9:06 PM: Starting Registry Sweep
9:06 PM: Found Trojan Horse: vesbiz downloader
9:06 PM: HKLM\software\microsoft\windows\currentversion\run\ || system (ID = 145542)
9:06 PM: Found Trojan Horse: 3proxy
9:06 PM: HKLM\software\microsoft\windows\currentversion\run\ || hostsrv (ID = 815190)
9:06 PM: HKLM\software\microsoft\windows\currentversion\run\ || systemloader (ID = 1062668)
9:06 PM: Found Adware: coolwebsearch (cws)
9:06 PM: HKLM\software\microsoft\windows\currentversion\run\ || systemloader (ID = 1098797)
9:06 PM: Found Trojan Horse: trojan-backdoor-us15info
9:06 PM: HKU\WRSS_Profile_S-1-5-21-2035915446-2758361169-3101683467-1007\software\microsoft\windows\currentversion\run\ || shell (ID = 650813)
9:06 PM: Found Trojan Horse: trojan-backdoor-securemulti
9:06 PM: HKU\WRSS_Profile_S-1-5-21-2035915446-2758361169-3101683467-1007\software\microsoft\windows\currentversion\run\ || aupd (ID = 743915)
9:06 PM: HKU\WRSS_Profile_S-1-5-21-2035915446-2758361169-3101683467-1007\software\microsoft\windows\currentversion\run\ || aupd (ID = 766565)
9:06 PM: Found Adware: spysheriff
9:06 PM: HKU\WRSS_Profile_S-1-5-21-2035915446-2758361169-3101683467-1007\software\microsoft\windows\currentversion\run\ || windows installer (ID = 1088024)
9:06 PM: Found Trojan Horse: trojan-backdoor-satellite
9:06 PM: HKU\S-1-5-18\software\microsoft\moviemaker\recordsettings\captureset\ (1 subtraces) (ID = 1021450)
9:06 PM: Registry Sweep Complete, Elapsed Time:00:00:22
9:06 PM: Starting Cookie Sweep
9:06 PM: Found Spy Cookie: advertising cookie
9:06 PM: xxxxx@advertising[2].txt (ID = 2175)
9:06 PM: Found Spy Cookie: atlas dmt cookie
9:06 PM: xxxxx@atdmt[2].txt (ID = 2253)
9:06 PM: Found Spy Cookie: ru4 cookie
9:06 PM: xxxxx@edge.ru4[1].txt (ID = 3269)
9:06 PM: Found Spy Cookie: fastclick cookie
9:06 PM: xxxxx@fastclick[2].txt (ID = 2651)
9:06 PM: Found Spy Cookie: 2o7.net cookie
9:06 PM: xxxxx@highbeam.122.2o7[1].txt (ID = 1958)
9:06 PM: xxxxx@media.fastclick[1].txt (ID = 2652)
9:06 PM: Found Spy Cookie: tribalfusion cookie
9:06 PM: xxxxx@tribalfusion[1].txt (ID = 3589)
9:06 PM: Found Spy Cookie: adserver cookie
9:06 PM: xxxxx@z1.adserver[1].txt (ID = 2142)
9:06 PM: Cookie Sweep Complete, Elapsed Time: 00:00:01
9:06 PM: Starting File Sweep
9:06 PM: Found Adware: winhound spyware remover
9:06 PM: c:\documents and settings\xxxxxxx\application data\winhound.com (11 subtraces) (ID = -2147462035)
9:10 PM: paradise[1].raw (ID = 211843)
9:12 PM: Found Trojan Horse: trojan-downloader-content-loader
9:12 PM: vx4.game (ID = 220143)
9:16 PM: Found Adware: spysheriff fakealert
9:16 PM: 2.qtdfmp (ID = 217676)
9:17 PM: qvxt2.game (ID = 220040)
9:19 PM: qvxt4.game (ID = 217730)
9:19 PM: xp_nb47[1].exe (ID = 217727)
9:19 PM: Found Adware: members area dialer
9:19 PM: 5.qtdfmp (ID = 217679)
9:19 PM: xp_nb47[1].exe (ID = 217727)
9:19 PM: Found Trojan Horse: trojan-downloader-alfaportal
9:19 PM: tool[1].exe (ID = 217731)
9:19 PM: vx2.game (ID = 210321)
9:19 PM: Found Trojan Horse: trojan-downloader-asdbiz.biz
9:19 PM: vx3.game (ID = 80237)
9:19 PM: Found Trojan Horse: trojan-downloader-hebeeaac
9:19 PM: 6.qtdfmp (ID = 209695)
9:20 PM: 7.qtdfmp (ID = 217732)
9:20 PM: Found Adware: trojan-downloader-evko.biz
9:20 PM: vxt1.game (ID = 217733)
9:20 PM: vx1.game (ID = 80237)
9:20 PM: tool[1].exe (ID = 217731)
9:20 PM: dmx5a.tmp (ID = 217327)
9:20 PM: dmx5d.tmp (ID = 217727)
9:21 PM: sysldr32.exe (ID = 217730)
9:21 PM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || SystemLoader (ID = 0)
9:22 PM: File Sweep Complete, Elapsed Time: 00:15:33
9:22 PM: Full Sweep has completed. Elapsed time 00:18:53
9:22 PM: Traces Found: 54
9:24 PM: Removal process initiated
9:24 PM: Quarantining All Traces: 3proxy
9:24 PM: Quarantining All Traces: spysheriff
9:24 PM: Quarantining All Traces: trojan-backdoor-satellite
9:24 PM: Quarantining All Traces: trojan-backdoor-securemulti
9:24 PM: Quarantining All Traces: trojan-backdoor-us15info
9:24 PM: Quarantining All Traces: trojan-downloader-hebeeaac
9:24 PM: Quarantining All Traces: coolwebsearch (cws)
9:24 PM: Quarantining All Traces: trojan_downloader_harnig
9:24 PM: trojan_downloader_harnig is in use. It will be removed on reboot.
9:24 PM: sysldr32.exe is in use. It will be removed on reboot.
9:24 PM: sysldr32.exe is in use. It will be removed on reboot.
9:24 PM: C:\WINDOWS\sysldr32.exe is in use. It will be removed on reboot.
9:24 PM: Quarantining All Traces: trojan-downloader-alfaportal
9:24 PM: Quarantining All Traces: trojan-downloader-asdbiz.biz
9:24 PM: Quarantining All Traces: trojan-downloader-content-loader
9:24 PM: Quarantining All Traces: vesbiz downloader
9:24 PM: Quarantining All Traces: members area dialer
9:24 PM: Quarantining All Traces: spysheriff fakealert
9:24 PM: Quarantining All Traces: trojan-downloader-evko.biz
9:24 PM: Quarantining All Traces: winhound spyware remover
9:24 PM: Quarantining All Traces: 2o7.net cookie
9:24 PM: Quarantining All Traces: adserver cookie
9:24 PM: Quarantining All Traces: advertising cookie
9:24 PM: Quarantining All Traces: atlas dmt cookie
9:24 PM: Quarantining All Traces: fastclick cookie
9:24 PM: Quarantining All Traces: ru4 cookie
9:24 PM: Quarantining All Traces: tribalfusion cookie
9:26 PM: Preparing to restart your computer. Please wait...
9:26 PM: Removal process completed. Elapsed time 00:01:42
9:28 PM: BHO Shield: found: -- BHO installation denied at user request
********
8:56 PM: | Start of Session, January 4, 2006 |
8:56 PM: Spy Sweeper started
9:02 PM: Your spyware definitions have been updated.
9:03 PM: | End of Session, January 4, 2006 |
-----------------------

HIJACK THIS LOG

Logfile of HijackThis v1.99.1
Scan saved at 9:42:57 PM, on 04/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\SPYWAR~1\swdoctor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\xxxxxxx\Local Settings\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [Spyware Doctor] C:\PROGRA~1\SPYWAR~1\swdoctor.exe /Q
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{1338DB03-74C0-44CB-842B-72D2B66F29E3}: NameServer = 206.47.244.57 206.47.244.89
O17 - HKLM\System\CS1\Services\Tcpip\..\{1338DB03-74C0-44CB-842B-72D2B66F29E3}: NameServer = 206.47.244.57 206.47.244.89
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: zGFAd - {CC6A5F0F-66C0-F5A5-7DCA-184EAFCB3259} - C:\WINDOWS\system32\qlfxii.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
-----------------------

ACTIVESCAN

I couldn't download it because I received the following window/error:

Error on downloading ActiveScan
An error has occurred downloading Panda ActiveScan. Please repeat the process. If the error occurs again, restart your system and try again
Possible causes of this error are:

Not allowing the application's ActiveX control to be downloaded.

Problems with the Internet connection.

The error could be due to a download error or an installation error due to lack of hard disk space, privileges etc.,...
 

JSntgRvr

José
Retired Moderator and Malware Specialist
Joined
Jul 1, 2003
Messages
18,552
Move Hijackthis to a permanent folder such as C:\Program Files\Hijackthis. It wont work properly from a Temp file.

Download Cleanup from Here:

http://www.stevengould.org/downloads/cleanup/CleanUp40.exe


* A window will open and choose SAVE, then DESKTOP as the destination.
* On your Desktop, click on Cleanup40.exe icon.
* Then, click RUN and place a checkmark beside "I Agree"
* Then click NEXT followed by START and OK.
* A window will appear with many choices, keep all the defaults as set when the Slide Bar to the left is set to Standard Quality.
* Click OK
* DO NOT RUN IT YET

Close all browsers. Place a checkmark on the following line and click on Fis Checked:

O21 - SSODL: zGFAd - {CC6A5F0F-66C0-F5A5-7DCA-184EAFCB3259} - C:\WINDOWS\system32\qlfxii.dll

Boot in Safe Mode.

Open Windows Explorer. Find and delete the following file:

C:\WINDOWS\system32\qlfxii.dll

* Run Cleanup:

* Click on the "Cleanup" button and let it run.
* Once its done, close the program.

Restart the computer.

Please run an on-line virus scan at Kaspersky OnLine Scan:

http://www.kaspersky.com/virusscanner

or if that doesnt work, you can use TrendMicro:

http://housecall.trendmicro.com/

or BitDefender:

http://www.bitdefender.com/scan8/ie.html

Please post the results of the scan(s) in your next reply.
 

aferroyt

Thread Starter
Joined
Jan 3, 2006
Messages
14
Hi there,

I did all of what you suggested. Below is the result of the scan. I've noticed that the computer is starting to run smoother, that's for sure. But I'm still not able to get the Dial-up Connection window to pop up when opening a web-based application. What are your thoughts?

I can't thank you enough for your help thus far!!

-aferroyt-

-----------------------------------------------
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Sunday, January 08, 2006 21:23:03
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 9/01/2006
Kaspersky Anti-Virus database records: 159646
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - Critical Areas:
C:\WINDOWS
C:\DOCUME~1\XXXXXX~1\LOCALS~1\Temp\

Scan Statistics:
Total number of scanned objects: 10567
Number of viruses found: 1
Number of infected objects: 1
Number of suspicious objects: 0
Duration of the scan process: 631 sec

Infected Object Name - Virus Name
C:\WINDOWS\g575640.dll Infected: Trojan-Downloader.Win32.Delf.zu

Scan process completed.
 

JSntgRvr

José
Retired Moderator and Malware Specialist
Joined
Jul 1, 2003
Messages
18,552
Boot in Safe Mode and delete the C:\WINDOWS\g575640.dll fie if the KASPERSKY ON-LINE SCANNER didn't fix it.

Post a new Hijackthis log.
 

aferroyt

Thread Starter
Joined
Jan 3, 2006
Messages
14
Hi there,

Below are the results of the Hijack This scan.

Thanks!
-aferroyt-

-------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 6:40:30 PM, on 09/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\xxxxx\Local Settings\Temp\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: zGFAd - {CC6A5F0F-66C0-F5A5-7DCA-184EAFCB3259} - C:\WINDOWS\system32\qlfxii.dll (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
 

JSntgRvr

José
Retired Moderator and Malware Specialist
Joined
Jul 1, 2003
Messages
18,552
Fix this line in Hijackthis:

O21 - SSODL: zGFAd - {CC6A5F0F-66C0-F5A5-7DCA-184EAFCB3259} - C:\WINDOWS\system32\qlfxii.dll (file missing)


The rest of the log seems clear. How is the computer doing?
 

aferroyt

Thread Starter
Joined
Jan 3, 2006
Messages
14
Thank you ever so much!!

Clean bill of health I'd say!!! The computer is working great (just like old times...)

THANKS!!

-aferroyt-
 

JSntgRvr

José
Retired Moderator and Malware Specialist
Joined
Jul 1, 2003
Messages
18,552
(y) Nice going!

Turn Off System restore to flush the backup points that also are infected, then turn it back On.

To turn off Windows XP System Restore:

Note: These instructions assume that you are using the default Windows XP Start Menu and have not changed to the Classic Start menu. To re-enable the default menu, right-click Start, click Properties, click Start menu (not Classic) and then click OK.

Click Start.
Right-click My Computer, and then click Properties.
Click the System Restore tab.
Select "Turn off System Restore" or "Turn off System Restore on all drives" check box.
Click Apply. The following message appears:
As noted in the message, this will delete all existing restore points. Click Yes to do this.
Click OK.


To turn On Windows XP System Restore:

Click Start.
Right-click My Computer, and then click Properties.
Click the System Restore tab.
Clear the "Turn off System Restore" or "Turn off System Restore on all drives" check box.
Click Apply, and then click OK.

System Restore will create regular backups of selected system files and program files.

You can also create a Restore Point on your own:

Start-_All Programs->Accessories->System Tools-> System Restore

Follow instructions on Screen to create a restore point.

Here is some advise from our security Experts to avoid re-infection:

http://forums.techguy.org/t208517.html

Use the thread's Tools and mark this thread as "Solved".
 

aferroyt

Thread Starter
Joined
Jan 3, 2006
Messages
14
Thank you EVER so much for your help in getting this problem resolved! The computer works great... a big KUDOS!!

-aferroyt-
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top