Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page Google link redirects; random computer freeze and BSOD
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
 
LinkBack Thread Tools
Old 06-27-2009, 05:03 PM   #1 (permalink)
Registered User
 
Join Date: Jun 2009
Posts: 4
OS: Windows XP


Google link redirects; random computer freeze and BSOD
Hi,
A few months ago I did something pretty stupid (in hindsight I should say) and downloaded an application that promised to spoof IP addresses. I wanted to listen to Pandora again you see, and I can't anymore from the UK. Anyway, it seemed to work sort of OK, but very soon afterwards my gmail account was compromised and a spam mail was sent out from my account to my contacts list. This was pretty alarming for me, but I ran a computer scan which located a number of infections, and cleaned up my PC (or so I thought) and then uninstalled the dodgy application.
Things sort of seemed ok, but then I started to notice the every once in a while I would click on a link from Google, and I would go to a completely different site, quite often Myspace. I also began to notice that sometimes when I logged on to Windows, my Virgin PCGuard (virus/spyware checked provided by my ISP) would run, but then after this happened, everything would freeze, and I couldn't click on any icons, or anything.
Gradually, both these problems have become worse over time so that they are now unbearable, and I can't ignore them anymore. Quite often now, when I restart my laptop, it doesn't start up properly, it blue screens on me, and then I have to start it up in safe mode, and run a scan, delete the spyware that it finds, and then it starts up properly. And then it seems to be ok for a short while, but then the problems come back again and the cycle continues. And the google links redirecting is ubiquitous. But I can't seem to spot any particular pattern, or anything systematic.
So I started looking around on the internet, and I realised quite quickly after reading sites like this that I have some kind of malware problem. I tried to download Windows Defender, but I can't get onto windows download.com, same with Paretologic, and some of the other free spyware tools don't find anything.
So I thought I would come to you guys for some help!

Thanks so much in advance for anything you can tell me. I attach and enclose the files as detailed in your sticky instructions. Looking forward to hearing from you, and my apologies for adding to your workload.

DDS (Ver_09-06-26.01) - NTFSx86
Run by Dike at 13:21:32.87 on 27/06/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.1270.638 [GMT 1:00]

AV: PCguard Anti-Virus *On-access scanning disabled* (Updated) {5B5A3BD7-8573-4672-AEA8-C9BB713B6755}
FW: PCguard Firewall *disabled* {80593BF4-D969-4EC5-ADAE-A22F2DFC7A22}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Virgin Broadband\PCguard\Fws.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
svchost.exe
C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\WinPcap\rpcapd.exe
C:\Program Files\samsung\Samsung Network Manager\SNMWLANService.exe
C:\Program Files\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Dike\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.virginmedia.com
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: PopKill Class: {3c060ea2-e6a9-4e49-a530-d4657b8c449a} - c:\program files\virgin broadband\pcguard\pkR.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
uRun: [kdx] c:\program files\kontiki\KHost.exe -all
uRun: [Google Update] "c:\documents and settings\dike\local settings\application data\google\update\GoogleUpdate.exe" /c
uRunOnce: [IndexCleaner] "c:\program files\virgin broadband\pcguard\IdxClnR.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [B'sCLiP] c:\progra~1\cyberl~1\instan~1\win2k\IBurn.exe
mRun: [MagicKeyboard] c:\program files\samsung\magickbd\PreMKBD.exe
mRun: [DisplayManager] c:\program files\samsung\displaymanager\DMLoader.exe
mRun: [AVStation Premium 3.75] c:\program files\samsung\avstation premium 3.75\AVSAgent.exe
mRun: [BatteryManager] c:\program files\samsung\samsung battery manager\BatteryManager.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [NapsterShell] c:\program files\napster\napster.exe /systray
mRun: [Wireless Manager] "c:\program files\virgin broadband wireless\Wireless Manager.exe" startup
mRun: [Broadbandadvisor.exe] "c:\program files\virgin broadband\advisor\Broadbandadvisor.exe" /AUTORUN
mRun: [PCguard] "c:\program files\virgin broadband\pcguard\Rps.exe"
mRun: [-FreedomNeedsReboot] "c:\program files\virgin broadband\pcguard\ZkRunOnceR.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [4oD] "c:\program files\kontiki\KHost.exe" -all
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRunOnce: [IndexCleaner] "c:\program files\virgin broadband\pcguard\IdxClnR.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\dike\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader5.cab
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CE8267C2-D41A-4A50-A69D-F32B5C289F14} - hxxp://plugin.fileopen.com/0714/FileOpen.CAB
TCP: NameServer = 85.255.112.89,85.255.112.201
TCP: {2002D528-8B71-4D99-A749-6C6B5465F591} = 85.255.112.89,85.255.112.201
TCP: {242FB099-7491-4A01-BC3C-1AC882CB7C48} = 85.255.112.89,85.255.112.201
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: PASShlExt Class: {51c55f9e-c308-4c95-89ab-8858d8afd819} - c:\program files\paretologic\anti-spyware\PASShlExt.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\dike\applic~1\mozilla\firefox\profiles\pl34ofi7.default\
FF - component: c:\progra~1\mozill~1\extensions\talkback@mozilla.org\components\qfaservices.dll
FF - component: c:\program files\real\realplayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 BsStor;B.H.A Storage Helper Driver;c:\windows\system32\drivers\BsStor.sys [2007-10-20 10368]
R2 BsUDF;B.H.A UDF Filesystem;c:\windows\system32\drivers\BsUDF.sys [2007-10-20 164480]
R2 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [2007-10-20 4300]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2008-10-2 32512]
R3 wowfilter;WOW XT Filter Driver;c:\windows\system32\drivers\WOWFilter.sys [2005-11-28 19456]
S3 SUEPD;SUE NDIS Protocol Driver;c:\windows\system32\drivers\SUE_PD.sys [2008-12-28 19840]

=============== Created Last 30 ================

2009-06-26 00:29 268 a---h--- C:\sqmdata03.sqm
2009-06-26 00:29 244 a---h--- C:\sqmnoopt03.sqm
2009-06-26 00:26 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-06-26 00:14 <DIR> --d----- c:\program files\Trend Micro
2009-06-25 23:23 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ParetoLogic Anti-Spyware
2009-06-25 23:23 <DIR> --d----- c:\program files\ParetoLogic
2009-06-25 22:20 <DIR> --d----- c:\docume~1\dike\applic~1\GlarySoft
2009-06-25 22:14 <DIR> --d----- c:\program files\Glary Utilities
2009-06-18 00:17 <DIR> --d----- c:\program files\MediaMonkey
2009-06-16 03:05 268 a---h--- C:\sqmdata02.sqm
2009-06-16 03:05 244 a---h--- C:\sqmnoopt02.sqm
2009-06-10 00:06 268 a---h--- C:\sqmdata01.sqm
2009-06-10 00:06 244 a---h--- C:\sqmnoopt01.sqm
2009-05-31 19:00 <DIR> --d----- c:\program files\PKR
2009-05-31 10:58 <DIR> --d----- c:\docume~1\dike\applic~1\Spotify
2009-05-31 10:58 <DIR> --d----- c:\program files\Spotify

==================== Find3M ====================

2009-05-18 19:21 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-01 19:30 3,366,912 a------- c:\windows\system32\GPhotos.scr
2009-04-23 00:18 87,608 a------- c:\docume~1\dike\applic~1\inst.exe
2009-04-23 00:18 47,360 a------- c:\docume~1\dike\applic~1\pcouffin.sys

============= FINISH: 13:22:30.65 ===============
Attached Files
File Type: zip Attach.zip (6.2 KB, 1 views)
meekazoid is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 06-27-2009, 06:58 PM   #2 (permalink)
Analyst, Security Team
 
mas_pogi's Avatar
 
Join Date: Apr 2008
Location: Tokyo, JP
Posts: 1,476
OS: Vista, Linux Mint


Re: Google link redirects; random computer freeze and BSOD
hi

Welcome to TSF

You may wish to subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

---------------------------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

--------------------------------------------------------------------------

I am sorry to inform you that one or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

-------------------------------------------------------------------------------------------------------------------

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

----------------------------------------------------------------------------------------------------------

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3





  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. You can find instructions HERE.

  • Double click on Combo-Fix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Mark
__________________
To accomplish great things, we must not only act, but also dream; not only plan, but also believe.
If I have been helping you and do not reply within 24 hours, please send me a message.
 I'm a member of U.N.I.T.E and A.S.A.P
mas_pogi is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 06-27-2009, 07:45 PM   #3 (permalink)
Registered User
 
Join Date: Jun 2009
Posts: 4
OS: Windows XP


Re: Google link redirects; random computer freeze and BSOD
hi Mark,

and many thanks for your quick response. much appreciated.
i ran combofix, and this is what is in the log file ->

ComboFix 09-06-26.02 - Dike 28/06/2009 2:22.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.1270.932 [GMT 1:00]
Running from: c:\documents and settings\Dike\Desktop\Combo-Fix.exe
AV: PCguard Anti-Virus *On-access scanning disabled* (Updated) {5B5A3BD7-8573-4672-AEA8-C9BB713B6755}
FW: PCguard Firewall *disabled* {80593BF4-D969-4EC5-ADAE-A22F2DFC7A22}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Dike\Application Data\inst.exe
c:\documents and settings\Dike\Local Settings\Temporary Internet Files\firmware.inf
c:\program files\WinPCap
c:\program files\WinPCap\daemon_mgm.exe
c:\program files\WinPCap\npf_mgm.exe
c:\program files\WinPCap\rpcapd.exe
c:\windows\system32\drivers\gxvxcsnokylkjbocpxujcvvbddnsvaiwgpptj.sys
c:\windows\system32\drivers\npf.sys
c:\windows\system32\gxvxccounter
c:\windows\system32\gxvxcwcvejecxljgoanmpwowykxmnxdqeocdw.dll
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_GXVXCSERV.SYS
-------\Legacy_NPF
-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-06-28 )))))))))))))))))))))))))))))))
.

2009-06-27 01:59 . 2009-06-27 01:59 -------- d-----w- c:\documents and settings\Dike\Local Settings\Application Data\Opera
2009-06-25 23:14 . 2009-06-25 23:14 -------- d-----w- c:\program files\Trend Micro
2009-06-25 22:23 . 2009-06-25 22:23 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic Anti-Spyware
2009-06-25 22:23 . 2009-06-25 22:23 -------- d-----w- c:\program files\ParetoLogic
2009-06-25 22:18 . 2009-06-25 22:18 -------- d-----w- c:\documents and settings\Susy\Local Settings\Application Data\Opera
2009-06-25 21:20 . 2009-06-25 21:20 -------- d-----w- c:\documents and settings\Dike\Application Data\GlarySoft
2009-06-17 23:17 . 2009-06-24 23:51 -------- d-----w- c:\documents and settings\Dike\Local Settings\Application Data\MediaMonkey
2009-06-17 23:17 . 2009-06-17 23:18 -------- d-----w- c:\program files\MediaMonkey
2009-05-31 18:00 . 2009-05-31 18:31 -------- d-----w- c:\program files\PKR
2009-05-31 09:58 . 2009-06-15 16:38 -------- d-----w- c:\documents and settings\Dike\Application Data\Spotify
2009-05-31 09:58 . 2009-05-31 09:59 -------- d-----w- c:\documents and settings\Dike\Local Settings\Application Data\Spotify
2009-05-31 09:58 . 2009-05-31 09:58 -------- d-----w- c:\program files\Spotify

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-28 01:35 . 2008-03-18 22:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Kontiki
2009-06-27 12:13 . 2008-10-02 11:19 -------- d-----w- c:\documents and settings\Dike\Application Data\Affinegy
2009-06-25 22:18 . 2007-10-27 19:58 -------- d-----w- c:\program files\Opera
2009-06-25 00:45 . 2009-04-20 22:22 -------- d-----w- c:\documents and settings\Dike\Application Data\TeraCopy
2009-06-14 14:56 . 2008-10-25 19:41 -------- d-----w- c:\documents and settings\Susy\Application Data\Affinegy
2009-06-06 01:16 . 2007-12-01 16:56 52168 ----a-w- c:\documents and settings\Susy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-24 20:25 . 2009-05-18 18:28 1 ----a-w- c:\documents and settings\Dike\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-05-21 00:03 . 2008-01-15 23:56 52168 ----a-w- c:\documents and settings\Dike\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-21 00:03 . 2009-05-21 00:03 -------- d-----w- c:\program files\Avery
2009-05-18 18:26 . 2009-05-18 18:26 -------- d-----w- c:\documents and settings\Dike\Application Data\OpenOffice.org
2009-05-18 18:22 . 2009-05-18 18:22 -------- d-----w- c:\program files\JRE
2009-05-18 18:22 . 2009-05-18 18:22 -------- d-----w- c:\program files\OpenOffice.org 3
2009-05-18 18:21 . 2009-05-18 18:22 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-18 18:21 . 2007-10-20 00:35 -------- d-----w- c:\program files\Java
2009-05-05 19:23 . 2008-01-08 01:17 -------- d-----w- c:\documents and settings\Dike\Application Data\CyberLink
2009-05-01 18:30 . 2009-05-01 18:30 3366912 ----a-w- c:\windows\system32\GPhotos.scr
2009-04-22 23:18 . 2009-01-21 19:54 47360 ----a-w- c:\documents and settings\Dike\Application Data\pcouffin.sys
2009-04-22 23:18 . 2009-01-21 19:54 47360 ----a-w- c:\documents and settings\Dike\Application Data\pcouffin.sys
2009-01-06 18:13 . 2007-10-20 11:44 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2009-01-06 18:13 . 2007-10-20 11:44 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2009-01-06 18:13 . 2007-10-20 11:44 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2009-01-06 18:13 . 2007-10-20 11:44 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2009-01-06 18:13 . 2007-10-20 11:44 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-20 68856]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 1688872]
"kdx"="c:\program files\Kontiki\KHost.exe" [2008-02-27 1032376]
"Google Update"="c:\documents and settings\Dike\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-04 133104]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"IndexCleaner"="c:\program files\Virgin Broadband\PCguard\IdxClnR.exe" [2007-09-05 61168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-18 148888]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-15 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-15 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-15 118784]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 102492]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 692316]
"B'sCLiP"="c:\progra~1\CYBERL~1\INSTAN~1\Win2K\IBurn.exe" [2005-11-30 700416]
"MagicKeyboard"="c:\program files\SAMSUNG\MagicKBD\PreMKBD.exe" [2005-04-11 151552]
"DisplayManager"="c:\program files\Samsung\DisplayManager\DMLoader.exe" [2005-11-16 356352]
"AVStation Premium 3.75"="c:\program files\Samsung\AVStation Premium 3.75\AVSAgent.exe" [2006-04-27 155648]
"BatteryManager"="c:\program files\Samsung\Samsung Battery Manager\BatteryManager.exe" [2006-06-20 2764800]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 2213160]
"NapsterShell"="c:\program files\Napster\napster.exe" [2007-01-12 323216]
"Wireless Manager"="c:\program files\Virgin Broadband Wireless\Wireless Manager.exe" [2008-05-26 585728]
"Broadbandadvisor.exe"="c:\program files\Virgin Broadband\advisor\Broadbandadvisor.exe" [2007-08-07 2061552]
"PCguard"="c:\program files\Virgin Broadband\PCguard\Rps.exe" [2007-09-05 310000]
"-FreedomNeedsReboot"="c:\program files\Virgin Broadband\PCguard\ZkRunOnceR.exe" [2007-09-05 13552]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"4oD"="c:\program files\Kontiki\KHost.exe" [2008-02-27 1032376]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2005-01-07 61952]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2005-12-12 88204]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"IndexCleaner"="c:\program files\Virgin Broadband\PCguard\IdxClnR.exe" [2007-09-05 61168]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\Dike\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2005-9-19 581693]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{51C55F9E-C308-4c95-89AB-8858D8AFD819}"= "c:\program files\ParetoLogic\Anti-Spyware\PASShlExt.dll" [2006-10-11 94208]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe"
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Documents and Settings\\Dike\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=

R0 BsStor;B.H.A Storage Helper Driver;c:\windows\system32\drivers\BsStor.sys [20/10/2007 01:51 10368]
R2 BsUDF;B.H.A UDF Filesystem;c:\windows\system32\drivers\BsUDF.sys [20/10/2007 01:51 164480]
R2 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [20/10/2007 01:55 4300]
R2 SNM WLAN Service;SNM WLAN Service;c:\program files\Samsung\Samsung Network Manager\SNMWLANService.exe [28/05/2005 08:35 36864]
R2 SRS_PostInstaller;SRS PostInstaller Service;c:\program files\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe [28/11/2005 12:06 31744]
R3 wowfilter;WOW XT Filter Driver;c:\windows\system32\drivers\WOWFilter.sys [28/11/2005 12:06 19456]
S3 Radialpoint Security Services;Virgin Broadband PCguard;c:\windows\system32\dllhost.exe [04/08/2004 13:00 5120]
S3 SUEPD;SUE NDIS Protocol Driver;c:\windows\system32\drivers\SUE_PD.sys [28/12/2008 23:31 19840]
.
Contents of the 'Scheduled Tasks' folder

2009-01-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-06-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-606747145-682003330-1003.job
- c:\documents and settings\Dike\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-04 20:13]

2009-06-25 c:\windows\Tasks\ParetoLogic Anti-Spyware.job
- c:\program files\ParetoLogic\Anti-Spyware\Pareto_AS.exe [2006-10-11 17:05]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.virginmedia.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\Dike\Application Data\Mozilla\Firefox\Profiles\pl34ofi7.default\
FF - component: c:\progra~1\MOZILL~1\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\progra~1\MOZILL~1\extensions\talkback@mozilla.org\components\qfaservices.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-28 02:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2708)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Virgin Broadband\PCguard\Fws.exe
c:\program files\Virgin Broadband Wireless\AffinegyService.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Common Files\Authentium\AntiVirus\dvpapi.exe
c:\program files\CA\PPRT\bin\ITMRTSVC.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Kontiki\KService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files\Samsung\MagicKBD\MagicKBD.exe
c:\program files\Virgin Broadband Wireless\ndis_events.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\WIDCOMM\Bluetooth Software\BTStackServer.exe
c:\program files\Raxco\PerfectDisk\PDAgent.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\program files\Virgin Broadband\PCguard\rpsupdaterR.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-06-28 2:37 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-28 01:37

Pre-Run: 13,270,016,000 bytes free
Post-Run: 14,644,486,144 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

Current=6 Default=6 Failed=5 LastKnownGood=7 Sets=1,2,3,4,5,6,7
242 --- E O F --- 2009-04-14 23:46


let me know if there is anything else you need me to do.
meekazoid is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 06-27-2009, 08:02 PM   #4 (permalink)
Analyst, Security Team
 
mas_pogi's Avatar
 
Join Date: Apr 2008
Location: Tokyo, JP
Posts: 1,476
OS: Vista, Linux Mint


Re: Google link redirects; random computer freeze and BSOD
hi.

Please uninstall the following. Using windows ADD/REMOVE program at the control panel.


P2P program : (Perils of P2P File Sharing)

µTorrent


Outdated java runtimes : (Older versions have vulnerabilities that malicious sites can use to exploit and infect your system)

J2SE Runtime Environment 5.0
Java(TM) 6 Update 5
Java(TM) 6 Update 7

Your Java is out of date.

Java(TM) 6 Update 13 can be updated from the Java control panel Start > Control Panel (Classic View) > Java (looks like a coffee cup) > Update Tab > Update Now. An update should begin; follow the prompts.

------------------------------------------------------------------------

These indicate some settings have been changed

These are "Change the way Security Center Alerts Me" in Control Panel > Security Center.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

This means they are turned off. If that's your choice, that's fine, otherwise tick the boxes to turn the notifications back on.

-------------------------------------------------------------------------

Kaspersky scan

*Close any open programs
*Turn off the real time scanner of any existing antivirus program while performing the online scan. You can find the instructions You can find instructions HERE.

Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

-------------------------------------------------------------------------

Disable any script blocker then double click dds.scr to run the tool.
  • When done, DDS.txt will open.
  • Click Yes at the next prompt for Optional Scan.
  • Save both reports to your desktop.
Please post the content of DDS.txt and attach attach.txt in your next reply.

-------------------------------------------------------------------------

How's your computer?


In your reply, please post

DDS.txt
Attach.txt <--attached
Kaspersky scan result <--attached
Answer to my questions

Mark
__________________
To accomplish great things, we must not only act, but also dream; not only plan, but also believe.
If I have been helping you and do not reply within 24 hours, please send me a message.
 I'm a member of U.N.I.T.E and A.S.A.P
mas_pogi is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 06-28-2009, 05:42 PM   #5 (permalink)
Registered User
 
Join Date: Jun 2009
Posts: 4
OS: Windows XP


Re: Google link redirects; random computer freeze and BSOD
Hi Mark,

Thanks for all your help.
In answer to your question, my computer is much improved in performance and behaviour. I haven't had the google redirect issue since running the combofix, though I haven't been using internet very heavily. But my internet access is generally much smoother and faster - as is the whole computer in general.
In addition, I can access websites now that were blocked off to me (Paretologic and microsoft download microsite) so good news there. Things are looking up

Here is the DDS ->


DDS (Ver_09-06-26.01) - NTFSx86
Run by Dike at 0:23:10.26 on 29/06/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.1270.630 [GMT 1:00]

AV: PCguard Anti-Virus *On-access scanning disabled* (Updated) {5B5A3BD7-8573-4672-AEA8-C9BB713B6755}
FW: PCguard Firewall *disabled* {80593BF4-D969-4EC5-ADAE-A22F2DFC7A22}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Virgin Broadband\PCguard\Fws.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\samsung\Samsung Network Manager\SNMWLANService.exe
C:\Program Files\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\CYBERL~1\INSTAN~1\Win2K\IBurn.exe
C:\Program Files\Samsung\DisplayManager\DisplayManager.exe
C:\Program Files\Samsung\AVStation Premium 3.75\AVSAgent.exe
C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
C:\Program Files\Napster\napster.exe
C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe
C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
C:\Program Files\SAMSUNG\MagicKBD\MagicKBD.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Documents and Settings\Dike\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
C:\Program Files\Virgin Broadband Wireless\ndis_events.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Dike\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.virginmedia.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: PopKill Class: {3c060ea2-e6a9-4e49-a530-d4657b8c449a} - c:\program files\virgin broadband\pcguard\pkR.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
uRun: [kdx] c:\program files\kontiki\KHost.exe -all
uRun: [Google Update] "c:\documents and settings\dike\local settings\application data\google\update\GoogleUpdate.exe" /c
uRunOnce: [IndexCleaner] "c:\program files\virgin broadband\pcguard\IdxClnR.exe"
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [B'sCLiP] c:\progra~1\cyberl~1\instan~1\win2k\IBurn.exe
mRun: [MagicKeyboard] c:\program files\samsung\magickbd\PreMKBD.exe
mRun: [DisplayManager] c:\program files\samsung\displaymanager\DMLoader.exe
mRun: [AVStation Premium 3.75] c:\program files\samsung\avstation premium 3.75\AVSAgent.exe
mRun: [BatteryManager] c:\program files\samsung\samsung battery manager\BatteryManager.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [NapsterShell] c:\program files\napster\napster.exe /systray
mRun: [Wireless Manager] "c:\program files\virgin broadband wireless\Wireless Manager.exe" startup
mRun: [Broadbandadvisor.exe] "c:\program files\virgin broadband\advisor\Broadbandadvisor.exe" /AUTORUN
mRun: [PCguard] "c:\program files\virgin broadband\pcguard\Rps.exe"
mRun: [-FreedomNeedsReboot] "c:\program files\virgin broadband\pcguard\ZkRunOnceR.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [4oD] "c:\program files\kontiki\KHost.exe" -all
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRunOnce: [IndexCleaner] "c:\program files\virgin broadband\pcguard\IdxClnR.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\dike\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader5.cab
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CE8267C2-D41A-4A50-A69D-F32B5C289F14} - hxxp://plugin.fileopen.com/0714/FileOpen.CAB
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: PASShlExt Class: {51c55f9e-c308-4c95-89ab-8858d8afd819} - c:\program files\paretologic\anti-spyware\PASShlExt.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\dike\applic~1\mozilla\firefox\profiles\pl34ofi7.default\
FF - component: c:\progra~1\mozill~1\extensions\talkback@mozilla.org\components\qfaservices.dll
FF - component: c:\program files\real\realplayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 BsStor;B.H.A Storage Helper Driver;c:\windows\system32\drivers\BsStor.sys [2007-10-20 10368]
R2 BsUDF;B.H.A UDF Filesystem;c:\windows\system32\drivers\BsUDF.sys [2007-10-20 164480]
R2 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [2007-10-20 4300]
R2 SNM WLAN Service;SNM WLAN Service;c:\program files\samsung\samsung network manager\SNMWLANService.exe [2005-5-28 36864]
R2 SRS_PostInstaller;SRS PostInstaller Service;c:\program files\srs labs\wowxt and tsxt driver\SRS_PostInstaller.exe [2005-11-28 31744]
R3 wowfilter;WOW XT Filter Driver;c:\windows\system32\drivers\WOWFilter.sys [2005-11-28 19456]
S3 Radialpoint Security Services;Virgin Broadband PCguard;c:\windows\system32\dllhost.exe [2004-8-4 5120]
S3 SUEPD;SUE NDIS Protocol Driver;c:\windows\system32\drivers\SUE_PD.sys [2008-12-28 19840]

=============== Created Last 30 ================

2009-06-28 22:27 <DIR> --dsh--- c:\documents and settings\dike\IECompatCache
2009-06-28 22:25 <DIR> --dsh--- c:\documents and settings\dike\PrivacIE
2009-06-28 22:23 <DIR> --dsh--- c:\documents and settings\dike\IETldCache
2009-06-28 14:38 102,912 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-06-28 14:37 <DIR> --d----- c:\windows\ie8updates
2009-06-28 14:37 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll
2009-06-28 14:37 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll
2009-06-28 14:35 <DIR> -cd-h--- c:\windows\ie8
2009-06-28 02:36 <DIR> -cd----- c:\windows\system32\dllcache\cache
2009-06-28 02:12 <DIR> a-dshr-- C:\cmdcons
2009-06-28 02:11 161,792 a------- c:\windows\SWREG.exe
2009-06-28 02:11 155,136 a------- c:\windows\PEV.exe
2009-06-28 02:11 98,816 a------- c:\windows\sed.exe
2009-06-28 02:11 <DIR> --ds---- C:\Combo-Fix
2009-06-26 00:29 268 a---h--- C:\sqmdata03.sqm
2009-06-26 00:29 244 a---h--- C:\sqmnoopt03.sqm
2009-06-26 00:14 <DIR> --d----- c:\program files\Trend Micro
2009-06-25 23:23 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ParetoLogic Anti-Spyware
2009-06-25 23:23 <DIR> --d----- c:\program files\ParetoLogic
2009-06-25 22:20 <DIR> --d----- c:\docume~1\dike\applic~1\GlarySoft
2009-06-18 00:17 <DIR> --d----- c:\program files\MediaMonkey
2009-06-16 03:05 268 a---h--- C:\sqmdata02.sqm
2009-06-16 03:05 244 a---h--- C:\sqmnoopt02.sqm
2009-06-10 00:06 268 a---h--- C:\sqmdata01.sqm
2009-06-10 00:06 244 a---h--- C:\sqmnoopt01.sqm
2009-05-31 19:00 <DIR> --d----- c:\program files\PKR
2009-05-31 10:58 <DIR> --d----- c:\docume~1\dike\applic~1\Spotify
2009-05-31 10:58 <DIR> --d----- c:\program files\Spotify

==================== Find3M ====================

2009-05-18 19:21 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-13 06:15 915,456 a------- c:\windows\system32\wininet.dll
2009-05-07 16:44 344,064 a------- c:\windows\system32\localspl.dll
2009-05-01 19:30 3,366,912 a------- c:\windows\system32\GPhotos.scr
2009-04-23 00:18 47,360 a------- c:\docume~1\dike\applic~1\pcouffin.sys
2009-04-17 10:58 1,846,656 a------- c:\windows\system32\win32k.sys
2009-04-15 16:11 584,192 a------- c:\windows\system32\rpcrt4.dll

============= FINISH: 0:23:34.85 ===============


I also attach the attach.txt and kaperskyreport.txt
Attached Files
File Type: txt Attach.txt (16.2 KB, 1 views)
File Type: txt kaperskyreport.txt (1.2 KB, 1 views)
meekazoid is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 06-29-2009, 08:48 AM   #6 (permalink)
Analyst, Security Team
 
mas_pogi's Avatar
 
Join Date: Apr 2008
Location: Tokyo, JP
Posts: 1,476
OS: Vista, Linux Mint


Re: Google link redirects; random computer freeze and BSOD
hi.

Kaspersky flagged a file from Qoobox folder, Qoobox is our tool qurantine folder. So its safe.

It also flagged some item, to be in safe side we will delete them.

C:\Documents and Settings\Dike\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_0000c2
C:\Documents and Settings\Dike\My Documents\Downloads\kf141.zip

follow here....
Goto Click on

Then copy and paste this in run box. Then hit ENTER.
Code:
cmd /c del /a/f/q "C:\Documents and Settings\Dike\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_0000c2"
A DOS window will open and close again, this is normal.

Repeat for this command:

Code:
cmd /c del /a/f/q "C:\Documents and Settings\Dike\My Documents\Downloads\kf141.zip"
Apart from that, your machine is clean.
-------------------------------------------------------------------------

Congratulations! You now appear clean!

We Need to Clean Up Our Mess
  1. Uninstall ComboFix
    Remove Combofix now that we're done with it.
    • Click on your Start Menu, then Run....
    • Now copy and paste this one in the runbox. Then HIT enter.

      Code:
      ComboFix /u


    Uninstalling ComboFix will do the following:
    1. Delete ComboFix and its components from your computer.
    2. Delete other tools commonly used during the malware removal process.
    3. Resets clock settings to standard format.
    4. Re-hides file extensions and hidden/system files.
    5. Clears System Restore cache and creates new restore point.

  2. Please also delete the DDS.scr located at your desktop.
-----------------------------------------------
Recommendations
Below are some recommendations to lower your chances of (re)infection.
  1. Install Spyware Blaster and update it regularly
    If you wish, the commercial version provides automatic updating.

  2. Install the MVPs hosts file, and update it regularly
    You can use the HostMan host file manager to do this automaticly if you wish.
    For more information on the hosts file, and what it can do for you, you can view the Tutorial on the Hosts file

  3. Install an Anti-Spyware program, and update it regularly
    Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
    SUPERAntiSpyware is another good scanner with high detection and removal rates.
    Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.

  4. Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

    Visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

  5. Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on your machine.

  6. Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing :(.

Please respond to this thread one more time so we can mark this thread as resolved.

Maraming salamat.
__________________
To accomplish great things, we must not only act, but also dream; not only plan, but also believe.
If I have been helping you and do not reply within 24 hours, please send me a message.
 I'm a member of U.N.I.T.E and A.S.A.P
mas_pogi is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 06-29-2009, 05:46 PM   #7 (permalink)
Registered User
 
Join Date: Jun 2009
Posts: 4
OS: Windows XP


Re: Google link redirects; random computer freeze and BSOD
hi

I have completed all the steps above, and will make sure I pay much more attention to keeping my software up to date in future.

Thanks again for all you help.
meekazoid is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 06-29-2009, 06:26 PM   #8 (permalink)
Analyst, Security Team
 
mas_pogi's Avatar
 
Join Date: Apr 2008
Location: Tokyo, JP
Posts: 1,476
OS: Vista, Linux Mint


Re: Google link redirects; random computer freeze and BSOD
hi.

It is a pleasure to help you.

Surf safely.

Since the problem appears to be resolved, it will now be archived.


Mark
__________________
To accomplish great things, we must not only act, but also dream; not only plan, but also believe.
If I have been helping you and do not reply within 24 hours, please send me a message.
 I'm a member of U.N.I.T.E and A.S.A.P
mas_pogi is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 01:02 AM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85