1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: Voice from Computer

Discussion in 'Virus & Other Malware Removal' started by mormonsniper, Feb 9, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. mormonsniper

    mormonsniper Thread Starter

    Joined:
    Feb 9, 2007
    Messages:
    13
    Hi. I did a quick search and didn't see anything... My stepson's computer keeps saying:
    "Congratulations, you've been selected to receive two free ipod nanos." It has also said something to the effect that it is counting the minutes until we meet again.... Any ideas?

    tia
    ms
     
  2. JSntgRvr

    JSntgRvr Moderator Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Hi, mormonsniper.:)

    Welcome to TSG.

    [​IMG]Click here to download HJTsetup.exe
    • Save HJTsetup.exe to your desktop.
    • Doubleclick on the HJTsetup.exe icon on your desktop.
    • By default it will install to C:\Program Files\Hijack This.
    • Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
    • Put a check by Create a desktop icon then click Next again.
    • Continue to follow the rest of the prompts from there.
    • At the final dialogue box click Finish and it will launch Hijack This.
    • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Come back here to this thread and Paste the log in your next reply.
    • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

    If the above link is broken, try this link. Make sure you extract and save the Hijackthis.exe file in a Permanent folder, rather than a Temp folder.
     
  3. mormonsniper

    mormonsniper Thread Starter

    Joined:
    Feb 9, 2007
    Messages:
    13
    Logfile of HijackThis v1.99.1
    Scan saved at 8:39:28 PM, on 2/9/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\LimeWire\LimeWire.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\DllHost.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\System32\Rundll32.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=pavilion&pf=laptop
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    R3 - URLSearchHook: (no name) - - (no file)
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
    O2 - BHO: mycpmads.com Browser Optimizer - {582FDCF0-A82E-4fc1-A6F6-0D2F36881F63} - C:\WINDOWS\system32\br_rt.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: (no name) - {0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F} - (no file)
    O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [adstart] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\br_rt.dll" DllVerify
    O4 - HKCU\..\Run: [Chckup] C:\WINDOWS\system32\Netverchk.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LifeCU] C:\WINDOWS\system32\BastaYa.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
    O4 - Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9602.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1165910871812
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1170815928484
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O21 - SSODL: carbinyl - {8d8c2387-7f80-4022-9be6-43630a969558} - (no file)
    O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
     
  4. JSntgRvr

    JSntgRvr Moderator Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Hi, mormonsniper :)

    Please download the OTMoveIt by OldTimer.
    • Save it to your desktop.
    Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

    R3 - URLSearchHook: (no name) - - (no file)
    O2 - BHO: mycpmads.com Browser Optimizer - {582FDCF0-A82E-4fc1-A6F6-0D2F36881F63} - C:\WINDOWS\system32\br_rt.dll
    O3 - Toolbar: (no name) - {0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F} - (no file)
    O4 - HKLM\..\Run: [adstart] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\br_rt.dll" DllVerify
    O4 - HKCU\..\Run: [Chckup] C:\WINDOWS\system32\Netverchk.exe
    O4 - HKCU\..\Run: [LifeCU] C:\WINDOWS\system32\BastaYa.exe
    O21 - SSODL: carbinyl - {8d8c2387-7f80-4022-9be6-43630a969558} - (no file)

    Now close all windows and browsers, other than HiJackThis, then click Fix Checked.

    Close Hijackthis
    • Please double-click OTMoveIt.exe to run it.
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

      C:\WINDOWS\system32\br_rt.dll
      C:\WINDOWS\system32\Netverchk.exe
      C:\WINDOWS\system32\BastaYa.exe


    • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
    • Click the red Moveit! button.
    • Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply.
    • Close OTMoveIt
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

    [​IMG]Please download ATF Cleaner by Atribune.
    This program is for XP and Windows 2000 only

    • Double-click ATF-Cleaner.exe to run the program.
      Under Main choose: Select All
      Click the Empty Selected button.
    If you use Firefox browser
    • Click Firefox at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    If you use Opera browser
    • Click Opera at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    Click Exit on the Main menu to close the program.
    For Technical Support, double-click the e-mail address located at the bottom of each menu.

    [​IMG]Download AVG Anti-Spyware from HERE and save that file to your desktop.
    This is a 30 day trial of the program
    1. Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
    2. Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
    3. On the main screen select the icon "Update" then select the "Update now" link.
      • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
    4. Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
    5. Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
    6. Under "Reports"
      • Select "Automatically generate report after every scan"
      • Un-Select "Only if threats were found"
    Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly

    Now copy these instructions to notepad and save them to your desktop. You will need them to refer to in safe mode.

    Boot into Safe Mode:

    Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

    Perform the following steps in safe mode:

    1. IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
    2. Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
    3. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
    4. AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
      Once the scan is complete do the following:
    5. If you have any infections you will prompted, then select "Apply all actions"
    6. Next select the "Reports" icon at the top.
    7. Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
    8. Close AVG Anti-Spyware .
    Restart back into Windows normally now.

    Please go HERE to run Panda's ActiveScan
    • Once you are on the Panda site click the Scan your PC button
    • A new window will open...click the Check Now button
    • Enter your Country
    • Enter your State/Province
    • Enter your e-mail address and click send
    • Select either Home User or Company
    • Click the big Scan Now button
    • If it wants to install an ActiveX component allow it
    • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
    • When download is complete, click on My Computer to start the scan
    • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
    Post a fresh Hijackthis log along with the AVG Anti-spyware and ActiveScan reports.
     
  5. mormonsniper

    mormonsniper Thread Starter

    Joined:
    Feb 9, 2007
    Messages:
    13
    Logfile of HijackThis v1.99.1
    Scan saved at 10:47:30 PM, on 2/9/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\LimeWire\LimeWire.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=pavilion&pf=laptop
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    R3 - URLSearchHook: (no name) - - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
    O4 - Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9602.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1165910871812
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1170815928484
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
     
  6. JSntgRvr

    JSntgRvr Moderator Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Hi, mormonsniper :)

    Did you preform the scans requested?
     
  7. mormonsniper

    mormonsniper Thread Starter

    Joined:
    Feb 9, 2007
    Messages:
    13
    ---------------------------------------------------------
    AVG Anti-Spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 10:22:51 PM 2/9/2007

    + Scan result:



    C:\Documents and Settings\Chad Hubert\Local Settings\Temp\temp.frBB99\uninstallSE.exe -> Adware.Beginto : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP56\A0010190.dll -> Adware.Beginto : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP56\A0010192.exe -> Adware.Beginto : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP56\A0010199.exe -> Adware.Beginto : Cleaned with backup (quarantined).
    C:\WINDOWS\7-7c15eb3352bcc3049d7e9e974ad283bf.exe -> Adware.Beginto : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\SearchEnhancer\nsp135.dll -> Adware.Beginto : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP58\A0010374.dll -> Adware.Comet : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP52\A0009999.exe -> Adware.MalwareWipe : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP21\A0007216.dll -> Adware.Mirar : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP41\A0009308.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP13\A0006908.exe -> Downloader.Age.c : Cleaned with backup (quarantined).
    C:\WINDOWS\10-47488c40c3cddfee98fc3b173f6d7beb.exe -> Downloader.Age.c : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP41\A0009322.exe -> Downloader.Agent.c : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP45\A0009654.exe -> Downloader.Agent.c : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP46\A0009701.exe -> Downloader.Agent.c : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP56\A0010259.exe -> Downloader.Agent.c : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP56\A0010276.exe -> Downloader.Agent.c : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP57\A0010355.exe -> Downloader.Agent.c : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP58\A0010396.exe -> Downloader.Agent.c : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\CAUnst.exe -> Downloader.Agent.c : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP41\A0009324.dll -> Downloader.Zlob.bdi : Cleaned with backup (quarantined).


    ::Report end


    __________________
     
  8. mormonsniper

    mormonsniper Thread Starter

    Joined:
    Feb 9, 2007
    Messages:
    13
    AVG worked, Panda did not scan.
     
  9. JSntgRvr

    JSntgRvr Moderator Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Hi, mormonsniper :)

    Please run the F-Secure Online Scanner

    Note: This Scanner is for Internet Explorer Only!
    • For information click Here
    • Accept the License Agreement.
    • Once the ActiveX installs,Click Full System Scan
    • Once the download completes,the scan will begin automatically.
    • The scan will take some time to finish,so please be patient.
    • When the scan completes, click the Automatic cleaning (recommended) button.
    • Click the Show Report button and Copy&Paste the entire report in your next reply along with a fresh Hijackthis log.
     
  10. mormonsniper

    mormonsniper Thread Starter

    Joined:
    Feb 9, 2007
    Messages:
    13
    Scanning now. Very slow.
    ...on edit: See you tomorrow. It should be done by then. I will post the results. It already shows 3 skipped files and 2 viruses.
    ...on edit again: Just donated to the cause. Thank you again.

    Blessings,
    ms
     
  11. mormonsniper

    mormonsniper Thread Starter

    Joined:
    Feb 9, 2007
    Messages:
    13
    Ran it last night. Before I hit the sack, it had skipped 3 files and located 19 viruses.
    When I got up this morning, it was cleaning and on 14 of 19 and locked up, so I am running it again....
     
  12. mormonsniper

    mormonsniper Thread Starter

    Joined:
    Feb 9, 2007
    Messages:
    13
    Scanning type: Scan system for viruses, rootkits, spyware
    Target: C:\ D:\
    Result: 12 malware found
    Exploit.JS.ADODB.Stream.ac (virus)

    * C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\NORTON ANTIVIRUS\QUARANTINE\2A0B2187.HTM (Submitted)
    * C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\NORTON ANTIVIRUS\QUARANTINE\45792F0F.HTM (Submitted)
    * C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\NORTON ANTIVIRUS\QUARANTINE\49AB38ED.HTM (Submitted)
    * C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\NORTON ANTIVIRUS\QUARANTINE\5BE85D55.HTM (Submitted)
    * C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\NORTON ANTIVIRUS\QUARANTINE\5E4868BB.HTM (Submitted)
    * C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\NORTON ANTIVIRUS\QUARANTINE\5E9A0261.HTM (Submitted)
    * C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\NORTON ANTIVIRUS\QUARANTINE\5EA0565A.HTM (Submitted)

    Tracking Cookie (spyware)

    * System (Disinfected)
    * System

    W32/Smalltroj.YUF (virus)

    * C:\WINDOWS\SYSTEM32\SLIMCHTE.EXE (Submitted)
    * C:\WINDOWS\SYSTEM32\WBHLNRDR.EXE (Submitted)

    W32/Zlob.XJU (virus)

    * C:\DOCUMENTS AND SETTINGS\CHAD HUBERT\LOCAL SETTINGS\TEMP\TEMP.FR329E\UNINST.EXE (Submitted)

    Statistics
    Scanned:

    * Files: 33609
    * System: 4538
    * Not scanned: 5

    Actions:

    * Disinfected: 1
    * Renamed: 0
    * Deleted: 0
    * None: 11
    * Submitted: 10

    Files not scanned:

    * C:\HIBERFIL.SYS
    * C:\PAGEFILE.SYS
    * C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
    * C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCRST.DLL
    * C:\DOCUMENTS AND SETTINGS\CHAD HUBERT\LOCAL SETTINGS\TEMP\HSPERFDATA_CHAD HUBERT\3916

    Options
    Scanning engines:

    * F-Secure Libra: 2.4.2, 2007-02-01
    * F-Secure AVP: 7.0.171, 2007-02-10
    * F-Secure Orion: 1.2.37, 2007-02-09
    * F-Secure Blacklight: 1.0.53, 0000-00-00
    * F-Secure Draco: 1.0.35, 2007-02-05
    * F-Secure Pegasus: 1.19.0, 2007-01-07

    Scanning options:

    * Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX
    * Use Advanced heuristics
     
  13. mormonsniper

    mormonsniper Thread Starter

    Joined:
    Feb 9, 2007
    Messages:
    13
    Logfile of HijackThis v1.99.1
    Scan saved at 10:38:42 AM, on 2/10/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\LimeWire\LimeWire.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=pavilion&pf=laptop
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    R3 - URLSearchHook: (no name) - - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
    O4 - Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9602.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1165910871812
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1170815928484
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

    ---------------------------------------------------------
    AVG Anti-Spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 10:36:53 AM 2/10/2007

    + Scan result:



    C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP58\A0010419.exe -> Adware.Beginto : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP58\A0010420.dll -> Adware.Beginto : Cleaned with backup (quarantined).
    HKU\S-1-5-21-3531068893-1397292855-4084572643-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F} -> Adware.Generic : Cleaned with backup (quarantined).
    HKU\S-1-5-21-3531068893-1397292855-4084572643-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} -> Adware.Generic : Cleaned with backup (quarantined).
    C:\Documents and Settings\Chad Hubert\Local Settings\Temp\laf11D.tmp -> Adware.WorldSecurityOnline : Cleaned with backup (quarantined).
    C:\Documents and Settings\Chad Hubert\Local Settings\Temp\inverstt.tmp -> Downloader.Age : Cleaned with backup (quarantined).
    C:\_OTMoveIt\MovedFiles\WINDOWS\system32\BastaYa.exe -> Downloader.Age : Cleaned with backup (quarantined).
    C:\_OTMoveIt\MovedFiles\WINDOWS\system32\Netverchk.exe -> Downloader.Age : Cleaned with backup (quarantined).
    C:\Documents and Settings\Chad Hubert\Local Settings\Temp\qms1.tmp -> Downloader.Age.c : Cleaned with backup (quarantined).
    C:\Documents and Settings\Chad Hubert\Local Settings\Temp\qms10.tmp -> Downloader.Age.c : Cleaned with backup (quarantined).
    C:\Documents and Settings\Chad Hubert\Local Settings\Temp\qms11.tmp -> Downloader.Age.c : Cleaned with backup (quarantined).
    C:\Documents and Settings\Chad Hubert\Local Settings\Temp\qms12.tmp -> Downloader.Age.c : Cleaned with backup (quarantined).
    C:\Documents and Settings\Chad Hubert\Local Settings\Temp\qms13.tmp -> Downloader.Age.c : Cleaned with backup (quarantined).
    C:\Documents and Settings\Chad Hubert\Local Settings\Temp\qms14.tmp -> Downloader.Age.c : Cleaned with backup (quarantined).
    C:\Documents and Settings\Chad Hubert\Local Settings\Temp\qms15.tmp -> Downloader.Age.c : Cleaned with backup (quarantined).
    C:\Documents and Settings\Chad Hubert\Local Settings\Temp\qms16.tmp -> Downloader.Age.c : Cleaned with backup (quarantined).
    C:\Documents and Settings\Chad Hubert\Local Settings\Temp\qms17.tmp -> Downloader.Age.c : Cleaned with backup (quarantined).
    C:\Documents and Settings\Chad Hubert\Local Settings\Temp\qms18.tmp -> Downloader.Age.c : Cleaned with backup (quarantined).
    C:\Documents and Settings\Chad Hubert\Local Settings\Temp\qms19.tmp -> Downloader.Age.c : Cleaned with backup (quarantined).
    C:\Documents and Settings\Chad Hubert\Local Settings\Temp\qms1A.tmp -> Downloader.Age.c : Cleaned with backup (quarantined).
    C:\Documents and Settings\Chad Hubert\Local Settings\Temp\qms1B.tmp -> Downloader.Age.c : Cleaned with backup (quarantined).
    C:\Documents and Settings\Chad Hubert\Local Settings\Temp\qms1C.tmp -> Downloader.Age.c : Cleaned with backup (quarantined).
    C:\Documents and Settings\Chad Hubert\Local Settings\Temp\qms1D.tmp -> Downloader.Age.c : Cleaned with backup (quarantined).
    C:\Documents and Settings\Chad Hubert\Local Settings\Temp\qms1E.tmp -> Downloader.Age.c : Cleaned with backup (quarantined).
    C:\Documents and Settings\Chad Hubert\Local Settings\Temp\qms1ED.tmp -> Downloader.Age.c : Cleaned with backup (quarantined).
    C:\Documents and Settings\Chad Hubert\Local Settings\Temp\qms1F.tmp -> Downloader.Age.c : Cleaned with backup (quarantined).
    C:\Documents and Settings\Chad Hubert\Local Settings\Temp\qms2.tmp -> Downloader.Age.c : Cleaned with backup (quarantined).
    C:\Documents and Settings\Chad Hubert\Local Settings\Temp\qms20.tmp -> Downloader.Age.c : Cleaned with backup (quarantined).
    C:\Documents and Settings\Chad Hubert\Local Settings\Temp\qms3.tmp -> Downloader.Age.c : Cleaned with backup (quarantined).
    C:\Documents and Settings\Chad Hubert\Local Settings\Temp\qms4.tmp -> Downloader.Age.c : Cleaned with backup (quarantined).
    C:\Documents and Settings\Chad Hubert\Local Settings\Temp\qms5.tmp -> Downloader.Age.c : Cleaned with backup (quarantined).
    C:\Documents and Settings\Chad Hubert\Local Settings\Temp\qms6.tmp -> Downloader.Age.c : Cleaned with backup (quarantined).
    C:\Documents and Settings\Chad Hubert\Local Settings\Temp\qms7.tmp -> Downloader.Age.c : Cleaned with backup (quarantined).
    C:\Documents and Settings\Chad Hubert\Local Settings\Temp\qms8.tmp -> Downloader.Age.c : Cleaned with backup (quarantined).
    C:\Documents and Settings\Chad Hubert\Local Settings\Temp\qms9.tmp -> Downloader.Age.c : Cleaned with backup (quarantined).
    C:\Documents and Settings\Chad Hubert\Local Settings\Temp\qmsA.tmp -> Downloader.Age.c : Cleaned with backup (quarantined).
    C:\Documents and Settings\Chad Hubert\Local Settings\Temp\qmsB.tmp -> Downloader.Age.c : Cleaned with backup (quarantined).
    C:\Documents and Settings\Chad Hubert\Local Settings\Temp\qmsC.tmp -> Downloader.Age.c : Cleaned with backup (quarantined).
    C:\Documents and Settings\Chad Hubert\Local Settings\Temp\qmsD.tmp -> Downloader.Age.c : Cleaned with backup (quarantined).
    C:\Documents and Settings\Chad Hubert\Local Settings\Temp\qmsE.tmp -> Downloader.Age.c : Cleaned with backup (quarantined).
    C:\Documents and Settings\Chad Hubert\Local Settings\Temp\qmsF.tmp -> Downloader.Age.c : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP58\A0010417.exe -> Downloader.Age.c : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP58\A0010418.exe -> Downloader.Agent.c : Cleaned with backup (quarantined).
    C:\Documents and Settings\Chad Hubert\Cookies\[email protected][2].txt -> TrackingCookie.Adjuggler : Cleaned.
    C:\Documents and Settings\Chad Hubert\Cookies\[email protected][2].txt -> TrackingCookie.Cpvfeed : Cleaned.


    ::Report end
     
  14. JSntgRvr

    JSntgRvr Moderator Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Hi, mormonsniper :)

    Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

    R3 - URLSearchHook: (no name) - - (no file)

    Now close all windows and browsers, other than HiJackThis, then click Fix Checked.

    Close Hijackthis.

    Please download the Suspicious File Packer from Here. Extract its contents to the desktop. Open the SFP folder on your desktop and run the SFP.EXE file.

    Copy and Paste the following bold locations into the Suspicious File Packer window:

    C:\WINDOWS\SYSTEM32\SLIMCHTE.EXE
    C:\WINDOWS\SYSTEM32\WBHLNRDR.EXE


    Click on Continue to allow SFP to pack the file. This will generate a CAB archive on your desktop.

    Click Here to upload the created CAB archive.
    • Click on "New Topic"
    • Put your name, e-mail address, and this as the title: "Suspicious File Packer"
    • Put a link to this thread in the description box.
    • Then next to the file box, at the bottom, click the browse button, then navigate to CAB archive that was been created on your desktop.
    • The cab file will be called requested-files(*).cab (the * stands for the date and hour).
      Then click the Send File button below.
    • Click Open.
    • Click Post.
    Please download gmer rootkit detector from any of the following links:

    Link 1
    Link 2
    Link 3
    • Unzip it and double click the gmer.exe file
    • Select rootkit tab.
    • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
    • Press scan
    • When it has finished press save & post back the log it makes
    • Repeat the proces with the Autostarts tab and do the same there
     
  15. mormonsniper

    mormonsniper Thread Starter

    Joined:
    Feb 9, 2007
    Messages:
    13
    GMER 1.0.12.12011 - http://www.gmer.net
    Rootkit scan 2007-02-10 15:59:20
    Windows 5.1.2600 Service Pack 2


    ---- System - GMER 1.0.12 ----

    SSDT 85DBA090 ZwAlertResumeThread
    SSDT 85C39ED0 ZwAlertThread
    SSDT 85A71008 ZwAllocateVirtualMemory
    SSDT 85DB9E10 ZwConnectPort
    SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS ZwCreateKey
    SSDT 85C9C1B0 ZwCreateMutant
    SSDT 85B6BE48 ZwCreateThread
    SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS ZwDeleteKey
    SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS ZwDeleteValueKey
    SSDT 85BD56B8 ZwFreeVirtualMemory
    SSDT 85B70D48 ZwImpersonateAnonymousToken
    SSDT 85AEE0E8 ZwImpersonateThread
    SSDT 85C32E18 ZwMapViewOfSection
    SSDT 85C394A8 ZwOpenEvent
    SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwOpenProcess
    SSDT 85D7FCA8 ZwOpenProcessToken
    SSDT 8671A4D8 ZwOpenThreadToken
    SSDT 85DB94E0 ZwResumeThread
    SSDT 85D45128 ZwSetContextThread
    SSDT 85BF5570 ZwSetInformationProcess
    SSDT 85D488B8 ZwSetInformationThread
    SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS ZwSetValueKey
    SSDT 85E18CB8 ZwSuspendProcess
    SSDT 85C3D818 ZwSuspendThread
    SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwTerminateProcess
    SSDT 85BE5590 ZwTerminateThread
    SSDT 85B34E58 ZwUnmapViewOfSection
    SSDT 85C10B18 ZwWriteVirtualMemory

    ---- Kernel code sections - GMER 1.0.12 ----

    .text ntkrnlpa.exe!ZwCallbackReturn + 2BBC 805038A0 8 Bytes [ 90, A0, DB, 85, D0, 9E, C3, ... ]
    .text ntkrnlpa.exe!ZwCallbackReturn + 2D74 80503A58 8 Bytes [ AC, 58, 75, EB, A8, FC, D7, ... ]
    .text ntkrnlpa.exe!ZwCallbackReturn + 2F1C 80503C00 8 Bytes [ 70, 55, BF, 85, B8, 88, D4, ... ]
    .text ntkrnlpa.exe!ZwCallbackReturn + 2F80 80503C64 8 Bytes [ B8, 8C, E1, 85, 18, D8, C3, ... ]
    .text ntkrnlpa.exe!ZwCallbackReturn + 2F90 80503C74 8 Bytes [ 12, 58, 75, EB, 90, 55, BE, ... ]

    ---- User code sections - GMER 1.0.12 ----

    .text C:\Program Files\Internet Explorer\iexplore.exe[1632] USER32.dll!DialogBoxParamW 77D5662C 5 Bytes JMP 7E1F5415 C:\WINDOWS\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[1632] USER32.dll!DialogBoxIndirectParamW 77D62043 5 Bytes JMP 7E38C510 C:\WINDOWS\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[1632] USER32.dll!MessageBoxIndirectA 77D6A05A 5 Bytes JMP 7E38C491 C:\WINDOWS\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[1632] USER32.dll!DialogBoxParamA 77D6B11C 5 Bytes JMP 7E38C4D5 C:\WINDOWS\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[1632] USER32.dll!MessageBoxExW 77D80538 5 Bytes JMP 7E38C3D9 C:\WINDOWS\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[1632] USER32.dll!MessageBoxExA 77D8055C 5 Bytes JMP 7E38C413 C:\WINDOWS\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[1632] USER32.dll!DialogBoxIndirectParamA 77D86CAD 5 Bytes JMP 7E38C54B C:\WINDOWS\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[1632] USER32.dll!MessageBoxIndirectW 77D96093 5 Bytes JMP 7E38C44D C:\WINDOWS\system32\IEFRAME.dll

    ---- Files - GMER 1.0.12 ----

    ADS C:\Documents and Settings\Chad Hubert\Desktop\MG Free Download - HijackThis 1.99.1.url:favicon
    ADS C:\Documents and Settings\Chad Hubert\Favorites\Blackboard Academic Suite.url:favicon
    ADS C:\Documents and Settings\Chad Hubert\Favorites\Falling Out Tab (ver 2) by Relient K @ Ultimate-Guitar.Com.url:favicon
    ADS C:\Documents and Settings\Chad Hubert\Favorites\Must Have Done Something Right Tab by Relient K @ Ultimate-Guitar.Com.url:favicon
    ADS C:\Documents and Settings\Chad Hubert\Favorites\thottbot World of Warcraft.url:favicon
    ADS C:\Documents and Settings\Chad Hubert\Favorites\World of Warcraft Community Site Game Info High Level Armor Sets.url:favicon
    ADS C:\Documents and Settings\Chad Hubert\Favorites\WoW - Info - Basics - Quests Per Level.url:favicon
    ADS C:\Documents and Settings\Chad Hubert\Favorites\WoW - Info - Reputations - Warsong Gulch.url:favicon
    ADS C:\Documents and Settings\Chad Hubert\Favorites\YouTube - Bill Cosby- Go Karts.url:favicon
    ADS C:\Documents and Settings\Chad Hubert\Favorites\YouTube - First Day Of My Life.url:favicon
    ADS C:\Documents and Settings\Chad Hubert\Favorites\YouTube - Must Have Done Something Right, Relient K.url:favicon
    ADS ...

    ---- EOF - GMER 1.0.12 ----
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/542718

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice