Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

Need Help - Bing.Zugo Spyware/Virus?

This is a discussion on Need Help - Bing.Zugo Spyware/Virus? within the Resolved HJT Threads forums, part of the Tech Support Forum category. Hello, First off, thanks for reading my post. I recently had a hard drive crash 2 days ago and had


 
 
Thread Tools Search this Thread
Old 03-09-2010, 08:42 AM   #1
Registered Member
 
Join Date: Oct 2009
Posts: 6
OS: XP SP3



Hello,

First off, thanks for reading my post. I recently had a hard drive crash 2 days ago and had to purchase a new one and reinstall Windows XP. Well somehow this "Bing.Zugo" crap got on my computer, and I cannot get rid of it even after many scans with Malwarebytes, aVast and Ad Aware. What it does is install this bing.zugo toolbar into my web browser (FireFox) everytime the computer is rebooted even if I uninstall it all, etc. Any help would be greatly appreciated because I would love to refrain from formatting again.


DDS (Ver_09-12-01.01) - NTFSx86
Run by Andrew at 10:24:29.73 on Tue 03/09/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1278.566 [GMT -5:00]

AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
E:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
E:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Alwil Software\Avast5\AvastSvc.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Creative\Shared Files\CTAudSvc.exe
svchost.exe
E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
E:\Program Files\CDBurnerXP\NMSAccessU.exe
E:\WINDOWS\system32\RUNDLL32.EXE
E:\WINDOWS\system32\CTHELPER.EXE
E:\Program Files\Winamp\winampa.exe
E:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
E:\Program Files\Google\Gmail Notifier\gnotify.exe
E:\WINDOWS\system32\ctfmon.exe
E:\DOCUME~1\Andrew\LOCALS~1\Temp\setupv.exe
E:\DOCUME~1\Andrew\LOCALS~1\Temp\ldm1.exe
E:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
E:\Program Files\Winamp\winamp.exe
E:\WINDOWS\system32\wuauclt.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\Alwil Software\Avast5\setup\avast.setup
E:\Documents and Settings\Andrew\Desktop\Download\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://bing.zugo.com/?cfg=2-80-0-x9eQ
uURLSearchHooks: ToolbarURLSearchHook Class: {ca3eb689-8f09-4026-aa10-b9534c691ce0} - e:\program files\search toolbar\tbhelper.dll
BHO: TBSB05974 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - e:\program files\search toolbar\tbcore3.dll
TB: Search Toolbar: {0c8413c1-fad1-446c-8584-be50576f863e} - e:\program files\search toolbar\tbcore3.dll
uRun: [ctfmon.exe] e:\windows\system32\ctfmon.exe
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NvMediaCenter] RUNDLL32.EXE e:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE e:\windows\system32\NvCpl.dll,NvStartup
mRun: [CTHelper] CTHELPER.EXE
mRun: [WinampAgent] "e:\program files\winamp\winampa.exe"
mRun: [avast5] e:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] e:\program files\google\gmail notifier\gnotify.exe
StartupFolder: e:\documents and settings\andrew\start menu\programs\startup\update.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - e:\program files\messenger\msmsgs.exe
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15111/CTPID.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - e:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - e:\docume~1\andrew\applic~1\mozilla\firefox\profiles\sf5t2s2w.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://bing.zugo.com/?cfg=2-80-0-x9eQ
FF - prefs.js: keyword.URL - hxxp://bing.zugotoolbar.com/s/?iesrc=IE-Address&site=Bing&q=
FF - plugin: e:\documents and settings\andrew\application data\mozilla\firefox\profiles\sf5t2s2w.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll

---- FIREFOX POLICIES ----
FF - user.js: google.toolbar.linkdoctor.enabled - false
e:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
e:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
e:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
e:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
e:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
e:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
e:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
e:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
e:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
e:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
e:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
e:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
e:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
e:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
e:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
e:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
e:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
e:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
e:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
e:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
e:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;e:\windows\system32\drivers\Lbd.sys [2010-3-8 64288]
R1 aswSP;aswSP;e:\windows\system32\drivers\aswSP.sys [2010-3-7 162512]
R2 aswFsBlk;aswFsBlk;e:\windows\system32\drivers\aswFsBlk.sys [2010-3-7 19024]
R2 avast! Antivirus;avast! Antivirus;e:\program files\alwil software\avast5\AvastSvc.exe [2010-3-7 40384]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;e:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1229232]
R3 COMMONFX.SYS;COMMONFX.SYS;e:\windows\system32\drivers\COMMONFX.sys [2009-6-23 99352]
R3 CTAUDFX.SYS;CTAUDFX.SYS;e:\windows\system32\drivers\CTAUDFX.sys [2009-6-23 555032]
R3 CTSBLFX.SYS;CTSBLFX.SYS;e:\windows\system32\drivers\CTSBLFX.sys [2009-6-23 566296]
S?3 avast! Web Scanner;avast! Web Scanner;e:\program files\alwil software\avast5\AvastSvc.exe [2010-3-7 40384]
S0 uqtpbxog;uqtpbxog;e:\windows\system32\drivers\fgdxi.sys --> e:\windows\system32\drivers\fgdxi.sys [?]
S3 avast! Mail Scanner;avast! Mail Scanner;e:\program files\alwil software\avast5\AvastSvc.exe [2010-3-7 40384]
S3 COMMONFX;COMMONFX;e:\windows\system32\drivers\COMMONFX.sys [2009-6-23 99352]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;e:\program files\common files\creative labs shared\service\CTAELicensing.exe [2010-3-7 79360]
S3 CTAUDFX;CTAUDFX;e:\windows\system32\drivers\CTAUDFX.sys [2009-6-23 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;e:\windows\system32\drivers\CTERFXFX.sys [2009-6-23 100888]
S3 CTERFXFX;CTERFXFX;e:\windows\system32\drivers\CTERFXFX.sys [2009-6-23 100888]
S3 CTSBLFX;CTSBLFX;e:\windows\system32\drivers\CTSBLFX.sys [2009-6-23 566296]

