Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 




Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > HijackThis Log Help
Hijack This Log - Followed first 5 steps, trojans listed Hijack This Log - Followed first 5 steps, trojans listed
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read

HijackThis Log Help Get Rid Of Malware With Help From Our Analysts. Follow the "First Steps" link at the top right of each page before posting for help.

Reply
 
Thread Tools
Old 06-19-2008, 06:37 PM   #1 (permalink)
Registered User
 
Join Date: Aug 2005
Posts: 8
OS: Windows Vista


Hijack This Log - Followed first 5 steps, trojans listed
First off I am running Vista. My computer is restricting me from running any setup programs, some programs, and also internet explorer. It says that I do not have the privileges when indeed I do. Windows runs very slow and constantly tells me that my computer is infected. I had to follow the "first 5 steps to posting" in safe mode with networking. The results of an active scan showed the following infections:

psgaurd, sqwire, commad, ISearch, outerinfo, ActiveSearch, Generic Trojan, Yazzle, downloader.sld, downloader.tde, VapSup, downloader.tvr, Rustock.e, and Virtumonde

I hope this information will help any volunteer solve my problem. Thank you very much in advance.




Deckard's System Scanner v20071014.68
Run by Dax on 2008-06-19 19:14:41
Computer is in Safe Mode with Networking.
--------------------------------------------------------------------------------

-- Last 3 Restore Point(s) --
3: 2008-06-19 17:52:37 UTC - RP217 - Installed AVG Free 8.0
2: 2008-06-19 17:18:08 UTC - RP216 - Avira AntiVir Personal - 6/19/2008 12:18
1: 2008-06-19 16:43:39 UTC - RP214 - Last known good configuration


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-06-19 19:16:24
Platform: Windows Vista Service Pack 1 (6.00.6001)
MSIE: Internet Explorer (7.00.6000.16386)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\explorer.exe
C:\Windows\System32\drivers\services.exe
C:\Users\Dax\Desktop\DJ\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
O2 - BHO: (no name) - {0F8F84CF-DCBA-4426-AC18-30A8AB00C526} - C:\Windows\System32\wvUOIARJ.dll
O2 - BHO: BhoApp Class - {28F51CDA-3BD1-4F06-8F7B-2A881411983F} - C:\Windows\system32\dapol.dll (file missing)
O2 - BHO: (no name) - {3AB1D726-5B4D-43E3-901C-C157C6CBBA42} - C:\Windows\System32\nnnmlKCT.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: {e1d1e9cb-6aa0-1769-b8a4-fa8961dea934} - {439aed16-98af-4a8b-9671-0aa6bc9e1d1e} - C:\Windows\System32\teswhkll.dll
O2 - BHO: QXK Olive - {8EFF7F3E-2432-4C73-BDA9-7708A399F41E} - C:\Windows\ksendlbtsxb.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: (no name) - {2A9788F6-727D-4CEE-9C9F-A6D2A47FD34A} - (no file)
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\wvUOIARJ.dll,#1
O4 - HKLM\..\Run: [[system]] C:\Windows\system32\drivers\services.exe
O4 - HKLM\..\Run: [winlogon] C:\Users\Dax\svchost.exe
O4 - HKLM\..\Run: [runner1] C:\Windows\mrofinu2002.exe 61A847B5BBF72810329B3A466188719AB689201522886B092CBD44BD8689220221DD3257
O4 - HKLM\..\Run: [calc.exe] C:\Users\Dax\AppData\Local\Temp\calc.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [187a87ae] rundll32.exe "C:\Windows\system32\xwscdcbr.dll",b
O4 - HKLM\..\Run: [BM1b49b432] Rundll32.exe "C:\Windows\system32\rfbubdba.dll",s
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [[system]] C:\Windows\system32\drivers\services.exe
O4 - HKCU\..\Run: [winlogon] C:\Users\Dax\svchost.exe
O4 - HKCU\..\Run: [run] regsvr32.exe /s "C:\Users\Dax\AppData\Roaming\sp1\qtfinal.dll"
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe
O4 - HKCU\..\Run: [mjc] C:\Program Files\mjc\mjc.exe
O4 - HKCU\..\Run: [Svconr] C:\Program Files\Svconr\Svconr.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [[system]] C:\Windows\system32\drivers\services.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [winlogon] C:\Windows\system32\config\systemprofile\svchost.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [[system]] C:\Windows\system32\drivers\services.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [winlogon] C:\Windows\system32\config\systemprofile\svchost.exe (User 'Default user')
O4 - Startup: userinit.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{4A44EEC1-0090-4582-ACBC-22E204374039}: NameServer = 85.255.114.89,85.255.112.196
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{661DF85B-F3C8-4E36-8422-3D7EE4E9EFB6}: NameServer = 85.255.114.89,85.255.112.196
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{F1CBF289-98B7-433D-9DE0-EA9FE53B5E33}: NameServer = 85.255.114.89,85.255.112.196
O17 - HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.89 85.255.112.196
O17 - HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.89 85.255.112.196
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.89 85.255.112.196
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Unknown owner - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG8\avgwdsvc.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\System32\drivers\services.exe
O23 - Service: Windows Tribute Service - Unknown owner - C:\Windows\System32\kdrac.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\System32\drivers\XAudio.exe


--
End of file - 9543 bytes

-- File Associations -----------------------------------------------------------

.exe - exefile - shell\open\command - C:\Windows\system32\drivers\services.exe "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

S3 RDID1027 (EDIROL PCR) - c:\windows\system32\drivers\rdwm1027.sys <Not Verified; Roland Corporation; >
S3 SeratoUsb (SeratoUsb driver) - c:\windows\system32\drivers\seratousb.sys <Not Verified; Cristalink Ltd; Serato USB Device Driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S2 AntiVirScheduler (Avira AntiVir Personal – Free Antivirus Scheduler) - "c:\program files\avira\antivir personaledition classic\sched.exe" <Not Verified; Avira GmbH; AntiVir Workstation>
S2 AntiVirService (Avira AntiVir Personal – Free Antivirus Guard) - "c:\program files\avira\antivir personaledition classic\avguard.exe" (file missing)
S2 DigiRefresh (Digidesign MME Refresh Service) - c:\program files\digidesign\drivers\mmerefresh.exe -s <Not Verified; Digidesign, A Division of Avid Technology, Inc.; Digidesign MME Binder>
S2 Windows Tribute Service - c:\windows\system32\kdrac.exe -srv
S3 Com4Qlb - "c:\program files\hewlett-packard\hp quick launch buttons\com4qlb.exe" <Not Verified; Hewlett-Packard Development Company, L.P.; HP Quick Launch Buttons>
S3 digiSPTIService - "c:\program files\digidesign\pro tools\digisptiservice.exe" <Not Verified; Digidesign, A Division of Avid Technology, Inc.; Pro Tools CD Ripping Service>
S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe
S4 HP Health Check Service - "c:\program files\hewlett-packard\hp health check\hphc_service.exe" <Not Verified; Hewlett-Packard; HP Health Check Service>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-06-18 09:39:26 398 --a------ C:\Windows\Tasks\ErrorSmart Scheduled Scan.job
2008-06-18 00:26:05 442 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{FDDCA2E2-E101-4280-8727-D41CE0BA28FC}.job


-- Files created between 2008-05-19 and 2008-06-19 -----------------------------

2008-06-19 18:58:41 0 d-------- C:\ie-spyad_zo
2008-06-19 18:51:01 0 d-------- C:\Program Files\SpywareBlaster
2008-06-19 17:09:29 0 d-------- C:\Program Files\Panda Security
2008-06-19 14:38:22 0 d-------- C:\Windows\BDOSCAN8
2008-06-19 12:53:05 0 d-------- C:\Windows\system32\drivers\Avg
2008-06-19 12:52:49 0 d-------- C:\Program Files\AVG
2008-06-19 12:52:48 0 d-------- C:\Users\All Users\avg8
2008-06-19 12:25:42 33792 --a------ C:\Windows\system32\wvUOIARJ.dll
2008-06-19 11:47:01 86016 --a------ C:\Windows\system32\xwscdcbr.dll
2008-06-19 11:46:53 101376 --a------ C:\Windows\system32\teswhkll.dll
2008-06-19 11:44:17 93696 --a------ C:\Windows\system32\rfbubdba.dll
2008-06-19 11:40:53 727000 --ahs---- C:\Windows\system32\TCKlmnnn.ini2
2008-06-19 11:40:50 285696 --a------ C:\Windows\system32\nnnmlKCT.dll
2008-06-18 12:02:20 13824 --a------ C:\userinit.exe
2008-06-18 11:57:42 0 d-------- C:\Users\All Users\Avira
2008-06-18 11:57:42 0 d-------- C:\Program Files\Avira
2008-06-18 11:53:35 687592 --a------ C:\Windows\system32\atmtd.dll
2008-06-18 11:53:32 0 d-------- C:\Windows\owom
2008-06-18 11:53:32 0 d-------- C:\Program Files\Common Files\owom
2008-06-18 11:53:30 0 d--hs---- C:\Windows\RGF4
2008-06-18 11:53:30 0 d-------- C:\Program Files\Network Monitor
2008-06-18 11:48:39 94208 --a------ C:\Windows\neltabxw.exe
2008-06-18 11:48:39 315392 --a------ C:\Windows\ksendlbtsxb.dll
2008-06-18 11:48:39 163840 --a------ C:\Windows\egqk.exe
2008-06-18 11:48:28 0 d-------- C:\Program Files\Spcron
2008-06-18 11:48:25 0 d-------- C:\Program Files\Svconr
2008-06-18 11:48:20 0 d-------- C:\Program Files\mjc
2008-06-18 11:48:20 0 d-------- C:\Program Files\InetGet2
2008-06-18 11:48:18 0 d-------- C:\Program Files\Temporary
2008-06-18 11:46:52 47104 --a------ C:\xkdpjhj.exe
2008-06-18 11:46:51 13824 --a------ C:\jcdet.exe
2008-06-18 11:45:20 13824 --a------ C:\Windows\system32\drivers\services.exe
2008-06-18 11:45:20 13824 --a------ C:\Users\Dax\svchost.exe
2008-06-18 11:45:12 4096 --a------ C:\mxuxc.exe
2008-06-18 11:45:10 13824 --a------ C:\kbvxxo.exe
2008-06-18 11:21:44 215040 --a------ C:\Windows\b148.exe
2008-06-18 08:34:07 98816 --a------ C:\Windows\system32\mrtjpuun.dll
2008-06-18 08:28:19 89600 --a------ C:\Windows\system32\pcummrew.dll
2008-06-18 08:28:04 0 d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-06-18 08:26:10 98816 --a------ C:\Windows\system32\fnlhpiye.dll
2008-06-18 08:19:30 89600 --a------ C:\Windows\system32\dyguprab.dll
2008-06-18 08:15:13 98816 --a------ C:\Windows\system32\popiithw.dll
2008-06-18 00:29:28 82432 --a------ C:\Windows\system32\pblcngge.dll
2008-06-18 00:29:21 90112 --a------ C:\Windows\system32\opggmvyc.dll
2008-06-18 00:26:27 0 d-------- C:\Program Files\Enigma Software Group
2008-06-18 00:15:19 0 d-------- C:\VundoFix Backups
2008-06-18 00:15:05 98816 --a------ C:\Windows\system32\wsywomnt.dll
2008-06-18 00:12:25 90112 --a------ C:\Windows\system32\wyttxmyx.dll
2008-06-18 00:11:43 683143 --ahs---- C:\Windows\system32\oYabdcfe.ini2
2008-06-16 19:16:06 1657479 ---hs---- C:\Windows\system32\lilwxqed.ini2
2008-06-16 19:12:08 684340 --ahs---- C:\Windows\system32\BdMUFLUt.ini2
2008-06-13 09:05:04 95232 --a------ C:\Windows\b152.exe
2008-06-07 2030 0 d-------- C:\Program Files\InterActual
2008-06-05 19:37:37 12 --a------ C:\Windows\bthservsdp.dat
2008-05-28 06:02:06 74240 --a------ C:\Windows\b156.exe


-- Find3M Report ---------------------------------------------------------------

2008-06-19 17:01:48 0 d-------- C:\Program Files\Common Files
2008-06-19 15:33:47 0 d-------- C:\Users\Dax\AppData\Roaming\SpeedRunner
2008-06-19 15:33:47 0 d-------- C:\Users\Dax\AppData\Roaming\sp1
2008-06-19 13:47:34 65965 --a------ C:\Users\Dax\AppData\Roaming\nvModes.001
2008-06-19 02:42:23 0 d-------- C:\Users\Dax\AppData\Roaming\Digidesign
2008-06-19 02:19:27 32 --a------ C:\Windows\system32\msvcsv60.dll
2008-06-19 02:19:27 32 --a------ C:\Windows\msocreg32.dat
2008-06-19 00:44:32 0 d-------- C:\Users\Dax\AppData\Roaming\PACE Anti-Piracy
2008-06-18 11:48:45 0 d-------- C:\Users\Dax\AppData\Roaming\s?stem
2008-06-18 11:45:15 0 d-------- C:\Program Files\RocketDock
2008-06-18 11:39:12 0 d-------- C:\Users\Dax\AppData\Roaming\Uniblue
2008-06-18 10:59:42 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-18 08:23:54 0 d-------- C:\Users\Dax\AppData\Roaming\ErrorSmart
2008-06-17 19:04:30 0 d-------- C:\Program Files\Windows Mail
2008-06-17 06:57:03 65965 --a------ C:\Users\Dax\AppData\Roaming\nvModes.dat
2008-06-16 18:10:34 2028 --a------ C:\Users\Dax\AppData\Roaming\wklnhst.dat
2008-06-02 1111 0 d-------- C:\Users\Dax\AppData\Roaming\Template
2008-05-29 13:48:31 0 d-------- C:\Program Files\Easy Adder
2008-05-22 13:39:57 200 --a------ C:\Windows\AUDC80UI.dat
2008-05-16 11:15:24 0 d-------- C:\Users\Dax\AppData\Roaming\IDMComp
2008-05-14 11:50:41 0 d-------- C:\Program Files\OpenOffice.org 3
2008-05-14 11:50:00 0 d-------- C:\Program Files\OpenOffice.org
2008-05-14 10:12:16 0 d-------- C:\Users\Dax\AppData\Roaming\OpenOffice.org3
2008-05-07 17:43:23 0 d-------- C:\Program Files\AbiSuite2
2008-05-02 09:57:05 0 d-------- C:\Program Files\Audacity
2008-05-01 13:45:50 0 d-------- C:\Program Files\Common Files\Native Instruments
2008-05-01 13:44:48 0 d-------- C:\Program Files\Native Instruments
2008-05-01 13:05:12 1700352 --a------ C:\Windows\system32\gdiplus.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-29 13:57:29 0 d-------- C:\Program Files\BitComet
2008-04-28 20:16:04 0 d-------- C:\Program Files\Lavasoft
2008-04-20 00:08:18 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-19 22:43:37 0 d-------- C:\Program Files\IK Multimedia
2008-03-27 06:54:00 174 --ahs---- C:\Program Files\desktop.ini
2008-03-27 06:09:56 152576 --a------ C:\Windows\system32\SPWizUI.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0F8F84CF-DCBA-4426-AC18-30A8AB00C526}]
06/18/2008 11:44 AM 33792 --a------ C:\Windows\system32\wvUOIARJ.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{28F51CDA-3BD1-4F06-8F7B-2A881411983F}]
C:\Windows\system32\dapol.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3AB1D726-5B4D-43E3-901C-C157C6CBBA42}]
06/19/2008 11:40 AM 285696 --a------ C:\Windows\system32\nnnmlKCT.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{439aed16-98af-4a8b-9671-0aa6bc9e1d1e}]
06/19/2008 11:46 AM 101376 --a------ C:\Windows\system32\teswhkll.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8EFF7F3E-2432-4C73-BDA9-7708A399F41E}]
06/18/2008 06:11 AM 315392 --a------ C:\Windows\ksendlbtsxb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSServer"="C:\Windows\system32\wvUOIARJ.dll" [06/18/2008 11:44 AM]
"[system]"="C:\Windows\system32\drivers\services.exe" [06/18/2008 11:46 AM]
"winlogon"="C:\Users\Dax\svchost.exe" [06/18/2008 11:46 AM]
"runner1"="C:\Windows\mrofinu2002.exe" []
"calc.exe"="C:\Users\Dax\AppData\Local\Temp\calc.exe" []
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" []
"187a87ae"="C:\Windows\system32\xwscdcbr.dll" [06/19/2008 11:47 AM]
"BM1b49b432"="C:\Windows\system32\rfbubdba.dll" [06/19/2008 11:44 AM]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [06/19/2008 12:52 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"[system]"="C:\Windows\system32\drivers\services.exe" [06/18/2008 11:46 AM]
"winlogon"="C:\Users\Dax\svchost.exe" [06/18/2008 11:46 AM]
"run"="regsvr32.exe" [11/02/2006 04:45 AM C:\Windows\System32\regsvr32.exe]
"Uniblue RegistryBooster 2"="c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe" []
"mjc"="C:\Program Files\mjc\mjc.exe" [06/18/2008 11:48 AM]
"Svconr"="C:\Program Files\Svconr\Svconr.exe" [06/18/2008 11:48 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"[system]"=C:\Windows\system32\drivers\services.exe
"winlogon"=C:\Windows\system32\config\systemprofile\svchost.exe

C:\Users\Dax\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
userinit.exe [6/18/2008 11:46:52 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableLUA"=0 (0x0)
"EnableUIADesktopToggle"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{0F8F84CF-DCBA-4426-AC18-30A8AB00C526}"= C:\Windows\system32\wvUOIARJ.dll [06/18/2008 11:44 AM 33792]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\Windows\system32\nnnmlKCT

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Dax^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=C:\Users\Dax\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]

[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
"C:\Program Files\HP\QuickPlay\QPService.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
"C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient SstpSvc
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
WindowsMobile wcescomm rapimgr
LocalServiceRestricted WcesComm RapiMgr
bthsvcs BthServ


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-06-19 19:17:40 ------------
Attached Files
File Type: txt extra.txt (20.0 KB, 1 views)
kgrind11 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Reply With Quote
Old 06-20-2008, 11:32 AM   #2 (permalink)
Registered User
 
Join Date: Aug 2005
Posts: 8
OS: Windows Vista


Re: Hijack This Log - Followed first 5 steps, trojans listed
I was successful in being able to open programs in Normal Mode by right clicking and running as administrator, then re-associating exe files in the registry. Here is an updated hijackthis log, I am still receiving the antispywaremaster popups and a slow OS. Please help!

Thank you very much.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:23:31 PM, on 6/20/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: (no name) - {2A9788F6-727D-4CEE-9C9F-A6D2A47FD34A} - (no file)
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\wvUOIARJ.dll,#1
O4 - HKLM\..\Run: [winlogon] C:\Users\Dax\svchost.exe
O4 - HKLM\..\Run: [calc.exe] C:\Users\Dax\AppData\Local\Temp\calc.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [187a87ae] rundll32.exe "C:\Windows\system32\vehdawma.dll",b
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [BM1b49b432] Rundll32.exe "C:\Windows\system32\jbtscalr.dll",s
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA9738] command /c del "C:\Windows\System32\iifeeBRk.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2320] cmd /c del "C:\Windows\System32\iifeeBRk.dll_old"
O4 - HKCU\..\Run: [winlogon] C:\Users\Dax\svchost.exe
O4 - HKCU\..\Run: [run] regsvr32.exe /s "C:\Users\Dax\AppData\Roaming\sp1\qtfinal.dll"
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe
O4 - HKCU\..\Run: [mjc] C:\Program Files\mjc\mjc.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB1611] command /c del "C:\Windows\System32\iifeeBRk.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2641] cmd /c del "C:\Windows\System32\iifeeBRk.dll_old"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Unknown owner - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe (file missing)
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\system32\drivers\services.exe (file missing)
O23 - Service: Windows Tribute Service - Unknown owner - C:\Windows\system32\kdrac.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7248 bytes
Last edited by kgrind11 : 06-20-2008 at 11:40 AM.
kgrind11 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Reply With Quote
Old 06-20-2008, 11:35 AM   #3 (permalink)
Registered User
 
Join Date: Aug 2005
Posts: 8
OS: Windows Vista


Re: Hijack This Log - Followed first 5 steps, trojans listed
sorry. tried to delete this reply
Last edited by kgrind11 : 06-20-2008 at 11:44 AM.
kgrind11 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Reply With Quote
Reply

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 08:42 AM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2008, Tech Support Forum

Search Engine Friendly URLs by vBSEO

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82