Submit Your Article Forum Rules FAQ About Us
Search the forums:

Tech Support Team

Join Now!Nav Seperator FAQNav Seperator GalleryNav Seperator TutorialsNav Seperator BlogNav Seperator SearchNav Seperator Today's PostsNav Seperator Mark Forums ReadNav Seperator Navigation Right

Hello and Welcome to Tech Support Team! Before you can start posting and answering questions, you'll have to register. Registration is fast, simple and absolutely free! Feel free to browse through existing questions by choosing the forum you want to visit below.


Tech Support Team » Malware Removal & Security » Malware Removal » Removing FakeAlert variant. help.

Notices
Before creating a new thread, we ask that you please read our Removal guide first: Malware Removal Guide - Read Before Posting. We also advise you reading this thread before continuing: P2P programs - please remove before posting for help

NOTE: NEVER follow someone elses fix. Just because the symptoms may appear to be the same, it does NOT mean your system has the same malware infection. ALWAYS start a new thread so that a member of our Security Team can take you through the steps of cleaning your computer.

Reply
Page 1 of 2 1 2 >
Thread Tools
 
  #1 (permalink)   Top
Old 23rd March 2009, 09:49 PM
live4tenors's Avatar
Newcomer
  
Join Date: Mar 2009, 26 posts.
Reputation: live4tenors is on a distinguished road
Removing FakeAlert variant. help.
Symptoms:
Computer would crash at the smallest thing.
Excessive CPU usage when there shouldnt have been any at all.
Constant advertisement pop-ups occuring even when a pop-up blocker was in effect.


Computer Specs (to the best of my knowledge):
MS Windows Vista Home Premium SP1
AMD Turion 64 x2 Mobile Technology TL-56, 1.0 GB RAM, NVIDIA GeForce Go 6150



I went through and followed the instructions posted by evilfantasy in the Malware Removal Guide. These are the logs that were produced from said process:

SuperAnti-Spyware:


SUPERAntiSpyware Scan Log
SUPERAntiSpyware.com - AntiAdware, AntiSpyware, AntiMalware!

Generated 03/23/2009 at 02:33 AM

Application Version : 4.25.1014

Core Rules Database Version : 3808
Trace Rules Database Version: 1763

Scan type : Complete Scan
Total Scan Time : 00:14:27

Memory items scanned : 697
Memory threats detected : 0
Registry items scanned : 9211
Registry threats detected : 17
File items scanned : 1344553
File threats detected : 42

Adware.Vundo Variant
HKU\S-1-5-21-3651988030-2816261115-2443883187-1000\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{7FC6B132-EA18-4D69-86E0-423E7B940BDC}

Adware.Tracking Cookie
C:\Users\The Kids\AppData\Roaming\Microsoft\Windows\Cookies\the _kids@cdn.at.atwola[1].txt
C:\Users\The Kids\AppData\Roaming\Microsoft\Windows\Cookies\the _kids@advertising[1].txt
C:\Users\The Kids\AppData\Roaming\Microsoft\Windows\Cookies\the _kids@ar.atwola[1].txt
C:\Users\The Kids\AppData\Roaming\Microsoft\Windows\Cookies\the _kids@at.atwola[1].txt
C:\Users\The Kids\AppData\Roaming\Microsoft\Windows\Cookies\the _kids@atwola[2].txt
C:\Users\The Kids\AppData\Roaming\Microsoft\Windows\Cookies\the _kids@atdmt[1].txt
C:\Users\The Kids\AppData\Roaming\Microsoft\Windows\Cookies\the _kids@247realmedia[1].txt
C:\Documents and Settings\The Kids\AppData\Roaming\Microsoft\Windows\Cookies\the _kids@ar.atwola[1].txt
C:\Documents and Settings\The Kids\AppData\Roaming\Microsoft\Windows\Cookies\the _kids@at.atwola[1].txt
C:\Documents and Settings\The Kids\AppData\Roaming\Microsoft\Windows\Cookies\the _kids@atwola[2].txt
C:\Documents and Settings\The Kids\AppData\Roaming\Microsoft\Windows\Cookies\the _kids@cdn.at.atwola[1].txt
C:\Documents and Settings\The Kids\Application Data\Microsoft\Windows\Cookies\the_kids@ar.atwola[1].txt
C:\Documents and Settings\The Kids\Application Data\Microsoft\Windows\Cookies\the_kids@at.atwola[1].txt
C:\Documents and Settings\The Kids\Application Data\Microsoft\Windows\Cookies\the_kids@atwola[2].txt
C:\Documents and Settings\The Kids\Application Data\Microsoft\Windows\Cookies\the_kids@cdn.at.atw ola[1].txt
C:\Documents and Settings\The Kids\Cookies\the_kids@ar.atwola[1].txt
C:\Documents and Settings\The Kids\Cookies\the_kids@at.atwola[1].txt
C:\Documents and Settings\The Kids\Cookies\the_kids@atwola[2].txt
C:\Documents and Settings\The Kids\Cookies\the_kids@cdn.at.atwola[1].txt
C:\Users\The Kids\AppData\Roaming\Microsoft\Windows\Cookies\the _kids@atwola[1].txt
C:\Users\The Kids\Application Data\Microsoft\Windows\Cookies\the_kids@247realmed ia[1].txt
C:\Users\The Kids\Application Data\Microsoft\Windows\Cookies\the_kids@ad.yieldma nager[1].txt
C:\Users\The Kids\Application Data\Microsoft\Windows\Cookies\the_kids@advertisin g[1].txt
C:\Users\The Kids\Application Data\Microsoft\Windows\Cookies\the_kids@ar.atwola[1].txt
C:\Users\The Kids\Application Data\Microsoft\Windows\Cookies\the_kids@at.atwola[1].txt
C:\Users\The Kids\Application Data\Microsoft\Windows\Cookies\the_kids@atdmt[1].txt
C:\Users\The Kids\Application Data\Microsoft\Windows\Cookies\the_kids@atwola[1].txt
C:\Users\The Kids\Application Data\Microsoft\Windows\Cookies\the_kids@cdn.at.atw ola[1].txt
C:\Users\The Kids\Application Data\Microsoft\Windows\Cookies\the_kids@doubleclic k[1].txt
C:\Users\The Kids\Cookies\the_kids@247realmedia[1].txt
C:\Users\The Kids\Cookies\the_kids@ad.yieldmanager[1].txt
C:\Users\The Kids\Cookies\the_kids@advertising[1].txt
C:\Users\The Kids\Cookies\the_kids@ar.atwola[1].txt
C:\Users\The Kids\Cookies\the_kids@at.atwola[1].txt
C:\Users\The Kids\Cookies\the_kids@atdmt[1].txt
C:\Users\The Kids\Cookies\the_kids@atwola[1].txt
C:\Users\The Kids\Cookies\the_kids@cdn.at.atwola[1].txt
C:\Users\The Kids\Cookies\the_kids@doubleclick[1].txt

Trojan.DNSChanger-Codec
HKCR\e405.e405mgr
HKCR\e405.e405mgr\CLSID
HKCR\e405.e405mgr\CurVer
HKCR\e405.e405mgr.1
HKCR\e405.e405mgr.1\CLSID

Adware.E404 Helper/Hij
HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}
HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0
HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\0
HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\0\win32
HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\FLAGS
HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\HELPDIR
HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}
HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\ProxyStubClsid
HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\ProxyStubClsid32
HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\TypeLib
HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\TypeLib#Version

Adware.Vundo/Variant-MSFake
C:\DOCUMENTS AND SETTINGS\THE KIDS\APPDATA\LOCALLOW\GARAGEGAMES\IAPLAYER\PRODUCT S\WWW_INSTANTACTION_COM\101\INSTALL\D3DX9_33.DLL
C:\USERS\THE KIDS\APPDATA\LOCALLOW\GARAGEGAMES\IAPLAYER\PRODUCT S\WWW_INSTANTACTION_COM\101\INSTALL\D3DX9_33.DLL

Unclassified.Unknown Origin
C:\DOCUMENTS AND SETTINGS\THE KIDS\DESKTOP\MEDIA\SIBELIUS EVERYTHING\SIBELIUS5\SIBELIUS4WINDOWSKEYGENWEASEL\ KEYGEN.NFO
C:\USERS\THE KIDS\DESKTOP\MEDIA\SIBELIUS EVERYTHING\SIBELIUS5\SIBELIUS4WINDOWSKEYGENWEASEL\ KEYGEN.NFO




HIJackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:30:15 PM, on 3/23/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\taskmgr.exe
C:\Users\The Kids\Desktop\sniper.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = AOL.com - Welcome to AOL
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = AOL.com - Welcome to AOL
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
R3 - URLSearchHook: livetvbar Toolbar - {ad55c869-668e-457c-b270-0cfb2f61116f} - C:\Program Files\livetvbar\tblive.dll
O1 - Hosts: ::1 localhost
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: 78.46.49.43 l2authd.lineage2.com
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: ooVoo Toolbar - {A057A204-BACC-4D26-8087-36EE87E26986} - C:\PROGRA~1\OOVOOT~1\OOVOOT~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: livetvbar Toolbar - {ad55c869-668e-457c-b270-0cfb2f61116f} - C:\Program Files\livetvbar\tblive.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O3 - Toolbar: ooVoo Toolbar - {A057A204-BACC-4D26-8087-36EE87E26986} - C:\PROGRA~1\OOVOOT~1\OOVOOT~1.DLL
O3 - Toolbar: livetvbar Toolbar - {ad55c869-668e-457c-b270-0cfb2f61116f} - C:\Program Files\livetvbar\tblive.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = pasco.k12.fl.us
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = pasco.k12.fl.us
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,avgrsstx. dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10107 bytes




Before going through this process, all i had done to try to clean my system was to attempt to run AVG several times and to run Ad-Aware 2008. However, these scans were rarely able to finish, because the computer would crash before completion. On the rare occasion that one of the just mentioned scans did finish, they usually did not turn up anything of much significance. There was one time though where AVG found a gaop...dll file (the exact .dll is gaopdxxdeyicbx.dll). From my understanding, this is the prefix for the FakeAlert virus family. With this being said, one of the scans in the Malware Removal Guide Process (SUPERAnti-spyware I believe) found and removed a .dll file with the "gaop..." prefix. I am hoping that was the one that was causing all the problems and that now my computer is clean.


Thanks for all the help,

Live4tenors
Reply With Quote
  #2 (permalink)   Top
Old 23rd March 2009, 10:10 PM
evilfantasy's Avatar
Security Team
  
Join Date: Dec 2007, 2,555 posts.
Location: Tulsa, OK
Reputation: evilfantasy will become famous soon enoughevilfantasy will become famous soon enough
Looks OK but we need to remove a few things still.

Were you able to run the MalwareBytes scan?

Download from DDS by sUBs and save it to your Desktop.

Vista users. Right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* Double click on dds to run it.
* When done, DDS.txt will open.
* You will receive another prompt after a while. Click Yes at the prompt and for the next scan to complete.
* When done, Attach.txt will open.
* Please copy and paste the contents of DDS.txt and Attach.txt in your next reply.
__________________
.

ƃolq s’ʎsɐʇuɐɟlıʌǝ
Reply With Quote
  #3 (permalink)   Top
Old 23rd March 2009, 10:15 PM
live4tenors's Avatar
Newcomer
  
Join Date: Mar 2009, 26 posts.
Reputation: live4tenors is on a distinguished road
Yes i was able to run the Malwarebytes scan. i forgot to post that log, here it is:

Malwarebytes' Anti-Malware 1.34
Database version: 1889
Windows 6.0.6001 Service Pack 1

3/23/2009 3:15:50 PM
mbam-log-2009-03-23 (15-15-50).txt

Scan type: Quick Scan
Objects scanned: 64140
Time elapsed: 9 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 3
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\MS Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\{NSINAME} (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Folders Infected:
C:\Windows\System32\931928 (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Users\The Kids\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\freshplay (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\freshplay (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Files Infected:
C:\Windows\System32\MSINET.oca (Rogue.Trace) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\freshplay\Uninstall.lnk (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\MSVolume.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32\gaopdxcounter (Trojan.Agent) -> Quarantined and deleted successfully.



i will download those things u just mentioned and will let you know how it goes.


PS-i may have double-posted on accident. not sure. if i did, srry about that lol.
Reply With Quote
  #4 (permalink)   Top
Old 23rd March 2009, 10:22 PM
evilfantasy's Avatar
Security Team
  
Join Date: Dec 2007, 2,555 posts.
Location: Tulsa, OK
Reputation: evilfantasy will become famous soon enoughevilfantasy will become famous soon enough
Quote:
PS-i may have double-posted on accident. not sure. if i did, srry about that lol.
I took care of that.

Will be awaiting the DSS logs now...
__________________
.

ƃolq s’ʎsɐʇuɐɟlıʌǝ
Reply With Quote
  #5 (permalink)   Top
Old 23rd March 2009, 10:24 PM
live4tenors's Avatar
Newcomer
  
Join Date: Mar 2009, 26 posts.
Reputation: live4tenors is on a distinguished road
Cant seem to be able to get the DSS scan to run. i am able to get it to the point where it gives the general introduction of the program, but after that, i am not sure of what to do in order to actually get the scan to run.
Reply With Quote
  #6 (permalink)   Top
Old 23rd March 2009, 10:27 PM
live4tenors's Avatar
Newcomer
  
Join Date: Mar 2009, 26 posts.
Reputation: live4tenors is on a distinguished road
Never mind, i got it to work. Here are the logs:


DDS:


DDS (Ver_09-03-16.01) - NTFSx86
Run by The Kids at 18:25:33.58 on Mon 03/23/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_12
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.958.101 [GMT -4:00]

AV: Norton 360 *On-access scanning enabled* (Updated)
FW: Norton 360 *enabled*

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskeng.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\The Kids\Desktop\dds.pif

============== Pseudo HJT Report ===============

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1576177
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion &pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion &pf=laptop
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn1\yt.dll
uURLSearchHooks: livetvbar Toolbar: {ad55c869-668e-457c-b270-0cfb2f61116f} - c:\program files\livetvbar\tblive.dll
mURLSearchHooks: livetvbar Toolbar: {ad55c869-668e-457c-b270-0cfb2f61116f} - c:\program files\livetvbar\tblive.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn1\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\common files\symantec shared\coshared\browser\2.6\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
BHO: ooVoo Toolbar: {a057a204-bacc-4d26-8087-36ee87e26986} - c:\progra~1\oovoot~1\OOVOOT~1.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: livetvbar Toolbar: {ad55c869-668e-457c-b270-0cfb2f61116f} - c:\program files\livetvbar\tblive.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn1\yt.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.6\CoIEPlg.dll
TB: ooVoo Toolbar: {a057a204-bacc-4d26-8087-36ee87e26986} - c:\progra~1\oovoot~1\OOVOOT~1.DLL
TB: livetvbar Toolbar: {ad55c869-668e-457c-b270-0cfb2f61116f} - c:\program files\livetvbar\tblive.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Aim6]
uRun: [AdobeBridge]
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [WD Drive Manager] c:\program files\western digital\wd drive manager\WDBtnMgrUI.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL,avgrsstx. dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\thekid~1\appdata\roaming\mozilla\firefox\ profiles\ykgxezp7.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\mozilla firefox\components\coFFPlgn.dll
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\download manager\npfpdlm.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nptgeqplugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\users\the kids\appdata\roaming\mozilla\firefox\profiles\ykgx ezp7.default\extensions\iaplayer@instantaction.com \plugins\npiaplayer.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-3-16 325640]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-3-16 107912]
R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\ipsd efs\20090318.001\IDSvix86.sys [2009-3-23 272432]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-2-17 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-2-17 55024]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-3-16 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-3-16 298264]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-10-30 149352]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-3-31 24652]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\western digital\wd drive manager\WDBtnMgrSvc.exe [2008-5-16 102400]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-2-26 101936]
R3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\symn disv.sys [2009-2-19 41008]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mo n.sys [2008-1-12 23888]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2008-12-23 50704]
S3 PsSdk30;PsSdk30;c:\windows\system32\drivers\PsSdk3 0.drv [2009-3-5 22528]
S3 RDID1009;EDIROL UM-1;c:\windows\system32\drivers\Rdwm1009.sys [2008-12-30 56832]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-2-17 7408]
S3 XDva190;XDva190;c:\windows\system32\XDva190.sys [2008-9-3 46720]
S4 AutoSyncService;Memeo AutoSync ;c:\program files\memeo\autosync\MemeoService.exe [2007-7-6 31768]

=============== Created Last 30 ================

2009-03-23 16:45 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-20 22:34 7,680 a------- c:\windows\system32\spwmp.dll
2009-03-20 22:34 4,096 a------- c:\windows\system32\msdxm.ocx
2009-03-20 22:34 4,096 a------- c:\windows\system32\dxmasf.dll
2009-03-20 22:34 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-03-20 22:34 268,288 a------- c:\windows\system32\schannel.dll
2009-03-20 22:34 2,033,152 a------- c:\windows\system32\win32k.sys
2009-03-20 22:31 <DIR> --d----- c:\program files\CCleaner
2009-03-20 22:04 <DIR> --d----- c:\programdata\SUPERAntiSpyware.com
2009-03-20 22:04 <DIR> --d----- c:\progra~2\SUPERAntiSpyware.com
2009-03-20 22:02 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-03-20 22:02 <DIR> --d----- c:\users\thekid~1\appdata\roaming\SUPERAntiSpyware .com
2009-03-20 13:37 <DIR> --d----- c:\users\thekid~1\appdata\roaming\Malwarebytes
2009-03-20 13:37 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-20 13:37 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-20 13:37 <DIR> --d----- c:\programdata\Malwarebytes
2009-03-20 13:37 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-03-20 13:37 <DIR> --d----- c:\progra~2\Malwarebytes
2009-03-17 06:06 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-03-16 20:04 <DIR> --d----- c:\program files\Lavasoft
2009-03-16 19:34 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-03-16 19:34 107,912 a------- c:\windows\system32\drivers\avgtdix.sys
2009-03-16 19:34 325,640 a------- c:\windows\system32\drivers\avgldx86.sys
2009-03-16 19:34 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-03-15 02:02 <DIR> --d----- c:\programdata\avg8
2009-03-15 02:02 <DIR> --d----- c:\progra~2\avg8
2009-03-09 15:28 428,544 a------- c:\windows\system32\EncDec.dll
2009-03-09 15:28 217,088 a------- c:\windows\system32\psisrndr.ax
2009-03-09 15:28 293,376 a------- c:\windows\system32\psisdecd.dll
2009-03-09 15:28 177,664 a------- c:\windows\system32\mpg2splt.ax
2009-03-09 15:28 80,896 a------- c:\windows\system32\MSNP.ax
2009-03-09 15:12 827,392 a------- c:\windows\system32\wininet.dll
2009-03-09 15:12 1,383,424 a------- c:\windows\system32\mshtml.tlb
2009-03-05 16:36 22,528 a--s---- c:\windows\system32\drivers\PsSdk30.drv
2009-03-03 02:42 49,152 a------- c:\windows\system32\npptools.dll
2009-03-03 02:11 <DIR> --d----- c:\program files\WinPcap
2009-03-02 15:17 <DIR> --d----- c:\program files\XBC
2009-02-26 14:46 42,320 a------- c:\windows\system32\xfcodec.dll
2009-02-21 21:44 7,278 a------- c:\windows\FPTV.ico
2009-02-21 21:44 7,278 a------- c:\windows\FHDTV.ico
2009-02-21 21:44 4,286 a------- c:\windows\FMOD.ico
2009-02-21 21:44 128 a------- c:\windows\Free Movies OnDemand.url
2009-02-21 21:44 128 a------- c:\windows\Free High Definition TV.url
2009-02-21 21:44 128 a------- c:\windows\Free Flat Panel TV.url
2009-02-21 21:44 <DIR> --d----- c:\program files\Conduit
2009-02-21 21:44 <DIR> --d----- c:\program files\livetvbar
2009-02-21 21:44 674,138 a------- c:\windows\unins000.exe
2009-02-21 21:44 9,321 a------- c:\windows\unins000.dat

==================== Find3M ====================

2009-03-22 01:11 92,052 a------- c:\programdata\nvModes.dat
2009-03-22 01:11 92,052 a------- c:\progra~2\nvModes.dat
2009-02-26 21:22 143,360 a------- c:\windows\inf\infstrng.dat
2009-02-26 21:22 86,016 a------- c:\windows\inf\infstor.dat
2009-02-26 21:22 51,200 a------- c:\windows\inf\infpub.dat
2009-02-19 12:31 24,112 a------- c:\windows\system32\drivers\SymIMV.sys
2009-02-19 12:31 9,844 a------- c:\windows\system32\drivers\SymRedir.cat
2009-02-19 12:31 1,611 a------- c:\windows\system32\drivers\SymRedir.inf
2009-02-19 12:31 41,008 a------- c:\windows\system32\drivers\symndisv.sys
2009-02-19 12:31 184,496 a------- c:\windows\system32\drivers\symtdi.sys
2009-02-19 12:31 96,560 a------- c:\windows\system32\drivers\symfw.sys
2009-02-19 12:31 38,576 a------- c:\windows\system32\drivers\symids.sys
2009-02-19 12:31 22,320 a------- c:\windows\system32\drivers\symredrv.sys
2009-02-19 12:31 13,616 a------- c:\windows\system32\drivers\symdns.sys
2009-01-23 10:11 7,728 a------- c:\users\thekid~1\appdata\roaming\wklnhst.dat
2008-12-30 21:10 60,322 a------- c:\users\thekid~1\appdata\roaming\nvModes.dat
2008-12-30 16:25 174 a--sh--- c:\program files\desktop.ini
2008-12-30 16:06 665,600 a------- c:\windows\inf\drvindex.dat
2008-12-30 15:16 101,888 a------- c:\windows\system32\ifxcardm.dll
2008-12-30 15:16 82,432 a------- c:\windows\system32\axaltocm.dll
2008-12-30 06:26 118,784 a------- c:\windows\dsdxirmv.exe
2008-12-15 16:55 30 a------- c:\users\the kids\jagex_runescape_preferences.dat
2008-12-08 23:38 56 a---h--- c:\programdata\ezsidmv.dat
2008-12-08 23:38 56 a---h--- c:\progra~2\ezsidmv.dat
2008-06-18 10:37 604 a---h--- c:\program files\STLL Notifier
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-08-30 10:55 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\lo cal\microsoft\windows\history\history.ie5\index.da t
2008-08-30 10:55 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\lo cal\microsoft\windows\temporary internet files\content.ie5\index.dat
2008-08-30 10:55 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\ro aming\microsoft\windows\cookies\index.dat

============= FINISH: 18:27:17.54 ===============



Attach:



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 3/30/2008 8:28:58 AM
System Uptime: 3/23/2009 3:19:30 PM (3 hours ago)

Motherboard: Quanta | | 30B7
Processor: AMD Turion(tm) 64 X2 Mobile Technology TL-56 | Socket S1 | 1800/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 142 GiB total, 22.389 GiB free.
D: is FIXED (NTFS) - 7 GiB total, 0.333 GiB free.
E: is CDROM ()
F: is FIXED (FAT32) - 931 GiB total, 728.519 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Hamachi Network Interface
Device ID: ROOT\NET\0000
Manufacturer: LogMeIn, Inc.
Name: Hamachi Network Interface
PNP Device ID: ROOT\NET\0000
Service: hamachi

Class GUID: {6bdd1fc5-810f-11d0-bec7-08002be2092f}
Description: Serial Cable using IrDA Protocol
Device ID: ROOT\UNKNOWN\0000
Manufacturer: (Standard Infrared Port)
Name: Serial Cable using IrDA Protocol
PNP Device ID: ROOT\UNKNOWN\0000
Service: irsir

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

Acoustica Effects Pack
Acoustica Mixcraft 4.1
Activation Assistant for the 2007 Microsoft Office suites
Ad-Aware
Adobe After Effects CS3
Adobe After Effects CS3 Presets
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color Common Settings
Adobe Color Video Profiles CS CS4
Adobe Default Language CS4
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe Media Player
Adobe MotionPicture Color Files
Adobe PDF Library Files CS4
Adobe Reader 8.1.3
Adobe Setup
Adobe Type Support CS4
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
AdobeColorCommonSetRGB
AIM 6
Any Video Converter 2.5.9
AppCore
Apple Mobile Device Support
Apple Software Update
ASIO4ALL
ASL_HS_Installer32
Audacity 1.3.4 (Unicode)
AutoCAD 2009 - English
AutoUpdate
AVG 8.5
Azureus Vuze
Backup
Beneton Movie GIF 1.1.2
Blender (remove only)
Bonjour
Call of Duty Game of the Year Edition
ccCommon
CCleaner (remove only)
Collab
Combat Arms
Command & Conquer Generals
Conexant HD Audio
Deckadance
DivX Codec
DivX Converter
DivX Player
DivX Web Player
Download Manager 2.3.6
DreamStation DXi2
Echo3G PCI
Edirol HQ Orchestral VSTi v1.03
Edirol Hyper Canvas v1.53
EDIROL UM-1 Driver
Endless Sunset
Express Burn
Express Rip
FATE from WildGames (remove only)
FL Studio 8
Flight Simulator Screensaver 1.1
Fraps (remove only)
GearDrvs
GlaceVerb 1.01
Google Desktop
Google Toolbar for Internet Explorer
Guitar Pro 5.0
Hamachi 1.0.3.0
HDAUDIO Soft Data Fax Modem with SmartCP
Hewlett-Packard Active Check for Health Check
Hewlett-Packard Asset Agent for Health Check
HijackThis 2.0.2
HP Active Support Library
HP Connections (remove only)
HP Customer Experience Enhancements
HP Easy Setup - Core
HP Easy Setup - Frontend
HP Help and Support
HP Pavilion Webcam Driver for Vista v061.001.00005
HP Quick Launch Buttons 6.10 B9
HP QuickPlay 3.0
HP Total Care Advisor
HP Update
HP User Guide 0041
HP Wireless Assistant
HPNetworkAssistant
HyperCam 2
IL Download Manager
iTunes
Java(TM) 6 Update 12
Java(TM) SE Runtime Environment 6
LightScribe 1.4.124.1
Lineage II
LIVETV4PC
livetvbar Toolbar
LiveUpdate (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Malwarebytes' Anti-Malware
Melodyne 3.1
Memeo AutoSync
Microsoft Age of Empires Gold
Microsoft Age of Empires II
Microsoft Age of Empires II: The Conquerors Expansion
Microsoft Math 3.0
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MobileMe Control Panel
Move Networks Media Player for Internet Explorer
Mozilla Firefox (3.0.7)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
muvee autoProducer 5.0
My HP Games
Neuratron PhotoScore Lite
Norton 360
Norton 360 (Symantec Corporation)
Norton 360 HTMLHelp
Norton Confidential Core
NVIDIA Drivers
ooVoo
ooVoo Toolbar
OpenAL
Picasa 2
Pocket Tanks v1.3
PoiZone
PowerISO
Prism Video Converter
QuickTime
RaycastingGameMaker
RealPlayer
reFX Nexus 1.0.0
reFX Nexus 1.0.9
Regnum Online
Rob Papen Albino 3
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD Basic v9
Safari
Sibelius 5
Sibelius Sounds Gold
Sid Meier's Civilization 4
Skype™ 3.8
Snitch
SONAR 7 Producer Edition
Sonic Activation Module
Sonik Synth 2 Free
Sony Noise Reduction Plug-In 2.0h
Sony Sound Forge 9.0
Sony Vegas Pro 8.0
SoundTap Streaming Audio Recorder
SPBBC 32bit
Spelling Dictionaries Support For Adobe Reader 8
Star Wars Jedi Knight Jedi Academy
Starcraft
Stronghold Crusader
SUPERAntiSpyware Free Edition
Switch Sound File Converter
Symantec Real Time Storage Protection Component
Symantec Technical Support Controls
SymNet
Synaptics Pointing Device Driver
System Requirements Lab
TI Connect 1.6
V-Station 1.5.1
VBA (2627.01)
VC80CRTRedist - 8.0.50727.762
Ventrilo Client
Viewpoint Media Player
WavePad Sound Editor
WD Anywhere Backup
WD Diagnostics
WD Drive Manager (x86)
WeGame Client Beta 1.0.9
WildTangent Web Driver
Windows Media Player Firefox Plugin
WinPcap 4.1 beta5
WinRAR archiver
Worms Armageddon - New Edition
XBC 5.1
Xfire (remove only)
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

3/16/2009 12:05:43 AM, Error: EventLog [6008] - The previous system shutdown at 12:03:09 AM on 3/16/2009 was unexpected.
3/16/2009 12:07:10 AM, Error: Service Control Manager [7000] - The adfs service failed to start due to the following error: The system cannot find the file specified.
3/16/2009 1:39:31 AM, Error: EventLog [6008] - The previous system shutdown at 1:37:44 AM on 3/16/2009 was unexpected.
3/16/2009 1:27:56 PM, Error: EventLog [6008] - The previous system shutdown at 1:22:47 PM on 3/16/2009 was unexpected.
3/16/2009 8:05:17 PM, Error: Service Control Manager [7030] - The Lavasoft Ad-Aware Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
3/16/2009 8:24:57 PM, Error: EventLog [6008] - The previous system shutdown at 8:23:05 PM on 3/16/2009 was unexpected.
3/16/2009 8:29:19 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
3/16/2009 10:28:43 PM, Error: EventLog [6008] - The previous system shutdown at 10:26:59 PM on 3/16/2009 was unexpected.
3/16/2009 10:46:31 PM, Error: EventLog [6008] - The previous system shutdown at 10:44:44 PM on 3/16/2009 was unexpected.
3/16/2009 10:46:56 PM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer Send To OneNote 2007 with shared resource name Send To OneNote 2007. Error 2114. The printer cannot be used by others on the network.
3/16/2009 10:46:56 PM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer KODAK 5300 AiO with shared resource name KODAK 5300 AiO. Error 2114. The printer cannot be used by others on the network.
3/16/2009 10:46:56 PM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer Journal Note Writer with shared resource name Journal Note Writer. Error 2114. The printer cannot be used by others on the network.
3/16/2009 10:46:56 PM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer hp psc 1310 series with shared resource name hp psc 1310 series. Error 2114. The printer cannot be used by others on the network.
3/16/2009 10:46:57 PM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer HP LaserJet 4250 PCL 5 with shared resource name HP LaserJet 4250 PCL 5. Error 2114. The printer cannot be used by others on the network.
3/16/2009 10:46:57 PM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer HP LaserJet 4200 PCL 5 with shared resource name HP LaserJet 4200 PCL 5. Error 2114. The printer cannot be used by others on the network.
3/16/2009 10:51:33 PM, Error: Service Control Manager [7022] - The Background Intelligent Transfer Service service hung on starting.
3/17/2009 12:15:05 AM, Error: EventLog [6008] - The previous system shutdown at 12:12:32 AM on 3/17/2009 was unexpected.
3/17/2009 10:30:44 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.
3/17/2009 10:30:44 PM, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/17/2009 10:30:44 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SENS service.
3/17/2009 10:31:16 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.
3/19/2009 6:23:21 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NlaSvc service.
3/20/2009 7:13:31 AM, Error: EventLog [6008] - The previous system shutdown at 7:11:14 AM on 3/20/2009 was unexpected.
3/20/2009 7:24:38 PM, Error: EventLog [6008] - The previous system shutdown at 7:21:36 PM on 3/20/2009 was unexpected.
3/20/2009 9:12:26 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.

==== End Of File ===========================
Reply With Quote
  #7 (permalink)   Top
Old 23rd March 2009, 10:48 PM
evilfantasy's Avatar
Security Team
  
Join Date: Dec 2007, 2,555 posts.
Location: Tulsa, OK
Reputation: evilfantasy will become famous soon enoughevilfantasy will become famous soon enough
You are running Norton 360 and AVG. Which one would you like to keep? I suggest keeping AVG personally.
__________________
.

ƃolq s’ʎsɐʇuɐɟlıʌǝ
Reply With Quote
  #8 (permalink)   Top
Old 23rd March 2009, 11:34 PM
live4tenors's Avatar
Newcomer
  
Join Date: Mar 2009, 26 posts.
Reputation: live4tenors is on a distinguished road
I would like to keep AVG. There are only a little under 70 days left on my Norton subscription, so after that runs out, i will use AVG.
Reply With Quote
  #9 (permalink)   Top
Old 23rd March 2009, 11:38 PM
evilfantasy's Avatar
Security Team
  
Join Date: Dec 2007, 2,555 posts.
Location: Tulsa, OK
Reputation: evilfantasy will become famous soon enoughevilfantasy will become famous soon enough
Uninstall AVG until the time is up on the Norton. Having two antivirus is problematic and actually leaves you more vulnerable to infection. Or go ahead and uninstall Norton now...

Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note: It is important that it is saved directly to your Desktop

Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Double click combofix.exe & follow the prompts.
When finished ComboFix will produce a log for you.
Post the ComboFix log in your next reply.

Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.

If you have problems with ComboFix usage, see How to use ComboFix
__________________
.

ƃolq s’ʎsɐʇuɐɟlıʌǝ
Reply With Quote
  #10 (permalink)   Top
Old 24th March 2009, 12:21 AM
live4tenors's Avatar
Newcomer
  
Join Date: Mar 2009, 26 posts.
Reputation: live4tenors is on a distinguished road
I can find no way to disable my Norton 360 anywhere. I had though that i had disabled it, however, when i went to run ComboFix, my computer beeped and then a warning flashed up stating that Norton 360 had not been disabled and was still running. now i cant seem to get Combofix to shut down till i can disable Norton (if its even possible).
Reply With Quote
  #11 (permalink)   Top
Old 24th March 2009, 01:17 AM
evilfantasy's Avatar
Security Team
  
Join Date: Dec 2007, 2,555 posts.
Location: Tulsa, OK
Reputation: evilfantasy will become famous soon enoughevilfantasy will become famous soon enough
Just continue with the ComboFix instructions. If the antivirus tries to block it then just allow it to run and not be blocked.
__________________
.

ƃolq s’ʎsɐʇuɐɟlıʌǝ
Reply With Quote
  #12 (permalink)   Top
Old 24th March 2009, 01:23 AM
live4tenors's Avatar
Newcomer
  
Join Date: Mar 2009, 26 posts.
Reputation: live4tenors is on a distinguished road
Alrighty, i wasnt sure if it would be ok to run the ComboFix thing even with the Norton still running. I'll go ahead and run it though, and hope for the best. Will post the logs when its done.
Reply With Quote
  #13 (permalink)   Top
Old 24th March 2009, 02:03 AM
live4tenors's Avatar
Newcomer
  
Join Date: Mar 2009, 26 posts.
Reputation: live4tenors is on a distinguished road
Here is the ComboFix log:

ComboFix 09-03-22.01 - The Kids 2009-03-23 21:52:00.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.958.429 [GMT -4:00]
Running from: c:\users\The Kids\Desktop\ComboFix.exe
AV: Norton 360 *On-access scanning enabled* (Updated)
FW: Norton 360 *enabled*
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-02-24 to 2009-03-24 )))))))))))))))))))))))))))))))
.

2009-03-23 20:33 . 2009-03-23 20:33 6,736 --a------ c:\windows\System32\drivers\PROCEXP90.SYS
2009-03-23 16:45 . 2009-03-23 16:44 410,984 --a------ c:\windows\System32\deploytk.dll
2009-03-20 22:34 . 2008-12-15 23:29 8,147,456 --a------ c:\windows\System32\wmploc.DLL
2009-03-20 22:34 . 2009-02-08 23:10 2,033,152 --a------ c:\windows\System32\win32k.sys
2009-03-20 22:34 . 2008-11-27 00:43 268,288 --a------ c:\windows\System32\schannel.dll
2009-03-20 22:34 . 2008-12-16 01:31 7,680 --a------ c:\windows\System32\spwmp.dll
2009-03-20 22:34 . 2008-12-16 01:31 4,096 --a------ c:\windows\System32\msdxm.ocx
2009-03-20 22:34 . 2008-12-16 01:31 4,096 --a------ c:\windows\System32\dxmasf.dll
2009-03-20 22:31 . 2009-03-20 22:31 <DIR> d-------- c:\program files\CCleaner
2009-03-20 22:04 . 2009-03-20 22:04 <DIR> d-------- c:\users\All Users\SUPERAntiSpyware.com
2009-03-20 22:04 . 2009-03-20 22:04 <DIR> d-------- c:\programdata\SUPERAntiSpyware.com
2009-03-20 22:02 . 2009-03-20 22:02 <DIR> d-------- c:\users\The Kids\AppData\Roaming\SUPERAntiSpyware.com
2009-03-20 22:02 . 2009-03-20 22:02 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-03-20 13:37 . 2009-03-20 13:37 <DIR> d-------- c:\users\The Kids\AppData\Roaming\Malwarebytes
2009-03-20 13:37 . 2009-03-20 13:37 <DIR> d-------- c:\users\All Users\Malwarebytes
2009-03-20 13:37 . 2009-03-20 13:37 <DIR> d-------- c:\programdata\Malwarebytes
2009-03-20 13:37 . 2009-03-20 13:37 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-20 13:37 . 2009-02-11 10:19 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-03-20 13:37 . 2009-02-11 10:19 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-03-16 20:04 . 2009-03-16 20:04 <DIR> d-------- c:\program files\Lavasoft
2009-03-15 02:02 . 2009-03-23 19:47 <DIR> d-------- c:\users\All Users\avg8
2009-03-15 02:02 . 2009-03-23 19:47 <DIR> d-------- c:\programdata\avg8
2009-03-09 15:28 . 2008-12-05 00:32 428,544 --a------ c:\windows\System32\EncDec.dll
2009-03-09 15:28 . 2008-12-05 00:32 293,376 --a------ c:\windows\System32\psisdecd.dll
2009-03-09 15:28 . 2008-12-05 00:31 217,088 --a------ c:\windows\System32\psisrndr.ax
2009-03-09 15:28 . 2008-12-05 00:31 177,664 --a------ c:\windows\System32\mpg2splt.ax
2009-03-09 15:28 . 2008-12-05 00:31 80,896 --a------ c:\windows\System32\MSNP.ax
2009-03-09 15:12 . 2009-01-14 23:36 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2009-03-09 15:12 . 2009-01-15 02:11 827,392 --a------ c:\windows\System32\wininet.dll
2009-03-08 21:45 . 2009-03-08 21:45 <DIR> dr------- c:\windows\System32\config\systemprofile\Music
2009-03-05 16:36 . 2009-03-05 16:36 22,528 --a-s---- c:\windows\System32\drivers\PsSdk30.drv
2009-03-03 02:42 . 2004-05-13 17:37 49,152 --a------ c:\windows\System32\npptools.dll
2009-03-03 02:11 . 2009-03-04 23:09 <DIR> d-------- c:\program files\WinPcap
2009-03-02 15:17 . 2009-03-06 17:24 <DIR> d-------- c:\program files\XBC
2009-02-26 14:46 . 2009-02-26 14:46 42,320 --a------ c:\windows\System32\xfcodec.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-03-23 23:43 92,052 ----a-w c:\users\All Users\nvModes.dat
2009-03-23 23:43 92,052 ----a-w c:\programdata\nvModes.dat
2009-03-23 20:44 --------- d-----w c:\program files\Java
2009-03-21 07:22 --------- d-----w c:\program files\Windows Mail
2009-03-21 02:01 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-03-17 00:04 --------- d-----w c:\programdata\Lavasoft
2009-03-09 00:52 --------- d-----w c:\programdata\Xfire
2009-03-06 23:15 --------- d-----w c:\programdata\NCH Swift Sound
2009-03-06 17:23 --------- d-----w c:\users\The Kids\AppData\Roaming\IGN_DLM
2009-03-06 15:03 --------- d-----w c:\users\The Kids\AppData\Roaming\Xfire
2009-03-06 14:59 --------- d-----w c:\program files\Xfire
2009-03-05 21:02 --------- d-----w c:\users\The Kids\AppData\Roaming\Yahoo!
2009-03-05 06:01 --------- d-----w c:\users\The Kids\AppData\Roaming\Skype
2009-03-05 05:09 --------- d-----w c:\users\The Kids\AppData\Roaming\skypePM
2009-03-05 03:04 --------- d-----w c:\users\The Kids\AppData\Roaming\oovooToolbar
2009-03-03 16:23 --------- d-----w c:\program files\Common Files\Adobe
2009-02-27 01:21 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-02-24 03:22 --------- d-----w c:\program files\DivX
2009-02-22 01:44 674,138 ----a-w c:\windows\unins000.exe
2009-02-22 01:44 --------- d-----w c:\program files\livetvbar
2009-02-22 01:44 --------- d-----w c:\program files\Conduit
2009-02-20 16:49 --------- d-----w c:\program files\SystemRequirementsLab
2009-02-20 16:43 --------- d-----w c:\users\The Kids\AppData\Roaming\SystemRequirementsLab
2009-02-19 16:31 96,560 ----a-w c:\windows\system32\drivers\symfw.sys
2009-02-19 16:31 9,844 ----a-w c:\windows\system32\drivers\SymRedir.cat
2009-02-19 16:31 41,008 ----a-w c:\windows\system32\drivers\symndisv.sys
2009-02-19 16:31 38,576 ----a-w c:\windows\system32\drivers\symids.sys
2009-02-19 16:31 24,112 ----a-w c:\windows\system32\drivers\SymIMV.sys
2009-02-19 16:31 22,320 ----a-w c:\windows\system32\drivers\symredrv.sys
2009-02-19 16:31 184,496 ----a-w c:\windows\system32\drivers\symtdi.sys
2009-02-19 16:31 13,616 ----a-w c:\windows\system32\drivers\symdns.sys
2009-02-19 16:31 1,611 ----a-w c:\windows\system32\drivers\SymRedir.inf
2009-02-14 03:29 --------- d-----w c:\users\The Kids\AppData\Roaming\Acreon
2009-02-13 22:16 --------- d-----w c:\users\The Kids\AppData\Roaming\Hamachi
2009-02-13 21:25 --------- d-----w c:\program files\AVG
2009-02-13 21:23 --------- d-----w c:\program files\Common Files\Autodesk Shared
2009-02-13 21:23 --------- d-----w c:\program files\AutoCAD 2009
2009-02-12 22:09 --------- d---a-w c:\programdata\TEMP
2009-02-11 00:52 --------- d-----w c:\program files\Common Files\Adobe AIR
2009-02-10 21:03 --------- d-----w c:\users\The Kids\AppData\Roaming\Azureus
2009-02-10 03:24 --------- d-----w c:\users\The Kids\AppData\Roaming\Audacity
2009-02-04 23:47 --------- d-----w c:\users\The Kids\AppData\Roaming\Ventrilo
2009-02-02 04:11 --------- d-----w c:\program files\Download Manager
2009-01-29 22:04 --------- d-----w c:\program files\Azureus
2009-01-29 21:32 --------- d-----w c:\program files\Sony
2009-01-29 12:01 --------- d-----w c:\program files\Vstplugins
2009-01-29 12:00 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-29 12:00 --------- d-----w c:\program files\u-he
2009-01-29 12:00 --------- d-----w c:\program files\Common Files\Digidesign
2009-01-29 12:00 --------- d-----w c:\program files\Celemony
2009-01-27 21:42 --------- d-----w c:\program files\Bonjour
2009-01-26 20:11 --------- d-----w c:\program files\Image-Line
2009-01-26 19:56 --------- d-----w c:\program files\Outsim
2009-01-25 02:48 --------- d-----w c:\users\The Kids\AppData\Roaming\Acoustica
2009-01-25 02:48 --------- d-----w c:\programdata\Acoustica
2009-01-25 02:48 --------- d-----w c:\program files\Acoustica Shared Effects
2009-01-25 02:48 --------- d-----w c:\program files\Acoustica Mixcraft 4
2009-01-23 14:11 7,728 ----a-w c:\users\The Kids\AppData\Roaming\wklnhst.dat
2008-12-31 01:10 60,322 ----a-w c:\users\The Kids\AppData\Roaming\nvModes.dat
2008-12-30 20:25 174 --sha-w c:\program files\desktop.ini
2008-12-30 10:26 118,784 ----a-w c:\windows\dsdxirmv.exe
2008-12-15 20:55 30 ----a-w c:\users\The Kids\jagex_runescape_preferences.dat
2008-12-09 03:38 56 ---ha-w c:\users\All Users\ezsidmv.dat
2008-12-09 03:38 56 ---ha-w c:\programdata\ezsidmv.dat
2008-06-18 14:37 604 ---ha-w c:\program files\STLL Notifier
2008-06-30 17:44 324,976 ----a-w c:\program files\mozilla firefox\components\coFFPlgn.dll
2008-12-25 14:15 135,680 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2008-08-30 14:55 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\Microsoft\Windows\History\History.IE5\index.da t
2008-08-30 14:55 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-08-30 14:55 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Ro aming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ad55c869-668e-457c-b270-0cfb2f61116f}"= "c:\program files\livetvbar\tblive.dll" [2008-07-10 1600024]

[HKEY_CLASSES_ROOT\clsid\{ad55c869-668e-457c-b270-0cfb2f61116f}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-8087-36EE87E26986}]
2008-07-29 15:56 1987544 --a------ c:\progra~1\OOVOOT~1\OOVOOT~1.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ad55c869-668e-457c-b270-0cfb2f61116f}]
2008-07-10 15:04 1600024 --a------ c:\program files\livetvbar\tblive.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A057A204-BACC-4D26-8087-36EE87E26986}"= "c:\progra~1\OOVOOT~1\OOVOOT~1.DLL" [2008-07-29 1987544]
"{ad55c869-668e-457c-b270-0cfb2f61116f}"= "c:\program files\livetvbar\tblive.dll" [2008-07-10 1600024]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-8087-36ee87e26986}]
[HKEY_CLASSES_ROOT\oovooToolbar.OOVOOTOOLBAR]

[HKEY_CLASSES_ROOT\clsid\{ad55c869-668e-457c-b270-0cfb2f61116f}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{A057A204-BACC-4D26-8087-36EE87E26986}"= "c:\progra~1\OOVOOT~1\OOVOOT~1.DLL" [2008-07-29 1987544]
"{AD55C869-668E-457C-B270-0CFB2F61116F}"= "c:\program files\livetvbar\tblive.dll" [2008-07-10 1600024]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-8087-36ee87e26986}]
[HKEY_CLASSES_ROOT\oovooToolbar.OOVOOTOOLBAR]

[HKEY_CLASSES_ROOT\clsid\{ad55c869-668e-457c-b270-0cfb2f61116f}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1021224]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-11-24 167936]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 159744]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 317152]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-23 148888]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"WD Drive Manager"="c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe" [2008-05-16 430080]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-04 13556256]
"NvMediaCenter"="c:\windows\system32\NvMcTray. dll" [2008-12-04 92704]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-07 44128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GOEC62~ 1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Wind ows^Start Menu^Programs^Startup^HP Connections.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Connections.lnk
backup=c:\windows\pss\HP Connections.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^The Kids^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^hamachi.lnk]
path=c:\users\The Kids\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hamachi.lnk
backup=c:\windows\pss\hamachi.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^The Kids^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Memeo AutoSync Launcher.lnk]
path=c:\users\The Kids\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Memeo AutoSync Launcher.lnk
backup=c:\windows\pss\Memeo AutoSync Launcher.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^The Kids^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\The Kids\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^The Kids^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^WD Anywhere Backup Launcher.lnk]
path=c:\users\The Kids\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WD Anywhere Backup Launcher.lnk
backup=c:\windows\pss\WD Anywhere Backup Launcher.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-10-15 02:04 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EKIJ5000StatusMonitor]
--a------ 2008-02-19 01:01 1052672 c:\windows\System32\spool\drivers\w32x86\3\EKIJ500 0MUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2008-12-25 10:15 1838592 c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
--a------ 2006-11-28 19:42 46704 c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2007-05-08 17:24 54840 c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
--a------ 2006-11-21 20:36 1474560 c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
--a------ 2006-10-18 13:32 472800 c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
--a------ 2008-08-01 14:36 1103216 c:\program files\Download Manager\DLM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
--a------ 2006-03-20 18:34 213936 c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 14:20 290088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]
--a------ 2008-02-26 10:50 988512 c:\program files\Norton 360\osCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
--a------ 2007-02-20 21:18 366400 c:\program files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2008-03-14 19:50 233472 c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-11-04 11:30 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-06-03 10:11 185896 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2008-01-19 03:38 1008184 c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--a------ 2008-01-19 03:33 202240 c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"{95ECDD01-AB84-4195-A36C-29147C571235}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{9E02C4F2-DF48-4ADA-B6DF-757714F01315}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{847B4D9A-56A3-49A5-9521-2D7585715908}"= UDP:c:\program files\HP\QuickPlay\QP.exe:QP
"{90528E1E-A1FE-4A81-B793-12DCFBBD3662}"= TCP:c:\program files\HP\QuickPlay\QP.exe:QP
"{090CF6CF-EE2B-41E5-8C78-4E27BDD9A0C7}"= UDP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{6B57F522-FAAD-41A8-B1C1-953062BF9446}"= c:\program files\HP Connections\6811507\Program\HP Connections:HP Connections
"{AB06BDE8-59B8-48EC-BE3A-F47C57907ABE}"= UDP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{81A65DC1-77E6-4167-8E14-4B7FCA87FA72}"= TCP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{EC58DC15-F7C5-434D-85D3-CDAD99FD9AC4}"= UDP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{60DEC888-F219-4253-B879-9DCB9F49D1E6}"= TCP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{69766FF7-C030-44B6-941A-342BD87A0965}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{6B858232-CDA8-4787-BC69-95686C88817A}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{964A17A2-B864-49C4-AE05-C970AF48F245}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{D0E33B3D-1A5D-4264-A998-9D761F9F2B0E}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{E4F8C58C-172C-4E9F-87BD-9C7CCBAA8251}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{0CA0798A-3E2C-4FD7-BEAB-7513E7519FE5}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{1DAEAF7A-EEF0-4055-8982-1FA5DAD6196A}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{6F1A09BD-D58B-4CDC-88C2-525E875426A1}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{A3A9B5E7-66A9-4A88-96BC-0E02506CD669}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{146C74A2-7388-4BB5-A0CD-95DEDF3E8DCB}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{A5A30352-1D7E-4BD5-AE28-B6829E35A2CC}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{EDBE90CE-2F37-4AB7-9B89-5B1A5EF9CC52}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{79084186-ABA1-457E-9479-14E780B29913}"= UDP:c:\program files\Electronic Arts\Battlefield 2142 Demo\BF2142.exe:Battlefield 2
"{68BBC46E-6EE7-49F8-ACB8-EC8F4A1424FB}"= TCP:c:\program files\Electronic Arts\Battlefield 2142 Demo\BF2142.exe:Battlefield 2
"{D3E7D3C0-C187-4DF1-8298-D0EF5B89EFAF}"= UDP:c:\program files\vghd\vghd.exe:VirtuaGirl HD
"{1039C10D-D5F5-4968-A930-DAB140CB2BE4}"= TCP:c:\program files\vghd\vghd.exe:VirtuaGirl HD
"{299A7502-5AA8-4E53-A0E9-379709870F22}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{5F8D0592-F6AC-4366-87DD-CAC189946573}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{FAC59CCB-FED0-4F97-9C66-2DEC7AD5DEFF}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{ABA9249B-CCFC-45E6-A17F-57AD46511A42}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{38B5B822-C472-4C02-B43E-38F7401FE1A1}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{D767EED9-C3FA-49EF-8DF2-E916C05B75D7}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{F9D3F265-B097-4274-9092-7E13BD749008}"= UDP:c:\programdata\NexonUS\NGM\NGM.exe:Nexon Game Manager
"{731F1C55-7334-4BB0-9344-56FEDC8FE5DA}"= TCP:c:\programdata\NexonUS\NGM\NGM.exe:Nexon Game Manager
"{58368A42-4ABA-4119-9807-41FD6CD13F21}"= UDP:c:\nexon\Combat Arms\NMService.exe:Nexon Messenger Core
"{2D750FEF-AF4B-4A07-8C8A-D4C79A0BFA22}"= TCP:c:\nexon\Combat Arms\NMService.exe:Nexon Messenger Core
"{9ABB0E82-030A-45D0-BBC3-E17D50FA2A45}"= UDP:c:\program files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"{CD66240A-DB0B-4A2B-A20B-E0141C830BDC}"= TCP:c:\program files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"{2C7779A5-C781-4A5D-894A-19E8D8C72AFD}"= UDP:443:ooVoo TCP port 443
"{A32A00D8-8EB5-4F4E-A725-B076DA5A7CA9}"= TCP:443:ooVoo UDP port 443
"{DE78D73F-EED6-47D6-B8D8-0EDE1C9AA55B}"= UDP:37674:ooVoo TCP port 37674
"{9397C10D-74D2-44A6-B22C-612C3CDCAEBB}"= TCP:37674:ooVoo UDP port 37674
"{C42DFEC4-D6A8-4878-9AA0-81E6BA74CBC3}"= TCP:37675:ooVoo UDP port 37675
"{1B1AED2E-91F1-4F23-ACF4-B4803EB803CF}"= UDP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{5C1C1CA3-349B-4581-9BCE-14C763016515}"= TCP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{D37A98E1-883B-4C4A-B60B-E4DBB7C6AE50}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{47CD6B3B-91B1-4FD7-914B-2308F86EBEF9}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{3192CBA8-F5A0-402B-BB7C-2A64D832A0D5}"= UDP:c:\program files\AIM6\aim6.exe:AIM
"{01D77EED-A1BF-44D9-B806-E7AEAC3A3DF9}"= TCP:c:\program files\AIM6\aim6.exe:AIM
"{49FA375E-BB30-41E4-9004-2C90803EA2E0}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{AA9619A4-0D80-4931-91D3-DAC3716B220C}"= UDP:5353:Adobe CSI CS4
"{EF57A766-9EDA-4A65-B481-3DC66F334A1D}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.ex e:Adobe CSI CS4
"{2CC51998-F44D-4C91-9154-4A98732EDEC1}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.ex e:Adobe CSI CS4
"{1D4441DD-FB46-4D46-AB88-73A1947651BD}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{96FDF893-0B3F-472E-B5BC-0A03E802DD50}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{26848B8C-1DF1-448C-AB1A-5616AD26A554}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{AFF7E2A0-064A-4913-BACC-2C87CBE7D2BF}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{1813FD63-0BDA-4B6E-9946-F90BBEF8DAE5}"= UDP:c:\program files\XBC\AppUpdater.exe:XBC 5.1
"{4C2552C1-9F38-4AAC-B560-387F3E72BA88}"= TCP:c:\program files\XBC\AppUpdater.exe:XBC 5.1

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
"c:\\Nexon\\Combat Arms\\CombatArms.exe"= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"c:\\Nexon\\Combat Arms\\Engine.exe"= c:\nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe

R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\ipsd efs\20090318.001\IDSvix86.sys [2009-03-23 272432]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-02-17 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-02-17 55024]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [2008-10-30 149352]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2008-03-31 24652]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [2008-05-16 102400]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-02-26 101936]
R3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symn disv.sys [2009-02-19 41008]
S3 COH_Mon;COH_Mon;c:\windows\System32\drivers\COH_Mo n.sys [2008-01-12 23888]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\System32\drivers\npf.sys [2008-12-23 50704]
S3 PsSdk30;PsSdk30;c:\windows\System32\drivers\PsSdk3 0.drv [2009-03-05 22528]
S3 RDID1009;EDIROL UM-1;c:\windows\System32\drivers\Rdwm1009.sys [2008-12-30 56832]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-02-17 7408]
S3 XDva190;XDva190;c:\windows\System32\XDva190.sys [2008-09-03 46720]
S4 AutoSyncService;Memeo AutoSync ;c:\program files\Memeo\AutoSync\MemeoService.exe [2007-07-06 31768]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\F]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-2-5-91-100000658-100004814-100013302-2210.com f:\
\shell\Open\command - RECYCLER\S-2-5-91-100000658-100004814-100013302-2210.com f:\

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\H]
\shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{45874d27-27fa-11dd-9411-001b2430930b}]
\shell\AutoRun\command - G:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{45874d4e-27fa-11dd-9411-001b2430930b}]
\shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{d17fa6b5-7a0f-11dd-b7f6-001b2430930b}]
\shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{d17fa7cc-7a0f-11dd-b7f6-001b2430930b}]
\shell\AutoRun\command - H:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2009-03-23 c:\windows\Tasks\User_Feed_Synchronization-{D358B560-0EF6-4865-B491-8AA1A92023FD}.job
- c:\windows\system32\msfeedssync.exe [2008-01-19 03:33]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Aim6 - (no file)
HKCU-Run-AdobeBridge - (no file)
HKLM-RunOnce-<NO NAME> - (no file)
MSConfigStartUp-6c24ff16 - c:\users\THEKID~1\AppData\Local\Temp\stybwsvx.dll
MSConfigStartUp-AntiMalwareProMFCT - c:\program files\AdwarePro\StartApp.exe
MSConfigStartUp-AVG8_TRAY - c:\progra~1\AVG\AVG8\avgtray.exe
MSConfigStartUp-Host Process - c:\users\The Kids\svchost.exe
MSConfigStartUp-MS Juan - c:\users\THEKID~1\AppData\Local\Temp\ccxedxjw.dll
MSConfigStartUp-MSServer - c:\users\THEKID~1\AppData\Local\Temp\mlJApPIb.dll


.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1576177
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion &pf=laptop
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\The Kids\AppData\Roaming\Mozilla\Firefox\Profiles\ykgx ezp7.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\Mozilla Firefox\components\coFFPlgn.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nptgeqplugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\programdata\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\users\The Kids\AppData\Roaming\Mozilla\Firefox\Profiles\ykgx ezp7.default\extensions\iaplayer@instantaction.com \plugins\npiaplayer.dll
.

************************************************** ************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-23 21:57:56
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(2504)
c:\windows\System32\NLSData0009.dll
c:\windows\system32\BatMeter.dll
.
Completion time: 2009-03-23 22:01:50
ComboFix-quarantined-files.txt 2009-03-24 02:01:33

Pre-Run: 24,030,859,264 bytes free
Post-Run: 23,999,025,152 bytes free

396 --- E O F --- 2009-03-21 07:15:32
Reply With Quote
  #14 (permalink)   Top
Old 24th March 2009, 02:08 AM
evilfantasy's Avatar
Security Team
  
Join Date: Dec 2007, 2,555 posts.
Location: Tulsa, OK
Reputation: evilfantasy will become famous soon enoughevilfantasy will become famous soon enough
Quote:
c:\program files\WinPcap
Did you install this?
__________________
.

ƃolq s’ʎsɐʇuɐɟlıʌǝ
Reply With Quote
  #15 (permalink)   Top
Old 24th March 2009, 02:15 AM
live4tenors's Avatar
Newcomer
  
Join Date: Mar 2009, 26 posts.
Reputation: live4tenors is on a distinguished road
Yes i did.
Reply With Quote
  #16 (permalink)   Top
Old 24th March 2009, 02:25 AM
evilfantasy's Avatar
Security Team
  
Join Date: Dec 2007, 2,555 posts.
Location: Tulsa, OK
Reputation: evilfantasy will become famous soon enoughevilfantasy will become famous soon enough
Go to Add/Remove Programs and uninstall:

Viewpoint Media Player

----------

Download the OTMoveIt3 by OldTimer

Note: If you are running on Vista, right-click on OTMoveIt3.exe and choose Run As Administrator.

* Save it to your Desktop.
* Double-click OTMoveIt3.exe to run it.
* Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy)

Code:
:Processes
explorer.exe

:services
Viewpoint Manager Service

:reg
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]

:files
c:\program files\Viewpoint

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
* Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
* Click the red Moveit! button.
* Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTMoveIt3

Note: If a file or folder cannot be moved immediately you may be asked to reboot your computer in order to finish the move process. If asked to reboot, choose Yes.
__________________
.

ƃolq s’ʎsɐʇuɐɟlıʌǝ
Reply With Quote
  #17 (permalink)   Top
Old 24th March 2009, 02:48 AM
live4tenors's Avatar
Newcomer
  
Join Date: Mar 2009, 26 posts.
Reputation: live4tenors is on a distinguished road
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
Service\Driver Viewpoint Manager Service not found.
Service\Driver Viewpoint Manager Service not found.
========== REGISTRY ==========
========== FILES ==========
File/Folder c:\program files\Viewpoint not found.
========== COMMANDS ==========
File delete failed. C:\Users\THEKID~1\AppData\Local\Temp\ehmsas.txt scheduled to be deleted on reboot.
File delete failed. C:\Users\THEKID~1\AppData\Local\Temp\etilqs_OOmTbc 1soKN1YQy8xNuz scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.a
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
File delete failed. C:\Users\The Kids\AppData\Local\Mozilla\Firefox\Profiles\ykgxez p7.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Users\The Kids\AppData\Local\Mozilla\Firefox\Profiles\ykgxez p7.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Users\The Kids\AppData\Local\Mozilla\Firefox\Profiles\ykgxez p7.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Users\The Kids\AppData\Local\Mozilla\Firefox\Profiles\ykgxez p7.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Users\The Kids\AppData\Local\Mozilla\Firefox\Profiles\ykgxez p7.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Users\The Kids\AppData\Local\Mozilla\Firefox\Profiles\ykgxez p7.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.9.0 log created on 03232009_224002

Files moved on Reboot...
C:\Users\THEKID~1\AppData\Local\Temp\ehmsas.txt moved successfully.
File C:\Users\THEKID~1\AppData\Local\Temp\etilqs_OOmTbc 1soKN1YQy8xNuz not found!
C:\Users\The Kids\AppData\Local\Mozilla\Firefox\Profiles\ykgxez p7.default\Cache\_CACHE_001_ moved successfully.
C:\Users\The Kids\AppData\Local\Mozilla\Firefox\Profiles\ykgxez p7.default\Cache\_CACHE_002_ moved successfully.
C:\Users\The Kids\AppData\Local\Mozilla\Firefox\Profiles\ykgxez p7.default\Cache\_CACHE_003_ moved successfully.
C:\Users\The Kids\AppData\Local\Mozilla\Firefox\Profiles\ykgxez p7.default\Cache\_CACHE_MAP_ moved successfully.
C:\Users\The Kids\AppData\Local\Mozilla\Firefox\Profiles\ykgxez p7.default\urlclassifier3.sqlite moved successfully.
C:\Users\The Kids\AppData\Local\Mozilla\Firefox\Profiles\ykgxez p7.default\XUL.mfl moved successfully.
Reply With Quote
  #18 (permalink)   Top
Old 24th March 2009, 02:55 AM
evilfantasy's Avatar
Security Team
  
Join Date: Dec 2007, 2,555 posts.
Location: Tulsa, OK
Reputation: evilfantasy will become famous soon enoughevilfantasy will become famous soon enough
Sorry missed one. You shouldn't have to restart this time.

Also let me know how the computer is running now.

Download the OTMoveIt3 by OldTimer

Note: If you are running on Vista, right-click on OTMoveIt3.exe and choose Run As Administrator.

* Save it to your Desktop.
* Double-click OTMoveIt3.exe to run it.
* Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy)

Code:
:Processes
explorer.exe

:reg
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]

:Commands
[start explorer]
* Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
* Click the red Moveit! button.
* Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTMoveIt3

Note: If a file or folder cannot be moved immediately you may be asked to reboot your computer in order to finish the move process.
__________________
.

ƃolq s’ʎsɐʇuɐɟlıʌǝ
Reply With Quote
  #19 (permalink)   Top
Old 24th March 2009, 03:01 AM
live4tenors's Avatar
Newcomer
  
Join Date: Mar 2009, 26 posts.
Reputation: live4tenors is on a distinguished road
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\F\\ deleted successfully.
========== COMMANDS ==========
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.9.0 log created on 03232009_230048



the computer seems to be running better now. the CPU usage has stayed at a relatively consistent rate and has stayed fairly low. i have not tried to run any major programs yet, however, so the system hasnt been put to the full test yet.
Reply With Quote
  #20 (permalink)   Top
Old 24th March 2009, 03:05 AM
evilfantasy's Avatar
Security Team
  
Join Date: Dec 2007, 2,555 posts.
Location: Tulsa, OK
Reputation: evilfantasy will become famous soon enoughevilfantasy will become famous soon enough
OK lets clean up and then see how things are.

  • Click START then RUN
  • Now type Combofix /u in the runbox
  • Make sure there's a space between Combofix and /u
  • Then hit Enter.
.

The above procedure will:
  • Delete:
    • ComboFix and its associated files and folders.
    • VundoFix backups, if present
    • The C:\Deckard folder, if present
    • The C:_OtMoveIt folder, if present
  • Reset the clock settings.
  • Hide file extensions, if required.
  • Hide System/Hidden files, if required.
  • Set a new, clean Restore Point.


----------

1. Double click OTMoveIt3.exe to launch it.
Vista users right click and choose Run As Administrator
2. Click on the CleanUp! button.
3. OTMoveIt2 will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access.
4. Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?)
5. Once complete exit out of OTMoveIt3

----------

Use the Secunia Software Inspector to check for out of date software.
  • Click Start Now
  • Check the box next to Enable thorough system inspection.
  • Click Start
  • Allow the scan to finish and scroll down to see if any updates are needed.
  • Update anything listed.


----------

Go to Microsoft Windows Update and get all critical security updates. (you will need to use Internet Explorer to do this)

----------

Here are some great FREE tools to help you keep from getting infected again. These tools use little or no resources so won't slow down your PC.

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster - Secure your Internet Explorer to make it harder for these ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.
__________________
.

ƃolq s’ʎsɐʇuɐɟlıʌǝ
Reply With Quote
Reply
Page 1 of 2 1 2 >

Only registered members can participate in forum threads. You must register or log in to contribute.


« Previous Thread | Next Thread »
Thread Tools

Forum Jump


All times are GMT. The time now is 09:45 PM.

Contact Us - Tech Support Team - Terms of Service - Top


Member Login
Forgot Password?



Post A Question!
Useful Links
Main Menu
Home
Forum Rules
FAQ
About Us
Welcome Pack
Search the forums
TST Mobile
Contact Us
Send Message

These are the 8 most used thread tags
Tag Cloud
geforce modem monitor no ring response no signal nvidia soft modem win7
Copyright © Tech Support Team, Inc. All rights reserved.
TechSupportTeam.org is an Privacy Policy and Legal Powered by vBulletin® Copyright ©2000 - 2012, Jelsoft Enterprises Ltd.
SEO by vBSEO 3.2.0 ©2008, Crawlability, Inc.