=============== Created Last 30 ================

2010-03-09 06:37:11 0 d-----w- e:\docume~1\andrew\applic~1\Malwarebytes
2010-03-09 06:37:03 38224 ----a-w- e:\windows\system32\drivers\mbamswissarmy.sys
2010-03-09 06:37:02 19160 ----a-w- e:\windows\system32\drivers\mbam.sys
2010-03-09 06:37:02 0 d-----w- e:\program files\Malwarebytes' Anti-Malware
2010-03-09 06:37:02 0 d-----w- e:\docume~1\alluse~1\applic~1\Malwarebytes
2010-03-09 02:53:39 0 d-----w- e:\docume~1\andrew\applic~1\Canneverbe Limited
2010-03-09 02:53:31 0 d-----w- e:\docume~1\alluse~1\applic~1\Canneverbe Limited
2010-03-08 17:49:03 7168 ----a-w- e:\windows\system32\drivers\StarOpen.sys
2010-03-08 17:45:51 0 d-----w- e:\windows\system32\XPSViewer
2010-03-08 17:45:00 89088 -c----w- e:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-03-08 17:45:00 597504 -c----w- e:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-03-08 17:45:00 575488 -c----w- e:\windows\system32\dllcache\xpsshhdr.dll
2010-03-08 17:45:00 575488 ------w- e:\windows\system32\xpsshhdr.dll
2010-03-08 17:45:00 1676288 -c----w- e:\windows\system32\dllcache\xpssvcs.dll
2010-03-08 17:45:00 1676288 ------w- e:\windows\system32\xpssvcs.dll
2010-03-08 17:45:00 117760 ------w- e:\windows\system32\prntvpt.dll
2010-03-08 17:45:00 0 d-----w- E:\0c53756d8931f3ffbac4c03cb5
2010-03-08 1722 726528 ------w- e:\windows\system32\SET1C.tmp
2010-03-08 08:30:35 0 d-----w- e:\program files\Search Toolbar
2010-03-08 08:22:17 15880 ----a-w- e:\windows\system32\lsdelete.exe
2010-03-08 08:10:42 64288 ----a-w- e:\windows\system32\drivers\Lbd.sys
2010-03-08 08:10:36 95024 ----a-w- e:\windows\system32\drivers\SBREDrv.sys
2010-03-08 08:09:22 0 dc-h--w- e:\docume~1\alluse~1\applic~1\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-03-08 08:09:08 0 d-----w- e:\program files\Lavasoft
2010-03-08 07:40:59 0 d-----w- e:\docume~1\alluse~1\applic~1\Toolbar4
2010-03-08 06:55:40 0 d-sh--w- e:\documents and settings\andrew\PrivacIE
2010-03-08 06:52:58 0 d-sh--w- e:\documents and settings\andrew\IETldCache
2010-03-08 06:45:03 0 d-----w- e:\program files\MSXML 4.0
2010-03-08 06:42:29 69120 -c----w- e:\windows\system32\dllcache\iecompat.dll
2010-03-08 06:42:08 0 d-----w- e:\windows\ie8updates
2010-03-08 06:41:53 12800 -c----w- e:\windows\system32\dllcache\xpshims.dll
2010-03-08 06:41:52 594432 -c----w- e:\windows\system32\dllcache\msfeeds.dll
2010-03-08 06:41:52 55296 -c----w- e:\windows\system32\dllcache\msfeedsbs.dll
2010-03-08 06:41:51 246272 -c----w- e:\windows\system32\dllcache\ieproxy.dll
2010-03-08 06:41:51 1985536 -c----w- e:\windows\system32\dllcache\iertutil.dll
2010-03-08 06:41:51 11070464 -c----w- e:\windows\system32\dllcache\ieframe.dll
2010-03-08 06:39:45 0 dc-h--w- e:\windows\ie8
2010-03-08 06:34:25 0 d-----w- e:\windows\system32\KB905474
2010-03-08 06:21:15 0 d--h--w- e:\windows\$hf_mig$
2010-03-08 05:56:10 676224 ----a-w- e:\windows\system32\OGACheckControl.dll
2010-03-07 22:21:46 0 d-----w- e:\docume~1\alluse~1\applic~1\Alwil Software
2010-03-07 22:17:49 31056 ----a-w- e:\windows\system32\BMXStateBkp-{00000003-00000000-00000008-00001102-00000004-20021102}.rfx
2010-03-07 22:17:49 31056 ----a-w- e:\windows\system32\BMXState-{00000003-00000000-00000008-00001102-00000004-20021102}.rfx
2010-03-07 22:17:49 30528 ----a-w- e:\windows\system32\BMXCtrlState-{00000003-00000000-00000008-00001102-00000004-20021102}.rfx
2010-03-07 22:17:49 30528 ----a-w- e:\windows\system32\BMXBkpCtrlState-{00000003-00000000-00000008-00001102-00000004-20021102}.rfx
2010-03-07 22:17:49 11564 ----a-w- e:\windows\system32\DVCState-{00000003-00000000-00000008-00001102-00000004-20021102}.rfx
2010-03-07 22:17:41 4932477 ----a-w- e:\windows\{00000003-00000000-00000008-00001102-00000004-20021102}.BAK
2010-03-07 22:17:30 4174814 ------w- e:\windows\system32\CT4MGM.SF2
2010-03-07 22:17:29 0 d-----w- e:\windows\system32\Defaults
2010-03-07 22:16:57 10624 -c--a-w- e:\windows\system32\dllcache\gameenum.sys
2010-03-07 22:16:57 10624 ----a-w- e:\windows\system32\drivers\gameenum.sys
2010-03-07 22:16:51 7062 ----a-w- e:\windows\system32\audiopid.vxd
2010-03-07 22:16:44 0 d-----w- e:\program files\common files\Creative Labs Shared
2010-03-07 22:16:37 4932477 ----a-w- e:\windows\{00000003-00000000-00000008-00001102-00000004-20021102}.CDF
2010-03-07 22:14:04 6272 -c--a-w- e:\windows\system32\dllcache\splitter.sys
2010-03-07 22:14:04 6272 ----a-w- e:\windows\system32\drivers\splitter.sys
2010-03-07 22:14:01 83072 -c--a-w- e:\windows\system32\dllcache\wdmaud.sys
2010-03-07 22:14:01 83072 ----a-w- e:\windows\system32\drivers\wdmaud.sys
2010-03-07 22:14:00 52864 -c--a-w- e:\windows\system32\dllcache\dmusic.sys
2010-03-07 22:14:00 52864 ----a-w- e:\windows\system32\drivers\DMusic.sys
2010-03-07 22:13:10 0 d-----w- e:\program files\Creative
2010-03-07 22:07:01 17920 -c----w- e:\windows\system32\dllcache\msyuv.dll
2010-03-07 22:05:53 8704 -c----w- e:\windows\system32\dllcache\tsbyuv.dll
2010-03-07 22:05:52 48128 -c----w- e:\windows\system32\dllcache\iyuv_32.dll
2010-03-07 22:05:13 380928 -c----w- e:\windows\system32\dllcache\ieapfltr.dll
2010-03-07 22:05:12 991232 -c----w- e:\windows\system32\dllcache\ieframe.dll.mui
2010-03-07 22:05:12 78336 -c----w- e:\windows\system32\dllcache\ieencode.dll
2010-03-07 22:05:12 78336 ------w- e:\windows\system32\ieencode.dll
2010-03-07 22:05:12 63488 -c----w- e:\windows\system32\dllcache\icardie.dll
2010-03-07 22:05:12 2452872 -c----w- e:\windows\system32\dllcache\ieapfltr.dat
2010-03-07 22:05:12 13824 -c----w- e:\windows\system32\dllcache\ieudinit.exe
2010-03-07 22:01:42 0 d-----w- e:\docume~1\alluse~1\applic~1\NVIDIA Corporation
2010-03-07 22:01:37 0 d-----w- e:\program files\NVIDIA Corporation
2010-03-07 21:51:15 2145280 -c----w- e:\windows\system32\dllcache\ntkrnlmp.exe
2010-03-07 21:51:13 2023936 -c----w- e:\windows\system32\dllcache\ntkrpamp.exe
2010-03-07 21:51:11 2066176 -c----w- e:\windows\system32\dllcache\ntkrnlpa.exe
2010-03-07 21:50:13 456832 -c----w- e:\windows\system32\dllcache\mrxsmb.sys
2010-03-07 21:50:02 107596 ----a-w- E:\toolkit_widget.gif
2010-03-07 21:43:53 2560 ------w- e:\windows\system32\xpsp4res.dll
2010-03-07 21:40:46 0 d-----w- e:\windows\system32\SoftwareDistribution
2010-03-07 21:17:31 0 d-----w- e:\program files\support.com
2010-03-07 21:08:55 15360 ----a-w- e:\windows\system32\drivers\NetMotCM.sys
2010-03-07 21:02:48 0 d-s---w- e:\windows\system32\Microsoft
2010-03-07 21:02:30 8192 ----a-w- e:\windows\REGLOCS.OLD
2010-03-07 21:00:59 9728 -c--a-w- e:\windows\system32\dllcache\rwnh.dll
2010-03-07 20:58:32 0 d-sh--w- e:\documents and settings\all users\DRM
2010-03-07 20:58:05 0 d-----w- e:\program files\Windows Media Connect 2
2010-03-07 20:57:20 0 d-----w- e:\program files\common files\MSSoap
2010-03-07 20:55:38 0 d-----w- e:\program files\Online Services
2010-03-07 20:55:33 0 d-----w- e:\program files\Messenger
2010-03-07 20:55:29 0 d-----w- e:\program files\MSN Gaming Zone
2010-03-07 20:54:54 0 d-----w- e:\program files\Windows NT
2010-03-07 15:50:53 0 d-----w- e:\program files\common files\SpeechEngines
2010-03-07 15:50:30 0 d-----r- e:\documents and settings\all users\Documents

