Tech-101 Free Computer Support Tech-101 Free Computer Support

Home Forum FAQs Terms of Service
Go Back   Tech-101 Free Computer Support > Security > Virus and Malware Removal
Reload this Page google redirecting and randomn web pages open
Connect with Facebook
Register FAQDonate Members List Calendar Search Today's Posts Mark Forums Read


Reply
Page 1 of 2 1 2
 
LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 01-23-2010, 06:26 AM
Junior Member

  
Join Date: Jan 2010
Posts: 10
Default google redirecting and randomn web pages open
im struggling to get rid of whatever malware is causing my firefox brpwser to go to the wromg webpage when clicking on a google search result. also if i leave the internet connected several pages such as betting sites, other search engines even ebay open by themselves

i have comleted checks results below:

Malwarebytes' Anti-Malware 1.44
Database version: 3618
Windows 6.1.7600
Internet Explorer 8.0.7600.16385

23/01/2010 11:24:21
mbam-log-2010-01-23 (11-24-21).txt

Scan type: Full Scan (C:\|)
Objects scanned: 202919
Time elapsed: 38 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!twitterShare on Facebook
Reply With Quote
  #2 (permalink)  
Old 01-23-2010, 06:40 AM
Junior Member

  
Join Date: Jan 2010
Posts: 10
Default
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-23 11:38:30
Windows 6.1.7600
Running: tzrcl0uz.exe; Driver: C:\Users\SARAAN~1\AppData\Local\Temp\uxlciuob.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSShim.s ys ZwOpenProcess [0x9AE79620]
SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSShim.s ys ZwTerminateProcess [0x9AE796D0]
SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSShim.s ys ZwTerminateThread [0x9AE79770]
SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSShim.s ys ZwWriteVirtualMemory [0x9AE79810]

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E3CAF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E3C104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E3C3F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E252D8
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E24898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E3C1DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E3C958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E3C6F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E3CF2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E3D1A8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82A55579 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82A79F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 4E8 82A819E8 4 Bytes [20, 96, E7, 9A]
.text ntkrnlpa.exe!RtlSidHashLookup + 7B8 82A81CB8 8 Bytes [D0, 96, E7, 9A, 70, 97, E7, ...] {RCL BYTE [ESI-0x688f6519], 0x1; OUT 0x9a, EAX}
.text ntkrnlpa.exe!RtlSidHashLookup + 82C 82A81D2C 4 Bytes [10, 98, E7, 9A]
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8EE25340, 0x3EE217, 0xE8000020]
.text peauth.sys A3439C9D 28 Bytes [DE, AE, 95, 23, 4D, 98, 95, ...]
.text peauth.sys A3439CC1 28 Bytes [DE, AE, 95, 23, 4D, 98, 95, ...]

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\svchost.exe[712] ole32.dll!CoCreateInstance 762157FC 5 Bytes JMP 008C000A

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\system32\rundll32.exe[1388] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [759F5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1388] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [759F5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1388] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [759F5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1388] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [759F5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1388] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [759F5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1388] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [759F5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

Device -> \Driver\atapi \Device\Harddisk0\DR0 85973618

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Par ameters\Keys\001a6b71ee28
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Par ameters\Keys\001a6b71ee28@0017839f9f58 0x3C 0xB7 0xEE 0x6B ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Paramet ers\Keys\001a6b71ee28 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Paramet ers\Keys\001a6b71ee28@0017839f9f58 0x3C 0xB7 0xEE 0x6B ...

---- Files - GMER 1.0.15 ----

File C:\Windows\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!twitterShare on Facebook
Reply With Quote
  #3 (permalink)  
Old 01-23-2010, 06:52 AM
Junior Member

  
Join Date: Jan 2010
Posts: 10
Default
DDS (Ver_09-12-01.01) - NTFSx86
Run by sara and colin at 11:44:31.67 on 23/01/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_18
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.2046.812 [GMT 0:00]

SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\snuvcdsm.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Kontiki\KService.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\O2\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\sara and colin\Desktop\tzrcl0uz.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\explorer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\sara and colin\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Nero Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Nero Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
{555d4d79-4bd2-4094-a395-cfc534424a05}
uRun: [Google Update] "c:\users\sara and colin\appdata\local\google\update\GoogleUpdate.exe " /c
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [kdx] c:\program files\kontiki\KHost.exe -all
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [PLFSetL] c:\windows\PLFSetL.exe
mRun: [SNUVCDSM] c:\windows\snuvcdsm.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [kdx] "c:\program files\kontiki\KHost.exe" -all
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [O2] "c:\program files\o2\bin\sprtcmd.exe" /P O2
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [Corel Photo Downloader] "c:\program files\common files\corel\corel photodownloader\Corel Photo Downloader.exe" -startup
mRun: [Corel File Shell Monitor] c:\program files\corel\corel paint shop pro photo x2\CorelIOMonitor.exe
mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\users\saraan~1\appdata\roaming\micros~1\windows \startm~1\programs\startup\bbcipl~1.lnk - c:\program files\bbc iplayer desktop\BBC iPlayer Desktop.exe
StartupFolder: c:\users\saraan~1\appdata\roaming\micros~1\windows \startm~1\programs\startup\dropbox.lnk - c:\users\sara and colin\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\saraan~1\appdata\roaming\micros~1\windows \startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files\bonjour\ExplorerPlugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Trusted Zone: o2.co.uk\*.broadband
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
AppInit_DLLs: avgrsstx.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

================= FIREFOX ===================

FF - ProfilePath - c:\users\saraan~1\appdata\roaming\mozilla\firefox\ profiles\dwdzxd58.default\
FF - prefs.js: browser.startup.homepage - www.google.co.uk
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\users\sara and colin\appdata\local\google\update\1.2.183.13\npGoo gleOneClick8.dll
FF - plugin: c:\users\sara and colin\appdata\local\yahoo!\browserplus\2.4.21\plug ins\npybrowserplus_2.4.21.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 AVGIDSErHrw7x;AVG9IDSErHr;c:\windows\system32\driv ers\AVGIDSwx.sys [2010-1-21 25608]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\ avgrkx86.sys [2010-1-21 161800]
R1 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwd6x.sys [2010-1-21 24856]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-1-21 333192]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-1-21 28424]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-1-21 360584]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-12-16 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-12-16 74480]
R2 avg9emc;AVG E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-1-21 906520]
R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-1-21 285392]
R2 avgfws9;AVG Firewall;c:\program files\avg\avg9\avgfws9.exe [2010-1-21 2304192]
R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\avg\avg9\identity protection\agent\bin\AVGIDSAgent.exe [2010-1-21 5832712]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-1-7 1153368]
R2 sprtsvc_O2;SupportSoft Sprocket Service (O2);c:\program files\o2\bin\sprtsvc.exe [2007-6-7 202280]
R3 AVGIDSDriverw7x;AVG9IDSDriver;c:\program files\avg\avg9\identity protection\agent\driver\platform_win7\AVGIDSDriver .sys [2010-1-21 122376]
R3 AVGIDSFilterw7x;AVG9IDSFilter;c:\program files\avg\avg9\identity protection\agent\driver\platform_win7\AVGIDSFilter .sys [2010-1-21 30216]
R3 AVGIDSShimw7x;AVG9IDSShim;c:\program files\avg\avg9\identity protection\agent\driver\platform_win7\AVGIDSShim.s ys [2010-1-21 21208]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2009-10-6 6000640]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-12-16 7408]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VS TAZL3.SYS [2009-7-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VS TDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\driver s\VSTCNXT3.SYS [2009-7-13 661504]

=============== Created Last 30 ================

2010-01-23 11:41:58 0 d-----w- c:\programdata\Sun
2010-01-21 20:50:44 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-01-21 20:50:43 25608 ----a-w- c:\windows\system32\drivers\AVGIDSwx.sys
2010-01-21 20:50:43 161800 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-01-21 20:50:40 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-01-21 20:50:32 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-01-21 20:50:31 0 d-----w- c:\windows\system32\drivers\Avg
2010-01-21 20:50:12 24856 ----a-w- c:\windows\system32\drivers\avgfwd6x.sys
2010-01-21 19:12:50 977920 ----a-w- c:\windows\system32\wininet.dll
2010-01-21 17:00:51 0 d-----w- c:\users\saraan~1\appdata\roaming\Dropbox
2010-01-13 23:01:18 117140 ---ha-w- c:\windows\system32\mlfcache.dat
2010-01-13 04:00:58 70656 ----a-w- c:\windows\system32\fontsub.dll
2010-01-13 04:00:58 108544 ----a-w- c:\windows\system32\t2embed.dll
2010-01-10 04:46:22 235503430 ----a-w- c:\windows\MEMORY.DMP
2010-01-08 12:26:14 0 d--h--w- C:\$AVG
2010-01-08 12:25:49 0 d-----w- c:\program files\AVG
2010-01-08 12:25:48 0 d-----w- c:\programdata\avg9
2010-01-07 21:25:17 0 dc-h--w- c:\programdata\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-01-07 20:26:43 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-01-07 20:26:43 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-01-07 17:40:50 0 d-----w- c:\program files\ABC Amber LIT Converter
2010-01-07 17:31:15 0 d-----w- c:\program files\Stanza
2010-01-02 09:15:59 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2010-01-02 09:15:20 0 d-----w- c:\program files\SUPERAntiSpyware
2010-01-02 09:15:19 0 d-----w- c:\users\saraan~1\appdata\roaming\SUPERAntiSpyware .com
2009-12-31 06:14:27 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-12-29 09:12:49 0 d-----w- C:\Kontiki
2009-12-28 20:23:06 0 d-----w- c:\users\saraan~1\appdata\roaming\Malwarebytes
2009-12-28 20:22:53 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-28 20:22:50 0 d-----w- c:\programdata\Malwarebytes
2009-12-28 20:22:49 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-28 20:22:49 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-27 21:13:00 0 d-----w- c:\program files\Panda Security
2009-12-26 17:28:22 110 ----a-w- c:\windows\{7E7D778E-121D-4BBD-BA29-FAA81B9FBD8C}_WiseFW.ini
2009-12-26 17:27:48 0 d-----w- c:\program files\common files\Wise Installation Wizard
2009-12-26 17:25:44 0 d-----w- c:\programdata\Leapfrog
2009-12-26 17:25:44 0 d-----w- c:\program files\LeapFrog

==================== Find3M ====================

2010-01-01 02:10:24 21584 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-12-19 10:10:44 2828 --sha-w- c:\programdata\KGyGaAvL.sys
2009-12-19 10:10:41 88 --sh--r- c:\programdata\0F469E427B.sys
2009-12-17 21:33:13 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-12-17 17:14:00 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-13 21:35:14 23128 ----a-w- c:\windows\hpqins15.dat
2009-11-02 20:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 07:22:37 2048 ----a-w- c:\windows\system32\tzres.dll
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb 108c86c\WinMail.exe

============= FINISH: 11:50:50.91 ===============
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!twitterShare on Facebook
Reply With Quote
  #4 (permalink)  
Old 01-25-2010, 07:06 PM
Bobbye's Avatar
Site Admin

  
Join Date: Dec 2008
Posts: 895
Default
fraggle, I'll start you off by having you run Combofix: you will have to disable your security while running it. I notice that you have Spybot S&D so make sure Tea Timer is disabled:
  • Right click the TeaTimer icon in the system Tray
  • Then click Exit Spybot-S&D Resident
  • (One you are clean you can restart TeaTimer by going to C:\Program Files\Spybot - Search & Destroy, and double clicking on TeaTimer.exe

Please download ComboFix HERE:
  • With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it.

    Important! Save the renamed download to your desktop.
  • Please disable all security programs, such as antiviruses, antispywares, and firewalls. Also disable your internet connection.
  • Double click on the setup file on the desktop to run
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
  • When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    (Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.)
  • Query- Recovery Console image
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a log.Please include the C:\ComboFix.txt in your next reply.

Notes:
  • 1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Please leave the Combofix report in your next reply.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!twitterShare on Facebook
Reply With Quote
  #5 (permalink)  
Old 01-26-2010, 07:51 AM
Junior Member

  
Join Date: Jan 2010
Posts: 10
Default
ComboFix 10-01-25.06 - sara and colin 26/01/2010 12:32:37.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.2046.598 [GMT 0:00]
Running from: c:\users\sara and colin\Desktop\Combo-Fix.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
.

((((((((((((((((((((((((( Files Created from 2009-12-26 to 2010-01-26 )))))))))))))))))))))))))))))))
.

2010-01-26 12:43 . 2010-01-26 12:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-26 12:28 . 2010-01-26 12:29 -------- d-----w- C:\32788R22FWJFW
2010-01-23 11:41 . 2010-01-23 11:41 -------- d-----w- c:\program files\Common Files\Java
2010-01-23 10:44 . 2010-01-23 10:44 5115824 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-21 20:50 . 2010-01-21 20:50 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-01-21 20:50 . 2010-01-21 20:50 25608 ----a-w- c:\windows\system32\drivers\AVGIDSwx.sys
2010-01-21 20:50 . 2010-01-21 20:50 161800 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-01-21 20:50 . 2010-01-21 20:50 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-01-21 20:50 . 2010-01-21 20:50 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-01-21 20:50 . 2010-01-21 20:50 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-01-21 20:50 . 2010-01-26 09:37 -------- d-----w- c:\windows\system32\drivers\Avg
2010-01-21 20:50 . 2010-01-21 20:50 24856 ----a-w- c:\windows\system32\drivers\avgfwd6x.sys
2010-01-21 19:12 . 2009-12-19 09:02 977920 ----a-w- c:\windows\system32\wininet.dll
2010-01-21 17:01 . 2010-01-21 17:01 89854 ----a-w- c:\users\sara and colin\AppData\Roaming\Dropbox\bin\Uninstall.exe
2010-01-21 17:00 . 2010-01-25 07:15 -------- d-----w- c:\users\sara and colin\AppData\Roaming\Dropbox
2010-01-19 08:06 . 2010-01-08 12:25 1260312 ----a-w- c:\programdata\avg9\update\backup\avgfrw.exe
2010-01-13 23:01 . 2010-01-13 23:01 117140 ---ha-w- c:\windows\system32\mlfcache.dat
2010-01-13 04:00 . 2009-10-19 14:10 108544 ----a-w- c:\windows\system32\t2embed.dll
2010-01-13 04:00 . 2009-10-19 14:10 70656 ----a-w- c:\windows\system32\fontsub.dll
2010-01-11 14:34 . 2009-05-22 05:12 121344 ----a-w- c:\programdata\HP\Installer\Temp\hpqrrx08.exe
2010-01-11 14:31 . 2009-07-31 22:02 1710392 ------w- c:\programdata\HP\Installer\Temp\hpzmsi01.exe
2010-01-11 14:31 . 2007-08-13 20:50 319984 ------w- c:\programdata\HP\Installer\Temp\difxapi.dll
2010-01-11 14:31 . 2009-07-31 22:02 1639224 ------w- c:\programdata\HP\Installer\Temp\hpzscr01.EXE
2010-01-10 19:34 . 2010-01-10 19:34 -------- d-----w- c:\users\sara and colin\AppData\Local\Apple
2010-01-10 06:02 . 2010-01-10 06:02 -------- d-----w- c:\users\sara and colin\AppData\Roaming\HPAppData
2010-01-08 16:44 . 2010-01-08 16:44 3776280 ----a-w- c:\programdata\avg9\update\backup\setup.exe
2010-01-08 16:44 . 2010-01-08 12:25 4043032 ----a-w- c:\programdata\avg9\update\backup\avgui.exe
2010-01-08 16:44 . 2010-01-08 12:25 2033432 ----a-w- c:\programdata\avg9\update\backup\avgtray.exe
2010-01-08 16:44 . 2010-01-08 12:25 916248 ----a-w- c:\programdata\avg9\update\backup\avgcfgx.dll
2010-01-08 16:44 . 2010-01-08 12:25 2352920 ----a-w- c:\programdata\avg9\update\backup\avgresf.dll
2010-01-08 16:44 . 2010-01-08 16:44 3966744 ----a-w- c:\programdata\avg9\update\backup\avgcorex.dll
2010-01-08 12:26 . 2010-01-08 12:51 -------- d-----w- C:\$AVG
2010-01-08 12:25 . 2010-01-08 12:25 -------- d-----w- c:\program files\AVG
2010-01-08 12:25 . 2010-01-26 12:12 -------- d-----w- c:\programdata\avg9
2010-01-08 11:53 . 2010-01-08 11:53 98304 ----a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{48758421-6FFC-1894-5CE1-A14C112C9E3A}-nssdbm3.dll
2010-01-07 21:25 . 2010-01-07 21:25 -------- dc-h--w- c:\programdata\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-01-07 20:26 . 2010-01-07 20:35 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-01-07 20:26 . 2010-01-07 20:34 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-07 17:40 . 2010-01-07 17:42 -------- d-----w- c:\program files\ABC Amber LIT Converter
2010-01-07 17:31 . 2010-01-07 17:31 -------- d-----w- c:\program files\Stanza
2010-01-07 17:18 . 2010-01-07 17:18 108341 ----a-w- c:\users\sara and colin\AppData\Roaming\Macromedia\Flash Player\http://www.macromedia.com\bin\digita...aleditions.exe
2010-01-05 07:53 . 2010-01-14 18:04 -------- d-----w- c:\users\sara and colin\AppData\Local\Adobe
2010-01-02 16:19 . 2010-01-24 18:26 -------- d-----w- c:\users\sara and colin\AppData\Local\Apple Computer
2010-01-02 09:16 . 2010-01-07 18:24 52224 ----a-w- c:\users\sara and colin\AppData\Roaming\SUPERAntiSpyware.com\SUPERAn tiSpyware\SDDLLS\SD10005.dll
2010-01-02 09:16 . 2010-01-21 22:58 117760 ----a-w- c:\users\sara and colin\AppData\Roaming\SUPERAntiSpyware.com\SUPERAn tiSpyware\SDDLLS\UIREPAIR.DLL
2010-01-02 09:15 . 2010-01-02 09:15 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-01-02 09:15 . 2010-01-07 18:25 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-01-02 09:15 . 2010-01-02 09:15 -------- d-----w- c:\users\sara and colin\AppData\Roaming\SUPERAntiSpyware.com
2010-01-01 22:28 . 2010-01-01 22:28 -------- d-----w- c:\windows\Sun
2009-12-31 06:14 . 2009-12-31 06:14 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-12-31 00:48 . 2009-12-31 00:48 21968784 ----a-w- c:\users\sara and colin\AppData\Roaming\Dropbox\bin\Dropbox.exe
2009-12-30 00:48 . 2009-12-30 00:48 255264 ----a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{54D72DC9-D43D-E00C-7507-0625D4D14AB7}-uninst.exe
2009-12-30 00:48 . 2009-12-30 00:48 2299256 ----a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{9BFBDCE9-A247-4F72-9687-7D83D03BAE71}-StylePlugin_Shell_EnglishUS.dll
2009-12-30 00:48 . 2009-12-30 00:48 1594656 ----a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{24A83AB2-D52B-8653-8A85-182525C0148B}-StylePlugin_Common_EnglishUS.dll
2009-12-30 00:48 . 2009-12-30 00:48 6067552 ----a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{E7A18B04-4480-28C7-3DCA-881F024AFC4A}-UPCUpdater.exe
2009-12-29 09:58 . 2009-12-29 09:58 388096 ----a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{CA93E081-9228-9913-FAE6-6D4AABC56871}-HiJackThis.exe
2009-12-29 09:31 . 2009-12-29 09:31 -------- d-----w- c:\users\sara and colin\AppData\Local\Downloaded Installations
2009-12-29 09:12 . 2010-01-14 03:20 -------- d-----w- C:\Kontiki
2009-12-28 20:23 . 2009-12-28 20:23 -------- d-----w- c:\users\sara and colin\AppData\Roaming\Malwarebytes
2009-12-28 20:22 . 2010-01-07 16:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-28 20:22 . 2009-12-28 20:22 -------- d-----w- c:\programdata\Malwarebytes
2009-12-28 20:22 . 2010-01-23 10:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-28 20:22 . 2010-01-07 16:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-28 20:12 . 2009-12-28 21:25 38784 ----a-w- c:\users\sara and colin\AppData\Roaming\Macromedia\Flash Player\http://www.macromedia.com\bin\airapp...pinstaller.exe
2009-12-27 21:13 . 2009-12-29 10:28 -------- d-----w- c:\program files\Panda Security

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-01-26 12:45 . 2009-10-31 00:40 -------- d-----w- c:\programdata\Kontiki
2010-01-26 12:39 . 2009-10-26 01:00 -------- d-----w- c:\users\sara and colin\AppData\Roaming\Skype
2010-01-26 09:32 . 2009-10-26 01:01 -------- d-----w- c:\users\sara and colin\AppData\Roaming\skypePM
2010-01-23 11:41 . 2009-10-26 14:43 -------- d-----w- c:\program files\Java
2010-01-21 20:43 . 2009-10-26 00:56 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-14 17:14 . 2009-11-21 19:43 1 ----a-w- c:\users\sara and colin\AppData\Roaming\OpenOffice.org\3\user\uno_pa ckages\cache\stamp.sys
2010-01-11 18:52 . 2009-10-26 00:52 61736 ----a-w- c:\users\sara and colin\AppData\Local\GDIPFONTCACHEV1.DAT
2010-01-11 14:36 . 2009-10-26 07:29 -------- d-----w- c:\programdata\HP
2010-01-11 14:34 . 2009-10-26 07:31 -------- d-----w- c:\program files\HP
2010-01-10 13:22 . 2009-12-08 14:19 -------- d-----w- c:\users\sara and colin\AppData\Roaming\Spotify
2010-01-07 20:11 . 2009-10-31 00:11 -------- d-----w- c:\users\sara and colin\AppData\Roaming\uTorrent
2010-01-07 17:31 . 2009-11-03 15:26 -------- d-----w- c:\program files\Bonjour
2010-01-02 09:14 . 2009-12-26 17:27 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-01 02:10 . 2009-07-13 23:11 21584 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-12-30 10:56 . 2009-12-15 13:55 -------- d-----w- c:\users\sara and colin\AppData\Roaming\Nero
2009-12-29 10:29 . 2009-12-17 15:06 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-12-29 10:07 . 2009-12-17 14:43 -------- d-----w- c:\programdata\Lavasoft
2009-12-28 21:26 . 2009-10-31 00:26 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-12-28 21:25 . 2009-10-31 00:26 38784 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\http://www.macromedia.com\bin\airapp...pinstaller.exe
2009-12-26 17:40 . 2009-12-26 17:40 3106632 ----a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{80E5DCC5-FF36-D559-AEA7-649C8E86BA02}-MyPalsPlugin.exe
2009-12-26 17:40 . 2009-12-26 17:40 28696928 ----a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{A28F508B-3638-72D1-98BB-B968FF63B27A}-UPCInstaller.exe
2009-12-26 17:30 . 2009-12-26 17:30 8152416 ----a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{E4BA45F3-EF80-2974-D7D4-CFF44C3269A6}-LeapFrogConnectSetup_MyPals.exe
2009-12-26 17:28 . 2009-12-26 17:25 -------- d-----w- c:\program files\LeapFrog
2009-12-26 17:27 . 2009-12-26 17:27 28696928 ----a-w- c:\programdata\Leapfrog\LeapFrog Connect\Updates\UPCInstaller.exe
2009-12-26 17:26 . 2009-12-26 17:26 3106632 ----a-w- c:\programdata\Leapfrog\LeapFrog Connect\Updates\MyPalsPlugin.exe
2009-12-26 17:25 . 2009-12-26 17:25 -------- d-----w- c:\programdata\Leapfrog
2009-12-19 10:10 . 2009-12-17 22:16 2828 --sha-w- c:\programdata\KGyGaAvL.sys
2009-12-19 10:10 . 2009-12-17 22:16 2828 --sha-w- c:\programdata\KGyGaAvL.sys
2009-12-19 10:10 . 2009-12-17 22:16 88 --sh--r- c:\programdata\0F469E427B.sys
2009-12-19 10:10 . 2009-12-17 22:16 88 --sh--r- c:\programdata\0F469E427B.sys
2009-12-17 22:16 . 2009-12-17 22:16 -------- d-----w- c:\users\sara and colin\AppData\Roaming\Corel
2009-12-17 22:15 . 2009-12-17 22:10 -------- d-----w- c:\programdata\Corel
2009-12-17 22:12 . 2009-12-17 22:10 -------- d-----w- c:\program files\Common Files\Corel
2009-12-17 22:10 . 2009-12-17 22:10 -------- d-----w- c:\program files\Common Files\Protexis
2009-12-17 22:10 . 2009-12-17 21:20 -------- d-----w- c:\program files\Corel
2009-12-17 22:05 . 2009-12-17 22:05 -------- d-----w- c:\users\sara and colin\AppData\Roaming\InstallShield
2009-12-17 21:36 . 2009-12-17 21:36 -------- d-----w- c:\program files\Photobie
2009-12-17 21:33 . 2009-12-17 21:21 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-12-17 21:27 . 2009-12-17 21:27 8 --sh--r- c:\windows\system32\0F469E427B.sys
2009-12-17 21:27 . 2009-12-17 21:27 -------- d-----w- c:\programdata\InstallShield
2009-12-17 21:26 . 2009-12-17 21:19 -------- d-----w- c:\program files\Common Files\InstallShield
2009-12-17 17:14 . 2009-10-26 14:43 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-17 15:06 . 2009-12-17 15:06 -------- d-----w- c:\program files\Google
2009-12-17 14:43 . 2009-12-17 14:43 -------- d-----w- c:\program files\Lavasoft
2009-12-16 12:28 . 2009-12-16 12:28 -------- d-----w- c:\program files\Ask.com
2009-12-16 12:12 . 2009-12-15 13:35 -------- d-----w- c:\program files\Common Files\Nero
2009-12-16 12:12 . 2009-12-15 13:35 -------- d-----w- c:\programdata\Nero
2009-12-15 21:05 . 2009-12-14 21:26 -------- d-----w- c:\users\sara and colin\AppData\Roaming\DeepBurner
2009-12-15 13:55 . 2009-12-15 13:55 -------- d-----w- c:\programdata\LightScribe
2009-12-15 13:48 . 2009-12-15 13:36 -------- d-----w- c:\program files\Nero
2009-12-15 13:33 . 2009-12-15 12:59 -------- d-----w- c:\program files\Common Files\LightScribe
2009-12-14 21:39 . 2009-12-14 21:31 -------- d-----w- c:\users\sara and colin\AppData\Roaming\InfraRecorder
2009-12-14 21:29 . 2009-12-14 21:26 -------- d-----w- c:\program files\Astonsoft
2009-12-09 01:19 . 2009-12-09 01:19 94208 ----a-w- c:\users\sara and colin\AppData\Roaming\Dropbox\bin\DropboxExt.13.dl l
2009-12-08 14:19 . 2009-12-08 14:19 -------- d-----w- c:\program files\Spotify
2009-12-04 00:20 . 2009-12-04 00:20 -------- d-----w- c:\program files\O2_Installer
2009-11-13 21:35 . 2009-11-13 21:33 23128 ----a-w- c:\windows\hpqins15.dat
2009-11-09 21:01 . 2009-11-09 21:01 247296 ----a-w- c:\users\sara and colin\AppData\Roaming\SystemRequirementsLab\SRLPro xy_srl_4_0_11_0_d_ind.dll
2009-11-09 21:01 . 2009-11-09 21:01 247296 ----a-w- c:\users\sara and colin\AppData\Roaming\SystemRequirementsLab\SRLPro xy_srl_4_0_11_0_c_ind.dll
2009-11-09 21:01 . 2009-11-09 21:01 247296 ----a-w- c:\users\sara and colin\AppData\Roaming\SystemRequirementsLab\SRLPro xy_srl_4_0_11_0_b_ind.dll
2009-11-09 21:01 . 2009-11-09 21:01 247296 ----a-w- c:\users\sara and colin\AppData\Roaming\SystemRequirementsLab\SRLPro xy_srl_4_0_11_0_a_ind.dll
2009-11-02 20:42 . 2009-10-26 00:36 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 07:22 . 2009-11-25 05:54 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-28 20:58 . 2009-10-28 20:58 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb 108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-09-30 1182088]

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-09-30 10:40 1182088 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-09-30 1182088]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-09-30 1182088]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Dr opboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\sara and colin\AppData\Roaming\Dropbox\bin\DropboxExt.13.dl l

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Dr opboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\sara and colin\AppData\Roaming\Dropbox\bin\DropboxExt.13.dl l

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Dr opboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\sara and colin\AppData\Roaming\Dropbox\bin\DropboxExt.13.dl l

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Google Update"="c:\users\sara and colin\AppData\Local\Google\Update\GoogleUpdate.exe " [2009-10-26 133104]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"kdx"="c:\program files\Kontiki\KHost.exe" [2008-10-21 1032640]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-08-20 2363392]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-01-07 2002160]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyN ot.exe" [2009-07-14 354304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"PLFSetL"="c:\windows\PLFSetL.exe" [2008-07-03 94208]
"SNUVCDSM"="c:\windows\snuvcdsm.exe" [2009-08-10 27184]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-06 13605408]
"NvMediaCenter"="c:\windows\system32\NvMcTray. dll" [2009-03-06 92704]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"kdx"="c:\program files\Kontiki\KHost.exe" [2008-10-21 1032640]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-28 141600]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"Corel Photo Downloader"="c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2009-01-21 532808]
"Corel File Shell Monitor"="c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2009-01-21 16712]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2009-11-10 443728]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-01-21 2033432]

c:\users\sara and colin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
BBC iPlayer Desktop.lnk - c:\program files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe [2009-10-31 95232]
Dropbox.lnk - c:\users\sara and colin\AppData\Roaming\Dropbox\bin\Dropbox.exe [2009-12-31 21968784]
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dl l

R0 AVGIDSErHrw7x;AVG9IDSErHr;c:\windows\System32\driv ers\AVGIDSwx.sys [21/01/2010 20:50 25608]
R0 AvgRkx86;avgrkx86.sys;c:\windows\System32\drivers\ avgrkx86.sys [21/01/2010 20:50 161800]
R1 Avgfwfd;AVG network filter service;c:\windows\System32\drivers\avgfwd6x.sys [21/01/2010 20:50 24856]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [21/01/2010 20:50 333192]
R1 AvgTdiX;AVG Network Redirector;c:\windows\System32\drivers\avgtdix.sys [21/01/2010 20:50 360584]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [16/12/2009 16:26 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [16/12/2009 16:26 74480]
R2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [21/01/2010 20:50 906520]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [21/01/2010 20:50 285392]
R2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [21/01/2010 20:50 2304192]
R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [21/01/2010 20:50 5832712]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [07/01/2010 20:26 1153368]
R2 sprtsvc_O2;SupportSoft Sprocket Service (O2);c:\program files\O2\bin\sprtsvc.exe [07/06/2007 16:19 202280]
R3 AVGIDSDriverw7x;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSDriver .sys [21/01/2010 20:50 122376]
R3 AVGIDSFilterw7x;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSFilter .sys [21/01/2010 20:50 30216]
R3 AVGIDSShimw7x;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSShim.s ys [21/01/2010 20:50 21208]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [06/10/2009 18:24 6000640]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [16/12/2009 16:27 7408]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\System32\drivers\VS TAZL3.SYS [13/07/2009 22:13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\System32\drivers\VS TDPV3.SYS [13/07/2009 22:13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\System32\driver s\VSTCNXT3.SYS [13/07/2009 22:13 661504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 13:24 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-01-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1453059496-972163168-1849049770-1000Core.job
- c:\users\sara and colin\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-26 00:50]

2010-01-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1453059496-972163168-1849049770-1000UA.job
- c:\users\sara and colin\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-26 00:50]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: o2.co.uk\*.broadband
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - ProfilePath - c:\users\sara and colin\AppData\Roaming\Mozilla\Firefox\Profiles\dwd zxd58.default\
FF - prefs.js: browser.startup.homepage - www.google.co.uk
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\users\sara and colin\AppData\Local\Google\Update\1.2.183.13\npGoo gleOneClick8.dll
FF - plugin: c:\users\sara and colin\AppData\Local\Yahoo!\BrowserPlus\2.4.21\Plug ins\npybrowserplus_2.4.21.dll
.

************************************************** ************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x85973618]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
IoDeviceObjectType -> DumpProcedure -> 0x66626353
SecurityProcedure -> 0xffffffff
QueryNameProcedure -> 0xffffffff
user & kernel MBR OK

************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PC W\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(968)
c:\users\sara and colin\AppData\Roaming\Dropbox\bin\DropboxExt.13.dl l
.
Completion time: 2010-01-26 12:49:35
ComboFix-quarantined-files.txt 2010-01-26 12:49

Pre-Run: 48,058,388,480 bytes free
Post-Run: 48,040,230,912 bytes free

- - End Of File - - 590D8E0D5CA32983419DAB5E0F32A57A
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!twitterShare on Facebook
Reply With Quote
  #6 (permalink)  
Old 02-01-2010, 04:40 AM
Junior Member

  
Join Date: Jan 2010
Posts: 10
Default
any one? getting to point where i will have to reinstall windows thanks
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!twitterShare on Facebook
Reply With Quote
  #7 (permalink)  
Old 02-01-2010, 12:26 PM
Bobbye's Avatar
Site Admin

  
Join Date: Dec 2008
Posts: 895
Default
I am so sorry! I didn't get the email feedback that you had left the report. I've asked kritius to check it. He can write the code for any further removals and that will be quicker.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!twitterShare on Facebook
Reply With Quote
  #8 (permalink)  
Old 02-08-2010, 09:33 AM
Junior Member

  
Join Date: Jan 2010
Posts: 10
Default
hi again, this issue now a lot worse and im gettting lodsa website opening and warnings of tracking cookies all the time can this be cured or am i better off reinstalling windows?
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!twitterShare on Facebook
Reply With Quote
  #9 (permalink)  
Old 02-08-2010, 11:34 AM
jobeard's Avatar
Site Admin

  
Join Date: Dec 2008
Location: Southern Calif.
Posts: 1,176
Default
The file KGyGaAvL.sys is from Divx and contains CODEC filters.
This is a possible attack vector and as there ar multiple means to display most stuff, I would obliterate ALL DIVX files.
__________________
J. O. Beard; you + tech-101.com => synergism. Secure your system now
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!twitterShare on Facebook
Reply With Quote
  #10 (permalink)  
Old 02-08-2010, 12:10 PM
Junior Member

  
Join Date: Jan 2010
Posts: 10
Default
Quote:
Originally Posted by jobeard View Post
The file KGyGaAvL.sys is from Divx and contains CODEC filters.
This is a possible attack vector and as there ar multiple means to display most stuff, I would obliterate ALL DIVX files.
is there an easy way of doing this? will this get rid of the infection?
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!twitterShare on Facebook
Reply With Quote
Reply
Page 1 of 2 1 2

« Previous Thread | Next Thread »
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


All times are GMT -4. The time now is 06:55 AM.

Copyright © 2009 Tech-101.com. All rights reserved.

About Us - Privacy Policy - Contact Us - Tech-101 Free Computer Support - Archive - Terms of Service - Top
Tech-101 Free Computer Support Tech-101 Free Computer Support