==================== Find3M ====================

2010-03-07 22:13:41 444952 ----a-w- e:\windows\system32\wrap_oal.dll
2010-03-07 22:13:41 109080 ----a-w- e:\windows\system32\OpenAL32.dll
2010-03-07 20:55:56 21640 ----a-w- e:\windows\system32\emptyregdb.dat
2010-01-12 04:03:33 6359168 ----a-w- e:\windows\system32\nv4_disp.dll
2010-01-12 04:03:33 61440 ----a-w- e:\windows\system32\OpenCL.dll
2010-01-12 04:03:33 4104192 ----a-w- e:\windows\system32\nvcuda.dll
2010-01-12 04:03:33 4077672 ----a-w- e:\windows\system32\nvcuvenc.dll
2010-01-12 04:03:33 2283526 ----a-w- e:\windows\system32\nvdata.bin
2010-01-12 04:03:33 2259560 ----a-w- e:\windows\system32\nvcuvid.dll
2010-01-12 04:03:33 182888 ----a-w- e:\windows\system32\nvcodins.dll
2010-01-12 04:03:33 182888 ----a-w- e:\windows\system32\nvcod.dll
2010-01-12 04:03:33 14458880 ----a-w- e:\windows\system32\nvoglnt.dll
2010-01-12 04:03:33 11632640 ----a-w- e:\windows\system32\nvcompiler.dll
2010-01-12 04:03:33 1081344 ----a-w- e:\windows\system32\nvapi.dll
2010-01-12 04:03:33 10276768 ----a-w- e:\windows\system32\drivers\nv4_mini.sys
2010-01-12 03:17:44 278120 ----a-w- e:\windows\system32\nvmccs.dll
2010-01-12 03:17:44 154216 ----a-w- e:\windows\system32\nvsvc32.exe
2010-01-12 03:17:44 145000 ----a-w- e:\windows\system32\nvcolor.exe
2010-01-12 03:17:44 13666408 ----a-w- e:\windows\system32\nvcpl.dll
2010-01-12 03:17:44 110696 ----a-w- e:\windows\system32\nvmctray.dll
2010-01-12 03:17:40 81920 ----a-w- e:\windows\system32\nvwddi.dll
2009-12-21 19:14:05 916480 ----a-w- e:\windows\system32\wininet.dll
2009-12-16 18:43:27 343040 ----a-w- e:\windows\system32\mspaint.exe
2009-12-14 07:08:23 33280 ----a-w- e:\windows\system32\csrsrv.dll

============= FINISH: 10:24:56.87 ===============
Attached Files
File Type: zip Attach.zip (3.4 KB, 8 views)

__________________
styles430 is offline  
Old 03-12-2010, 06:29 AM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
CatByte's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2009
Location: Canada
Posts: 8,866
OS: XP, Vista, Win7



Hi,

Please do the following:

Open FireFox

Go to > tools > add-ons

select the add-on with the name "search tool"

select > uninstall

restart firefox


Next


Go to Start > Control Panel > Add/Remove Programs

a list of installed programs will populate

scroll down till you find " Search Tool" (if it is still there)

Select > Remove


NEXT



Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

__________________


Microsoft MVP 2010, 2011, 2012, 2013
CatByte is offline  
Old 03-12-2010, 11:21 AM   #3
Registered Member
 
Join Date: Oct 2009
Posts: 6
OS: XP SP3



Thanks. I have attached the ComboFix log. I have noticed in the last 24 hours or so AdAware, Malwarebytes or aVast must have done something because the toolbar stopped installing itself, but it was still there in add-ons while I was following your instructions. It hasn't been as bad but I believe something is still there, or was. Here's the log and thanks in advance!
Attached Files
File Type: txt ComboFix.txt (22.4 KB, 11 views)
__________________
styles430 is offline  
Old 03-12-2010, 12:22 PM   #4
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
CatByte's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2009
Location: Canada
Posts: 8,866
OS: XP, Vista, Win7



Hi

Please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

Code:
http://www.techsupportforum.com/f100/need-help-bing-zugo-spyware-virus-467476.html

Collect::
e:\windows\system32\drivers\fgdxi.sys

Driver::
uqtpbxog

DDS::
uStart Page = hxxp://bing.zugo.com/?cfg=2-80-0-xvCb

FireFox::
FF - ProfilePath - e:\documents and settings\Andrew\Application Data\Mozilla\Firefox\Profiles\sf5t2s2w.default\
FF - prefs.js: keyword.URL - hxxp://bing.zugo.com/s/?src=FF-Address&site=Bing&cfg=2-80-0-xvCb&q=
Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

**Note**
When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.


NEXT


  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.




NEXT


Run an on-line scan with Kaspersky

Using Internet Explorer or Firefox, visit Kaspersky On-line Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.
2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
3. Click Run at the Security prompt.
The program will then begin downloading and installing and will also update the database.
Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.


  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply


In your next reply please include
  • ComboFix Log
  • MBAM Log
  • Kaspersky report
__________________


Microsoft MVP 2010, 2011, 2012, 2013
CatByte is offline  
Old 03-12-2010, 05:22 PM   #5
Registered Member
 
Join Date: Oct 2009
Posts: 6
OS: XP SP3



Thanks for all the help so far.

ComboFix 10-03-11.06 - Andrew 03/12/2010 14:36:20.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1278.663 [GMT -5:00]
Running from: e:\documents and settings\Andrew\Desktop\ComboFix.exe
Command switches used :: e:\documents and settings\Andrew\Desktop\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_uqtpbxog


((((((((((((((((((((((((( Files Created from 2010-02-12 to 2010-03-12 )))))))))))))))))))))))))))))))
.

2010-03-12 08:01 . 2008-07-08 13:45 4984 ----a-w- e:\windows\system32\drivers\nvphy.bin
2010-03-12 08:01 . 2008-07-30 01:33 446464 ----a-w- e:\windows\system32\nvunrm.exe
2010-03-12 08:01 . 2008-07-30 01:33 446464 ----a-w- e:\windows\system32\nvuninst.exe
2010-03-12 02:48 . 2010-03-12 02:48 -------- d-sh--w- e:\documents and settings\Andrew\IECompatCache
2010-03-11 17:37 . 2008-04-14 05:15 26368 -c--a-w- e:\windows\system32\dllcache\usbstor.sys
2010-03-11 16:01 . 2010-03-11 18:30 -------- d-----w- e:\documents and settings\Andrew\Application Data\Apple Computer
2010-03-11 16:01 . 2009-05-18 19:17 26600 ----a-w- e:\windows\system32\drivers\GEARAspiWDM.sys
2010-03-11 16:01 . 2008-04-17 18:12 107368 ----a-w- e:\windows\system32\GEARAspi.dll
2010-03-11 16:00 . 2010-03-11 16:00 -------- d-----w- e:\program files\iPod
2010-03-11 16:00 . 2010-03-11 16:01 -------- d-----w- e:\program files\iTunes
2010-03-11 16:00 . 2010-03-11 16:01 -------- d-----w- e:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-03-11 16:00 . 2010-03-11 16:00 -------- d-----w- e:\program files\Bonjour
2010-03-11 16:00 . 2010-03-11 16:00 -------- d-----w- e:\documents and settings\All Users\Application Data\Apple Computer
2010-03-11 16:00 . 2010-03-11 16:00 -------- d-----w- e:\program files\QuickTime
2010-03-11 15:59 . 2010-03-11 15:59 -------- d-----w- e:\documents and settings\Andrew\Local Settings\Application Data\Apple
2010-03-11 15:59 . 2010-03-11 15:59 -------- d-----w- e:\program files\Apple Software Update
2010-03-11 15:59 . 2010-03-11 16:00 -------- d-----w- e:\program files\Common Files\Apple
2010-03-11 15:59 . 2010-03-11 15:59 -------- d-----w- e:\documents and settings\All Users\Application Data\Apple
2010-03-11 15:59 . 2010-03-12 19:15 -------- d-----w- e:\documents and settings\Andrew\Local Settings\Application Data\Apple Computer
2010-03-09 20:43 . 2008-06-27 06:39 332928 ----a-w- e:\windows\system32\drivers\RTL8187.sys
2010-03-09 20:43 . 2010-03-09 20:43 21035 ----a-w- e:\windows\system32\drivers\AegisP.sys
2010-03-09 20:42 . 2006-11-15 21:23 38144 ----a-r- e:\windows\system32\drivers\EAPPkt.sys
2010-03-09 20:42 . 2010-03-09 20:42 -------- d-----w- e:\windows\system32\RTL8187
2010-03-09 20:42 . 2010-03-09 20:43 -------- d-----w- e:\program files\REALTEK USB Wireless LAN Driver and Utility
2010-03-09 20:42 . 2010-03-09 20:42 -------- d-----w- e:\documents and settings\Andrew\Application Data\InstallShield
2010-03-09 15:55 . 2009-10-20 16:20 265728 -c----w- e:\windows\system32\dllcache\http.sys
2010-03-09 07:11 . 2010-03-09 07:11 -------- d-sh--w- e:\documents and settings\Administrator\IETldCache
2010-03-09 07:11 . 2010-03-09 07:11 -------- d-----w- e:\documents and settings\Administrator\Application Data\Malwarebytes
2010-03-09 06:37 . 2010-03-09 06:37 -------- d-----w- e:\documents and settings\Andrew\Application Data\Malwarebytes
2010-03-09 06:37 . 2010-01-07 21:07 38224 ----a-w- e:\windows\system32\drivers\mbamswissarmy.sys
2010-03-09 06:37 . 2010-03-09 06:37 -------- d-----w- e:\program files\Malwarebytes' Anti-Malware
2010-03-09 06:37 . 2010-03-09 06:37 -------- d-----w- e:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-09 06:37 . 2010-01-07 21:07 19160 ----a-w- e:\windows\system32\drivers\mbam.sys
2010-03-09 02:53 . 2010-03-09 02:53 -------- d-----w- e:\documents and settings\Andrew\Application Data\Canneverbe Limited
2010-03-09 02:53 . 2010-03-09 02:53 -------- d-----w- e:\documents and settings\All Users\Application Data\Canneverbe Limited
2010-03-08 17:49 . 2009-11-12 18:48 7168 ----a-w- e:\windows\system32\drivers\StarOpen.sys
2010-03-08 17:48 . 2010-03-08 17:49 -------- d-----w- e:\program files\CDBurnerXP
2010-03-08 17:40 . 2008-04-14 12:00 26624 ----a-w- e:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2010-03-08 08:22 . 2010-03-08 08:10 15880 ----a-w- e:\windows\system32\lsdelete.exe
2010-03-08 08:12 . 2010-03-08 08:12 -------- d-sh--w- e:\windows\system32\config\systemprofile\IETldCache
2010-03-08 08:09 . 2010-03-08 08:09 -------- dc-h--w- e:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-03-08 08:09 . 2010-02-04 15:53 2954656 -c--a-w- e:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
2010-03-08 08:09 . 2010-03-08 08:10 -------- d-----w- e:\documents and settings\All Users\Application Data\Lavasoft
2010-03-08 08:09 . 2010-03-08 08:09 -------- d-----w- e:\program files\Lavasoft
2010-03-08 07:40 . 2010-03-08 07:40 -------- d-----w- e:\documents and settings\All Users\Application Data\Toolbar4
2010-03-08 07:13 . 2010-03-08 07:13 -------- d-----w- e:\program files\Google
2010-03-08 06:55 . 2010-03-08 06:55 -------- d-sh--w- e:\documents and settings\Andrew\PrivacIE
2010-03-08 06:52 . 2010-03-08 06:52 -------- d-sh--w- e:\documents and settings\Andrew\IETldCache
2010-03-08 06:45 . 2010-03-08 06:45 -------- d-----w- e:\program files\MSXML 4.0
2010-03-08 06:42 . 2009-12-11 08:38 69120 -c----w- e:\windows\system32\dllcache\iecompat.dll
2010-03-08 06:42 . 2010-03-09 15:15 -------- d-----w- e:\windows\ie8updates
2010-03-08 06:41 . 2009-12-21 19:14 12800 -c----w- e:\windows\system32\dllcache\xpshims.dll
2010-03-08 06:41 . 2009-12-21 19:14 594432 -c----w- e:\windows\system32\dllcache\msfeeds.dll
2010-03-08 06:41 . 2009-12-21 19:14 55296 -c----w- e:\windows\system32\dllcache\msfeedsbs.dll
2010-03-08 06:41 . 2009-12-21 19:14 246272 -c----w- e:\windows\system32\dllcache\ieproxy.dll
2010-03-08 06:41 . 2009-12-21 19:14 1985536 -c----w- e:\windows\system32\dllcache\iertutil.dll
2010-03-08 06:41 . 2009-12-21 19:14 11070464 -c----w- e:\windows\system32\dllcache\ieframe.dll
2010-03-08 06:39 . 2010-03-08 06:41 -------- dc-h--w- e:\windows\ie8
2010-03-08 06:34 . 2009-03-11 03:18 453512 ----a-w- e:\windows\system32\KB905474\wgasetup.exe
2010-03-08 06:34 . 2010-03-08 06:53 -------- d-----w- e:\windows\system32\KB905474
2010-03-08 06:21 . 2010-03-11 08:01 -------- d--h--w- e:\windows\$hf_mig$
2010-03-07 22:22 . 2010-03-09 11:12 162640 ----a-w- e:\windows\system32\drivers\aswSP.sys
2010-03-07 22:22 . 2010-03-09 11:08 19024 ----a-w- e:\windows\system32\drivers\aswFsBlk.sys
2010-03-07 22:22 . 2010-03-09 11:09 23376 ----a-w- e:\windows\system32\drivers\aswRdr.sys
2010-03-07 22:22 . 2010-03-09 11:12 46672 ----a-w- e:\windows\system32\drivers\aswTdi.sys
2010-03-07 22:22 . 2010-03-09 11:08 100432 ----a-w- e:\windows\system32\drivers\aswmon2.sys
2010-03-07 22:22 . 2010-03-09 11:08 94800 ----a-w- e:\windows\system32\drivers\aswmon.sys
2010-03-07 22:22 . 2010-03-09 11:08 28880 ----a-w- e:\windows\system32\drivers\aavmker4.sys
2010-03-07 22:21 . 2010-03-09 11:24 153184 ----a-w- e:\windows\system32\aswBoot.exe
2010-03-07 22:21 . 2010-02-11 18:53 38848 ----a-w- e:\windows\system32\avastSS.scr
2010-03-07 22:21 . 2010-03-07 22:21 -------- d-----w- e:\program files\Alwil Software
2010-03-07 22:21 . 2010-03-07 22:21 -------- d-----w- e:\documents and settings\All Users\Application Data\Alwil Software
2010-03-07 22:18 . 2010-03-07 22:18 -------- d-----w- e:\documents and settings\All Users\Application Data\Creative
2010-03-07 22:17 . 2010-03-07 22:17 -------- d-----w- e:\windows\system32\Defaults
2010-03-07 22:16 . 2008-04-14 05:15 10624 -c--a-w- e:\windows\system32\dllcache\gameenum.sys
2010-03-07 22:16 . 2008-04-14 05:15 10624 ----a-w- e:\windows\system32\drivers\gameenum.sys
2010-03-07 22:16 . 2010-03-07 22:16 -------- d-----w- e:\program files\Common Files\Creative Labs Shared
2010-03-07 22:14 . 2008-04-14 05:15 6272 -c--a-w- e:\windows\system32\dllcache\splitter.sys
2010-03-07 22:14 . 2008-04-14 05:15 6272 ----a-w- e:\windows\system32\drivers\splitter.sys
2010-03-07 22:14 . 2008-04-14 05:47 83072 -c--a-w- e:\windows\system32\dllcache\wdmaud.sys
2010-03-07 22:14 . 2008-04-14 05:47 83072 ----a-w- e:\windows\system32\drivers\wdmaud.sys
2010-03-07 22:14 . 2008-04-14 05:15 52864 -c--a-w- e:\windows\system32\dllcache\dmusic.sys
2010-03-07 22:14 . 2008-04-14 05:15 52864 ----a-w- e:\windows\system32\drivers\DMusic.sys
2010-03-07 22:12 . 2010-03-07 22:12 -------- d-----w- e:\program files\Common Files\InstallShield
2010-03-07 22:09 . 2010-03-07 22:13 -------- d-----w- e:\documents and settings\All Users\Application Data\NOS
2010-03-07 22:09 . 2010-03-07 22:09 -------- d-----w- e:\program files\NOS
2010-03-07 22:09 . 2010-02-20 00:31 31936 ----a-w- e:\documents and settings\Andrew\Application Data\Mozilla\Firefox\Profiles\sf5t2s2w.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
2010-03-07 22:09 . 2010-02-20 00:31 29344 ----a-w- e:\documents and settings\Andrew\Application Data\Mozilla\Firefox\Profiles\sf5t2s2w.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe
2010-03-07 22:07 . 2009-11-27 17:23 17920 -c----w- e:\windows\system32\dllcache\msyuv.dll
2010-03-07 22:05 . 2009-11-27 16:07 8704 -c----w- e:\windows\system32\dllcache\tsbyuv.dll
2010-03-07 22:05 . 2009-11-27 16:07 48128 -c----w- e:\windows\system32\dllcache\iyuv_32.dll
2010-03-07 22:05 . 2010-01-05 09:57 380928 -c----w- e:\windows\system32\dllcache\ieapfltr.dll
2010-03-07 22:05 . 2010-01-05 09:57 78336 -c----w- e:\windows\system32\dllcache\ieencode.dll
2010-03-07 22:05 . 2010-01-05 09:57 78336 ------w- e:\windows\system32\ieencode.dll
2010-03-07 22:05 . 2010-01-05 09:57 63488 -c----w- e:\windows\system32\dllcache\icardie.dll
2010-03-07 22:05 . 2010-01-01 06:55 13824 -c----w- e:\windows\system32\dllcache\ieudinit.exe
2010-03-07 22:05 . 2009-06-29 08:33 2452872 -c----w- e:\windows\system32\dllcache\ieapfltr.dat
2010-03-07 21:51 . 2009-12-08 18:20 2145280 -c----w- e:\windows\system32\dllcache\ntkrnlmp.exe
2010-03-07 21:51 . 2009-12-08 17:40 2023936 -c----w- e:\windows\system32\dllcache\ntkrpamp.exe
2010-03-07 21:51 . 2009-12-09 17:40 2066176 -c----w- e:\windows\system32\dllcache\ntkrnlpa.exe
2010-03-07 21:50 . 2009-12-04 17:25 456832 -c----w- e:\windows\system32\dllcache\mrxsmb.sys
2010-03-07 21:43 . 2008-05-03 11:55 2560 ------w- e:\windows\system32\xpsp4res.dll
2010-03-07 21:43 . 2010-03-07 21:43 0 ----a-w- e:\windows\nsreg.dat
2010-03-07 21:43 . 2010-03-07 21:43 -------- d-----w- e:\documents and settings\Andrew\Local Settings\Application Data\Mozilla
2010-03-07 21:41 . 2010-03-09 02:53 12328 ----a-w- e:\documents and settings\Andrew\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-07 21:17 . 2010-03-07 21:17 -------- d-----w- e:\program files\support.com
2010-03-07 21:17 . 2010-03-07 21:17 -------- d-----w- e:\documents and settings\All Users\Application Data\Support.com
2010-03-07 21:08 . 2004-09-29 20:36 15360 ----a-w- e:\windows\system32\drivers\NetMotCM.sys
2010-03-07 21:07 . 2010-03-07 21:07 -------- d-----w- e:\program files\Common Files\Adobe
2010-03-07 21:00 . 2008-04-14 12:00 9728 -c--a-w- e:\windows\system32\dllcache\rwnh.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-09 20:42 . 2010-03-07 22:13 -------- d--h--w- e:\program files\InstallShield Installation Information
2010-03-08 17:45 . 2010-03-08 17:45 -------- d-----w- e:\program files\MSBuild
2010-03-08 17:45 . 2010-03-08 17:45 -------- d-----w- e:\program files\Reference Assemblies
2010-03-08 06:52 . 2010-03-07 20:57 -------- d-----w- e:\program files\Microsoft Silverlight
2010-03-08 05:56 . 2010-03-07 22:20 -------- d-----w- e:\documents and settings\Andrew\Application Data\Winamp
2010-03-07 22:20 . 2010-03-07 22:20 -------- d-----w- e:\program files\Winamp
2010-03-07 22:16 . 2010-03-07 22:13 -------- d-----w- e:\program files\Creative
2010-03-07 22:13 . 2010-03-07 22:13 444952 ----a-w- e:\windows\system32\wrap_oal.dll
2010-03-07 22:13 . 2010-03-07 22:13 109080 ----a-w- e:\windows\system32\OpenAL32.dll
2010-03-07 22:13 . 2010-03-07 22:13 -------- d-----w- e:\documents and settings\Andrew\Application Data\Creative
2010-01-12 03:17 . 2010-01-12 03:17 278120 ----a-w- e:\windows\system32\nvmccs.dll
2010-01-12 03:17 . 2010-01-12 03:17 154216 ----a-w- e:\windows\system32\nvsvc32.exe
2010-01-12 03:17 . 2010-01-12 03:17 145000 ----a-w- e:\windows\system32\nvcolor.exe
2010-01-12 03:17 . 2010-01-12 03:17 13666408 ----a-w- e:\windows\system32\nvcpl.dll
2010-01-12 03:17 . 2010-01-12 03:17 110696 ----a-w- e:\windows\system32\nvmctray.dll
2010-01-12 03:17 . 2010-01-12 03:17 81920 ----a-w- e:\windows\system32\nvwddi.dll
2009-12-31 16:50 . 2008-04-14 12:00 353792 ----a-w- e:\windows\system32\drivers\srv.sys
2009-12-21 19:14 . 2008-06-23 16:01 916480 ------w- e:\windows\system32\wininet.dll
2009-12-16 18:43 . 2010-03-07 20:54 343040 ----a-w- e:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2008-04-14 12:00 33280 ----a-w- e:\windows\system32\csrsrv.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-03-12_18.17.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-07 21:02 . 2010-03-12 19:01 32768 e:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2010-03-07 21:02 . 2010-03-12 08:41 32768 e:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2010-03-07 21:02 . 2010-03-12 08:41 32768 e:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2010-03-07 21:02 . 2010-03-12 19:01 32768 e:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2010-03-12 19:01 . 2010-03-12 19:01 16384 e:\windows\system32\config\systemprofile\Cookies\index.dat
- 2010-03-07 21:02 . 2010-03-12 08:41 16384 e:\windows\system32\config\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="e:\windows\system32\NvMcTray.dll" [2010-01-12 110696]
"NvCplDaemon"="e:\windows\system32\NvCpl.dll" [2010-01-12 13666408]
"CTHelper"="CTHELPER.EXE" [2009-06-23 19456]
"WinampAgent"="e:\program files\Winamp\winampa.exe" [2010-01-13 37888]
"avast5"="e:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-03-09 2769336]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="e:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"QuickTime Task"="e:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="e:\program files\iTunes\iTunesHelper.exe" [2010-02-15 141608]

e:\documents and settings\All Users\Start Menu\Programs\Startup\
REALTEK USB Wireless LAN Utility.lnk - e:\program files\REALTEK USB Wireless LAN Driver and Utility\RtWLan.exe [2010-3-9 794624]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"e:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"e:\\Program Files\\iTunes\\iTunes.exe"=

R0 Lbd;Lbd;e:\windows\system32\drivers\Lbd.sys [3/8/2010 3:10 AM 64288]
R1 aswSP;aswSP;e:\windows\system32\drivers\aswSP.sys [3/7/2010 5:22 PM 162640]
R2 aswFsBlk;aswFsBlk;e:\windows\system32\drivers\aswFsBlk.sys [3/7/2010 5:22 PM 19024]
R2 EAPPkt;Realtek EAPPkt Protocol;e:\windows\system32\drivers\EAPPkt.sys [3/9/2010 3:42 PM 38144]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;e:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 10:52 AM 1229232]
R3 COMMONFX.SYS;COMMONFX.SYS;e:\windows\system32\drivers\COMMONFX.sys [6/23/2009 1:34 PM 99352]
R3 CTAUDFX.SYS;CTAUDFX.SYS;e:\windows\system32\drivers\CTAUDFX.sys [6/23/2009 1:34 PM 555032]
R3 CTSBLFX.SYS;CTSBLFX.SYS;e:\windows\system32\drivers\CTSBLFX.sys [6/23/2009 1:34 PM 566296]
R3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;e:\windows\system32\drivers\RTL8187.sys [3/9/2010 3:43 PM 332928]
S3 COMMONFX;COMMONFX;e:\windows\system32\drivers\COMMONFX.sys [6/23/2009 1:34 PM 99352]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;e:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [3/7/2010 5:16 PM 79360]
S3 CTAUDFX;CTAUDFX;e:\windows\system32\drivers\CTAUDFX.sys [6/23/2009 1:34 PM 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;e:\windows\system32\drivers\CTERFXFX.sys [6/23/2009 1:35 PM 100888]
S3 CTERFXFX;CTERFXFX;e:\windows\system32\drivers\CTERFXFX.sys [6/23/2009 1:35 PM 100888]
S3 CTSBLFX;CTSBLFX;e:\windows\system32\drivers\CTSBLFX.sys [6/23/2009 1:34 PM 566296]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-03-12 e:\windows\Tasks\Ad-Aware Update (Weekly).job
- e:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 08:10]

2010-03-11 e:\windows\Tasks\AppleSoftwareUpdate.job
- e:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - e:\documents and settings\Andrew\Application Data\Mozilla\Firefox\Profiles\sf5t2s2w.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - plugin: e:\documents and settings\Andrew\Application Data\Mozilla\Firefox\Profiles\sf5t2s2w.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - e:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
e:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
e:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
e:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
e:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-12 14:40
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3264)
e:\windows\system32\WININET.dll
e:\windows\system32\msi.dll
e:\windows\system32\ieframe.dll
e:\windows\system32\webcheck.dll
e:\windows\system32\WPDShServiceObj.dll
e:\windows\system32\PortableDeviceTypes.dll
e:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
e:\windows\system32\nvsvc32.exe
e:\program files\Alwil Software\Avast5\AvastSvc.exe
e:\windows\system32\RUNDLL32.EXE
e:\program files\Creative\Shared Files\CTAudSvc.exe
e:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
e:\program files\Bonjour\mDNSResponder.exe
e:\program files\CDBurnerXP\NMSAccessU.exe
e:\windows\system32\wbem\unsecapp.exe
e:\program files\iPod\bin\iPodService.exe
e:\windows\system32\wscntfy.exe
e:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Completion time: 2010-03-12 14:41:58 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-12 19:41
ComboFix2.txt 2010-03-12 18:18

Pre-Run: 310,213,664,768 bytes free
Post-Run: 310,120,796,160 bytes free

- - End Of File - - 80684CAAF0C3B4A9FF3CF8E5E1376435


Malwarebytes' Anti-Malware 1.44
Database version: 3861
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

3/12/2010 3:24:37 PM
mbam-log-2010-03-12 (15-24-37).txt

Scan type: Quick Scan
Objects scanned: 120779
Time elapsed: 2 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Friday, March 12, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Friday, March 12, 2010 11:28:18
Records in database: 3777294
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
D:\
E:\
M:\

Scan statistics:
Objects scanned: 76648
Threats found: 1
Infected objects found: 9
Suspicious objects found: 0
Scan duration: 01:05:43


File name / Threat / Threats count
E:\System Volume Information\_restore{4FF28AEA-6003-429B-A3A8-7943973064C7}\RP15\A0004470.dll Infected: not-a-virus:AdWare.Win32.EZula.aos 1
E:\System Volume Information\_restore{4FF28AEA-6003-429B-A3A8-7943973064C7}\RP22\A0004770.dll Infected: not-a-virus:AdWare.Win32.EZula.aos 1
E:\System Volume Information\_restore{4FF28AEA-6003-429B-A3A8-7943973064C7}\RP22\A0004771.dll Infected: not-a-virus:AdWare.Win32.EZula.aos 1
E:\System Volume Information\_restore{4FF28AEA-6003-429B-A3A8-7943973064C7}\RP22\A0004773.dll Infected: not-a-virus:AdWare.Win32.EZula.aos 1
E:\System Volume Information\_restore{4FF28AEA-6003-429B-A3A8-7943973064C7}\RP9\A0000688.dll Infected: not-a-virus:AdWare.Win32.EZula.aos 1
E:\System Volume Information\_restore{4FF28AEA-6003-429B-A3A8-7943973064C7}\RP9\A0001706.dll Infected: not-a-virus:AdWare.Win32.EZula.aos 1
E:\System Volume Information\_restore{4FF28AEA-6003-429B-A3A8-7943973064C7}\RP9\A0001709.dll Infected: not-a-virus:AdWare.Win32.EZula.aos 1
E:\System Volume Information\_restore{4FF28AEA-6003-429B-A3A8-7943973064C7}\RP9\A0003774.dll Infected: not-a-virus:AdWare.Win32.EZula.aos 1
E:\System Volume Information\_restore{4FF28AEA-6003-429B-A3A8-7943973064C7}\RP9\A0003783.dll Infected: not-a-virus:AdWare.Win32.EZula.aos 1

Selected area has been scanned.
Attached Files
File Type: txt ComboFix Log.txt (23.9 KB, 4 views)
File Type: txt Kaspersky report.txt (2.1 KB, 3 views)
__________________
styles430 is offline  
Old 03-12-2010, 05:29 PM   #6
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
CatByte's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2009
Location: Canada
Posts: 8,866
OS: XP, Vista, Win7



Hi,

The items found by Kaspersky are in old system restore points which we will clean up shortly.

Please post a fresh DDS log and advise how your computer is running now and if there are any outstanding issues.
__________________


Microsoft MVP 2010, 2011, 2012, 2013
CatByte is offline  
Old 03-12-2010, 05:57 PM   #7
Registered Member
 
Join Date: Oct 2009
Posts: 6
OS: XP SP3



My computer seems to be running great with no problems that I can see, even after reboot. I have posted a fresh DDS log. Thanks again for all the help, it's greatly appreciated.


DDS (Ver_09-12-01.01) - NTFSx86
Run by Andrew at 19:56:04.18 on Fri 03/12/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1278.662 [GMT -5:00]

AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
E:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
E:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Alwil Software\Avast5\AvastSvc.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Creative\Shared Files\CTAudSvc.exe
svchost.exe
E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
E:\Program Files\Bonjour\mDNSResponder.exe
E:\Program Files\Java\jre6\bin\jqs.exe
E:\Program Files\CDBurnerXP\NMSAccessU.exe
E:\WINDOWS\system32\RUNDLL32.EXE
E:\WINDOWS\system32\CTHELPER.EXE
E:\Program Files\Winamp\winampa.exe
E:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
E:\Program Files\Google\Gmail Notifier\gnotify.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\Java\jre6\bin\jusched.exe
E:\Program Files\REALTEK USB Wireless LAN Driver and Utility\RtWLan.exe
E:\WINDOWS\System32\svchost.exe -k HTTPFilter
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\Program Files\Winamp\winamp.exe
E:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
E:\Documents and Settings\Andrew\Desktop\Download\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - e:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - e:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - No File
mRun: [NvMediaCenter] RUNDLL32.EXE e:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE e:\windows\system32\NvCpl.dll,NvStartup
mRun: [CTHelper] CTHELPER.EXE
mRun: [WinampAgent] "e:\program files\winamp\winampa.exe"
mRun: [avast5] e:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] e:\program files\google\gmail notifier\gnotify.exe
mRun: [QuickTime Task] "e:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "e:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "e:\program files\java\jre6\bin\jusched.exe"
StartupFolder: e:\docume~1\alluse~1\startm~1\programs\startup\realte~1.lnk - e:\program files\realtek usb wireless lan driver and utility\RtWLan.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - e:\program files\messenger\msmsgs.exe
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15111/CTPID.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - e:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - e:\docume~1\andrew\applic~1\mozilla\firefox\profiles\sf5t2s2w.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - plugin: e:\documents and settings\andrew\application data\mozilla\firefox\profiles\sf5t2s2w.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - e:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - e:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
e:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
e:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
e:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
e:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
e:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
e:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
e:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
e:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
e:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
e:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
e:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
e:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
e:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
e:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
e:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
e:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
e:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
e:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
e:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
e:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
e:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;e:\windows\system32\drivers\Lbd.sys [2010-3-8 64288]
R1 aswSP;aswSP;e:\windows\system32\drivers\aswSP.sys [2010-3-7 162640]
R2 aswFsBlk;aswFsBlk;e:\windows\system32\drivers\aswFsBlk.sys [2010-3-7 19024]
R2 avast! Antivirus;avast! Antivirus;e:\program files\alwil software\avast5\AvastSvc.exe [2010-3-7 40384]
R2 EAPPkt;Realtek EAPPkt Protocol;e:\windows\system32\drivers\EAPPkt.sys [2010-3-9 38144]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;e:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1229232]
R3 COMMONFX.SYS;COMMONFX.SYS;e:\windows\system32\drivers\COMMONFX.sys [2009-6-23 99352]
R3 CTAUDFX.SYS;CTAUDFX.SYS;e:\windows\system32\drivers\CTAUDFX.sys [2009-6-23 555032]
R3 CTSBLFX.SYS;CTSBLFX.SYS;e:\windows\system32\drivers\CTSBLFX.sys [2009-6-23 566296]
R3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;e:\windows\system32\drivers\RTL8187.sys [2010-3-9 332928]
S3 avast! Mail Scanner;avast! Mail Scanner;e:\program files\alwil software\avast5\AvastSvc.exe [2010-3-7 40384]
S3 avast! Web Scanner;avast! Web Scanner;e:\program files\alwil software\avast5\AvastSvc.exe [2010-3-7 40384]
S3 COMMONFX;COMMONFX;e:\windows\system32\drivers\COMMONFX.sys [2009-6-23 99352]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;e:\program files\common files\creative labs shared\service\CTAELicensing.exe [2010-3-7 79360]
S3 CTAUDFX;CTAUDFX;e:\windows\system32\drivers\CTAUDFX.sys [2009-6-23 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;e:\windows\system32\drivers\CTERFXFX.sys [2009-6-23 100888]
S3 CTERFXFX;CTERFXFX;e:\windows\system32\drivers\CTERFXFX.sys [2009-6-23 100888]
S3 CTSBLFX;CTSBLFX;e:\windows\system32\drivers\CTSBLFX.sys [2009-6-23 566296]

=============== Created Last 30 ================

2010-03-12 20:28:23 73728 ----a-w- e:\windows\system32\javacpl.cpl
2010-03-12 20:28:23 411368 ----a-w- e:\windows\system32\deploytk.dll
2010-03-12 08:01:40 4984 ----a-w- e:\windows\system32\drivers\nvphy.bin
2010-03-12 08:01:39 6045 ----a-w- e:\windows\system32\nvnrm.nvu
2010-03-12 08:01:39 446464 ----a-w- e:\windows\system32\nvunrm.exe
2010-03-12 08:01:39 446464 ----a-w- e:\windows\system32\nvuninst.exe
2010-03-12 08:01:23 0 d-----w- e:\windows\system32\ReinstallBackups
2010-03-12 02:48:07 0 d-sh--w- e:\documents and settings\andrew\IECompatCache
2010-03-11 17:37:11 26368 -c--a-w- e:\windows\system32\dllcache\usbstor.sys
2010-03-11 16:01:08 26600 ----a-w- e:\windows\system32\drivers\GEARAspiWDM.sys
2010-03-11 16:01:08 107368 ----a-w- e:\windows\system32\GEARAspi.dll
2010-03-11 16:00:42 0 d-----w- e:\program files\iPod
2010-03-11 16:00:39 0 d-----w- e:\program files\iTunes
2010-03-11 16:00:39 0 d-----w- e:\docume~1\alluse~1\applic~1\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-03-11 16:00:27 0 d-----w- e:\program files\Bonjour
2010-03-09 20:43:18 332928 ----a-w- e:\windows\system32\drivers\RTL8187.sys
2010-03-09 20:43:01 21035 ----a-w- e:\windows\system32\drivers\AegisP.sys
2010-03-09 20:42:56 38144 ----a-r- e:\windows\system32\drivers\EAPPkt.sys
2010-03-09 20:42:56 3078 ----a-r- e:\windows\system32\drivers\EAPPkt.inf
2010-03-09 20:42:55 0 d-----w- e:\windows\system32\RTL8187
2010-03-09 20:42:51 0 d-----w- e:\program files\REALTEK USB Wireless LAN Driver and Utility
2010-03-09 15:55:45 265728 -c----w- e:\windows\system32\dllcache\http.sys
2010-03-09 06:37:11 0 d-----w- e:\docume~1\andrew\applic~1\Malwarebytes
2010-03-09 06:37:03 38224 ----a-w- e:\windows\system32\drivers\mbamswissarmy.sys
2010-03-09 06:37:02 19160 ----a-w- e:\windows\system32\drivers\mbam.sys
2010-03-09 06:37:02 0 d-----w- e:\program files\Malwarebytes' Anti-Malware
2010-03-09 06:37:02 0 d-----w- e:\docume~1\alluse~1\applic~1\Malwarebytes
2010-03-09 02:53:39 0 d-----w- e:\docume~1\andrew\applic~1\Canneverbe Limited
2010-03-09 02:53:31 0 d-----w- e:\docume~1\alluse~1\applic~1\Canneverbe Limited
2010-03-08 17:49:03 7168 ----a-w- e:\windows\system32\drivers\StarOpen.sys
2010-03-08 17:45:51 0 d-----w- e:\windows\system32\XPSViewer
2010-03-08 17:45:00 89088 -c----w- e:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-03-08 17:45:00 597504 -c----w- e:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-03-08 17:45:00 575488 -c----w- e:\windows\system32\dllcache\xpsshhdr.dll
2010-03-08 17:45:00 575488 ------w- e:\windows\system32\xpsshhdr.dll
2010-03-08 17:45:00 1676288 -c----w- e:\windows\system32\dllcache\xpssvcs.dll
2010-03-08 17:45:00 1676288 ------w- e:\windows\system32\xpssvcs.dll
2010-03-08 17:45:00 117760 ------w- e:\windows\system32\prntvpt.dll
2010-03-08 17:45:00 0 d-----w- E:\0c53756d8931f3ffbac4c03cb5
2010-03-08 08:22:17 15880 ----a-w- e:\windows\system32\lsdelete.exe
2010-03-08 08:10:42 64288 ----a-w- e:\windows\system32\drivers\Lbd.sys
2010-03-08 08:10:36 95024 ----a-w- e:\windows\system32\drivers\SBREDrv.sys
2010-03-08 08:09:22 0 dc-h--w- e:\docume~1\alluse~1\applic~1\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-03-08 08:09:08 0 d-----w- e:\program files\Lavasoft
2010-03-08 07:40:59 0 d-----w- e:\docume~1\alluse~1\applic~1\Toolbar4
2010-03-08 06:55:40 0 d-sh--w- e:\documents and settings\andrew\PrivacIE
2010-03-08 06:52:58 0 d-sh--w- e:\documents and settings\andrew\IETldCache
2010-03-08 06:45:03 0 d-----w- e:\program files\MSXML 4.0
2010-03-08 06:42:29 69120 -c----w- e:\windows\system32\dllcache\iecompat.dll
2010-03-08 06:42:08 0 d-----w- e:\windows\ie8updates
2010-03-08 06:41:53 12800 -c----w- e:\windows\system32\dllcache\xpshims.dll
2010-03-08 06:41:52 594432 -c----w- e:\windows\system32\dllcache\msfeeds.dll
2010-03-08 06:41:52 55296 -c----w- e:\windows\system32\dllcache\msfeedsbs.dll
2010-03-08 06:41:51 246272 -c----w- e:\windows\system32\dllcache\ieproxy.dll
2010-03-08 06:41:51 1985536 -c----w- e:\windows\system32\dllcache\iertutil.dll
2010-03-08 06:41:51 11070464 -c----w- e:\windows\system32\dllcache\ieframe.dll
2010-03-08 06:39:45 0 dc-h--w- e:\windows\ie8
2010-03-08 06:34:25 0 d-----w- e:\windows\system32\KB905474
2010-03-08 06:21:15 0 d--h--w- e:\windows\$hf_mig$
2010-03-07 22:21:46 0 d-----w- e:\docume~1\alluse~1\applic~1\Alwil Software
2010-03-07 22:17:49 31056 ----a-w- e:\windows\system32\BMXStateBkp-{00000003-00000000-00000008-00001102-00000004-20021102}.rfx
2010-03-07 22:17:49 31056 ----a-w- e:\windows\system32\BMXState-{00000003-00000000-00000008-00001102-00000004-20021102}.rfx
2010-03-07 22:17:49 30528 ----a-w- e:\windows\system32\BMXCtrlState-{00000003-00000000-00000008-00001102-00000004-20021102}.rfx
2010-03-07 22:17:49 30528 ----a-w- e:\windows\system32\BMXBkpCtrlState-{00000003-00000000-00000008-00001102-00000004-20021102}.rfx
2010-03-07 22:17:49 11564 ----a-w- e:\windows\system32\DVCState-{00000003-00000000-00000008-00001102-00000004-20021102}.rfx
2010-03-07 22:17:41 4932477 ----a-w- e:\windows\{00000003-00000000-00000008-00001102-00000004-20021102}.BAK
2010-03-07 22:17:30 4174814 ------w- e:\windows\system32\CT4MGM.SF2
2010-03-07 22:17:29 0 d-----w- e:\windows\system32\Defaults
2010-03-07 22:16:57 10624 -c--a-w- e:\windows\system32\dllcache\gameenum.sys
2010-03-07 22:16:57 10624 ----a-w- e:\windows\system32\drivers\gameenum.sys
2010-03-07 22:16:51 7062 ----a-w- e:\windows\system32\audiopid.vxd
2010-03-07 22:16:44 0 d-----w- e:\program files\common files\Creative Labs Shared
2010-03-07 22:16:37 4932477 ----a-w- e:\windows\{00000003-00000000-00000008-00001102-00000004-20021102}.CDF
2010-03-07 22:14:04 6272 -c--a-w- e:\windows\system32\dllcache\splitter.sys
2010-03-07 22:14:04 6272 ----a-w- e:\windows\system32\drivers\splitter.sys
2010-03-07 22:14:01 83072 -c--a-w- e:\windows\system32\dllcache\wdmaud.sys
2010-03-07 22:14:01 83072 ----a-w- e:\windows\system32\drivers\wdmaud.sys
2010-03-07 22:14:00 52864 -c--a-w- e:\windows\system32\dllcache\dmusic.sys
2010-03-07 22:14:00 52864 ----a-w- e:\windows\system32\drivers\DMusic.sys
2010-03-07 22:13:10 0 d-----w- e:\program files\Creative
2010-03-07 22:07:01 17920 -c----w- e:\windows\system32\dllcache\msyuv.dll
2010-03-07 22:05:53 8704 -c----w- e:\windows\system32\dllcache\tsbyuv.dll
2010-03-07 22:05:52 48128 -c----w- e:\windows\system32\dllcache\iyuv_32.dll
2010-03-07 22:05:13 380928 -c----w- e:\windows\system32\dllcache\ieapfltr.dll
2010-03-07 22:05:12 991232 -c----w- e:\windows\system32\dllcache\ieframe.dll.mui
2010-03-07 22:05:12 78336 -c----w- e:\windows\system32\dllcache\ieencode.dll
2010-03-07 22:05:12 78336 ------w- e:\windows\system32\ieencode.dll
2010-03-07 22:05:12 63488 -c----w- e:\windows\system32\dllcache\icardie.dll
2010-03-07 22:05:12 2452872 -c----w- e:\windows\system32\dllcache\ieapfltr.dat
2010-03-07 22:05:12 13824 -c----w- e:\windows\system32\dllcache\ieudinit.exe
2010-03-07 22:01:42 0 d-----w- e:\docume~1\alluse~1\applic~1\NVIDIA Corporation
2010-03-07 22:01:37 0 d-----w- e:\program files\NVIDIA Corporation
2010-03-07 21:51:15 2145280 -c----w- e:\windows\system32\dllcache\ntkrnlmp.exe
2010-03-07 21:51:13 2023936 -c----w- e:\windows\system32\dllcache\ntkrpamp.exe
2010-03-07 21:51:11 2066176 -c----w- e:\windows\system32\dllcache\ntkrnlpa.exe
2010-03-07 21:50:13 456832 -c----w- e:\windows\system32\dllcache\mrxsmb.sys
2010-03-07 21:50:02 107596 ----a-w- E:\toolkit_widget.gif
2010-03-07 21:43:53 2560 ------w- e:\windows\system32\xpsp4res.dll
2010-03-07 21:40:46 0 d-----w- e:\windows\system32\SoftwareDistribution
2010-03-07 21:17:31 0 d-----w- e:\program files\support.com
2010-03-07 21:08:55 15360 ----a-w- e:\windows\system32\drivers\NetMotCM.sys
2010-03-07 21:02:48 0 d-s---w- e:\windows\system32\Microsoft
2010-03-07 21:02:30 8192 ----a-w- e:\windows\REGLOCS.OLD
2010-03-07 21:00:59 9728 -c--a-w- e:\windows\system32\dllcache\rwnh.dll
2010-03-07 20:58:32 0 d-sh--w- e:\documents and settings\all users\DRM
2010-03-07 20:58:05 0 d-----w- e:\program files\Windows Media Connect 2
2010-03-07 20:57:20 0 d-----w- e:\program files\common files\MSSoap
2010-03-07 20:55:38 0 d-----w- e:\program files\Online Services
2010-03-07 20:55:33 0 d-----w- e:\program files\Messenger
2010-03-07 20:55:29 0 d-----w- e:\program files\MSN Gaming Zone
2010-03-07 20:54:54 0 d-----w- e:\program files\Windows NT
2010-03-07 15:50:53 0 d-----w- e:\program files\common files\SpeechEngines
2010-03-07 15:50:30 0 d-----r- e:\documents and settings\all users\Documents

==================== Find3M ====================

2010-03-07 22:13:41 444952 ----a-w- e:\windows\system32\wrap_oal.dll
2010-03-07 22:13:41 109080 ----a-w- e:\windows\system32\OpenAL32.dll
2010-03-07 20:55:56 21640 ----a-w- e:\windows\system32\emptyregdb.dat
2010-01-12 04:03:33 6359168 ----a-w- e:\windows\system32\nv4_disp.dll
2010-01-12 04:03:33 61440 ----a-w- e:\windows\system32\OpenCL.dll
2010-01-12 04:03:33 4104192 ----a-w- e:\windows\system32\nvcuda.dll
2010-01-12 04:03:33 4077672 ----a-w- e:\windows\system32\nvcuvenc.dll
2010-01-12 04:03:33 2283526 ----a-w- e:\windows\system32\nvdata.bin
2010-01-12 04:03:33 2259560 ----a-w- e:\windows\system32\nvcuvid.dll
2010-01-12 04:03:33 182888 ----a-w- e:\windows\system32\nvcodins.dll
2010-01-12 04:03:33 182888 ----a-w- e:\windows\system32\nvcod.dll
2010-01-12 04:03:33 14458880 ----a-w- e:\windows\system32\nvoglnt.dll
2010-01-12 04:03:33 11632640 ----a-w- e:\windows\system32\nvcompiler.dll
2010-01-12 04:03:33 1081344 ----a-w- e:\windows\system32\nvapi.dll
2010-01-12 04:03:33 10276768 ----a-w- e:\windows\system32\drivers\nv4_mini.sys
2010-01-12 03:17:44 278120 ----a-w- e:\windows\system32\nvmccs.dll
2010-01-12 03:17:44 154216 ----a-w- e:\windows\system32\nvsvc32.exe
2010-01-12 03:17:44 145000 ----a-w- e:\windows\system32\nvcolor.exe
2010-01-12 03:17:44 13666408 ----a-w- e:\windows\system32\nvcpl.dll
2010-01-12 03:17:44 110696 ----a-w- e:\windows\system32\nvmctray.dll
2010-01-12 03:17:40 81920 ----a-w- e:\windows\system32\nvwddi.dll
2009-12-21 19:14:05 916480 ------w- e:\windows\system32\wininet.dll
2009-12-16 18:43:27 343040 ----a-w- e:\windows\system32\mspaint.exe
2009-12-14 07:08:23 33280 ----a-w- e:\windows\system32\csrsrv.dll

============= FINISH: 19:56:19.75 ===============
__________________
styles430 is offline  
Old 03-12-2010, 06:05 PM   #8
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
CatByte's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2009
Location: Canada
Posts: 8,866
OS: XP, Vista, Win7



Hi,

Log appears clean, just some housekeeping to do now,

please do the following:


You can delete the DDS and GMER folders from your desktop.



NEXT


Follow these steps to uninstall Combofix
  • Make sure your security programs are totally disabled.
  • Click START then RUN
  • Now copy/paste Combofix /uninstall into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.





Should you wish to contribute to the ongoing development of ComboFix, donations are being accepted via PayPal.


If there are any logs/tools remaining > right click and delete them.


NEXT


Below I have included a number of recommendations for how to protect your computer against malware infections.
  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them
    Then consider a password keeper, to keep all your passwords safe.

  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.

  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

  • ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.

  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for both Firefox and IE

  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
    Think Prevention.
    PC Safety and Security--What Do I Need?.


**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.


Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.
__________________


Microsoft MVP 2010, 2011, 2012, 2013
CatByte is offline  
Old 03-12-2010, 06:11 PM   #9
Registered Member
 
Join Date: Oct 2009
Posts: 6
OS: XP SP3



Everything is fine. Thanks a lot
__________________
styles430 is offline  
Old 03-12-2010, 06:12 PM   #10
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
CatByte's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2009
Location: Canada
Posts: 8,866
OS: XP, Vista, Win7



You are more than welcome

stay safe

~CB

__________________


Microsoft MVP 2010, 2011, 2012, 2013
CatByte is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2


All times are GMT -7. The time now is 05:03 PM.


Copyright 2001 - 2014, Tech Support Forum

Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts