|
|
|
|||||||
| Notices |
 |
|
|
Thread Tools | Display Modes |
16-05-2009, 11:40 PM
|
#651 |
|
Newbie
Join Date: May 2009
Posts: 5
Thanks: 1
Thanked 0 Times in 0 Posts
Rep Power: 0
 OS:
|
Re: Cannot access Antivirus Sites/Google/Avast etc.
Very Very thank you Mr.Bakuryu...Although The Problem resurfaced after my first restart,After I used the ComboFix (As instructed by you) now all are working and now i can have access to all the antivirus websites...Very Very Thanks..I have no words to express my gratitude towards you...Once again thanks..You are gr8...
|
|
|
|
17-05-2009, 12:48 PM
|
#652 |
|
Newbie
Join Date: May 2009
Age: 18
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
Rep Power: 0
OS:
|
Re: Cannot access Antivirus Sites/Google/Avast etc.
I have the same problem. I can't open any antivirus site, microsoft website, cannot update antivirus.
Moreover, there is one more problem, something is constantly uploading whenever i connect to internet. When I do netstat -an I get something like, Code:
Microsoft Windows XP [Version 5.1.2600] (C) Copyright 1985-2001 Microsoft Corp. C:\>netstat -an Active Connections Proto Local Address Foreign Address State TCP 0.0.0.0:135 0.0.0.0:0 LISTENING TCP 0.0.0.0:445 0.0.0.0:0 LISTENING TCP 0.0.0.0:2276 0.0.0.0:0 LISTENING TCP 59.95.178.141:2369 115.28.119.99:445 FIN_WAIT_1 TCP 59.95.178.141:2370 66.51.17.107:445 TIME_WAIT TCP 59.95.178.141:3688 147.55.26.48:445 SYN_SENT TCP 59.95.178.141:3689 66.81.160.74:445 SYN_SENT TCP 59.95.178.141:3690 91.1.167.35:445 SYN_SENT TCP 59.95.178.141:3691 129.32.89.37:445 SYN_SENT TCP 59.95.178.141:3692 121.87.88.45:445 SYN_SENT TCP 59.95.178.141:3693 91.114.108.85:445 SYN_SENT TCP 59.95.178.141:3694 87.80.186.41:445 SYN_SENT TCP 59.95.178.141:3695 117.105.254.126:445 SYN_SENT TCP 59.95.178.141:3696 198.55.192.23:445 SYN_SENT TCP 59.95.178.141:3697 57.111.248.12:445 SYN_SENT TCP 59.95.178.141:3698 171.109.245.65:445 SYN_SENT TCP 59.95.178.141:3699 113.99.98.29:445 SYN_SENT TCP 59.95.178.141:3700 91.88.163.94:445 SYN_SENT TCP 59.95.178.141:3701 62.83.103.15:445 SYN_SENT TCP 59.95.178.141:3702 184.100.223.2:445 SYN_SENT TCP 59.95.178.141:3704 204.87.53.59:445 SYN_SENT TCP 59.95.178.141:3705 161.62.24.3:445 SYN_SENT TCP 59.95.178.141:3706 27.48.173.27:445 SYN_SENT TCP 59.95.178.141:3707 96.92.80.74:445 SYN_SENT TCP 59.95.178.141:3708 103.17.153.35:445 SYN_SENT TCP 59.95.178.141:3709 53.9.26.70:445 SYN_SENT TCP 59.95.178.141:3710 16.63.131.5:445 SYN_SENT TCP 59.95.178.141:3711 184.105.239.73:445 SYN_SENT TCP 59.95.178.141:3712 64.34.42.42:445 SYN_SENT TCP 59.95.178.141:3713 208.49.53.115:445 SYN_SENT TCP 59.95.178.141:3714 26.43.238.59:445 SYN_SENT TCP 59.95.178.141:3715 144.55.8.2:445 SYN_SENT TCP 59.95.178.141:3716 194.15.18.37:445 SYN_SENT TCP 59.95.178.141:3717 48.60.246.122:445 SYN_SENT TCP 59.95.178.141:3718 90.104.71.122:445 SYN_SENT TCP 59.95.178.141:3719 156.22.196.96:445 SYN_SENT TCP 59.95.178.141:3720 152.90.105.99:445 SYN_SENT TCP 59.95.178.141:3721 106.21.252.46:445 SYN_SENT TCP 59.95.178.141:3722 118.50.212.69:445 SYN_SENT TCP 59.95.178.141:3723 208.108.200.55:445 SYN_SENT TCP 59.95.178.141:3724 123.66.66.111:445 SYN_SENT TCP 59.95.178.141:3725 189.18.13.91:445 SYN_SENT TCP 59.95.178.141:3726 66.63.170.83:445 SYN_SENT TCP 59.95.178.141:3727 22.72.57.58:445 SYN_SENT TCP 59.95.178.141:3728 122.59.98.10:445 SYN_SENT TCP 59.95.178.141:3729 147.84.16.77:445 SYN_SENT TCP 59.95.178.141:3730 136.97.140.94:445 SYN_SENT TCP 59.95.178.141:3731 75.36.188.97:445 SYN_SENT TCP 59.95.178.141:3732 64.53.126.84:445 SYN_SENT TCP 59.95.178.141:3733 109.1.252.9:445 SYN_SENT TCP 59.95.178.141:3734 136.29.200.95:445 SYN_SENT TCP 59.95.178.141:3735 95.69.242.57:445 SYN_SENT TCP 59.95.178.141:3736 148.71.249.110:445 SYN_SENT TCP 59.95.178.141:3737 160.80.227.16:445 SYN_SENT TCP 59.95.178.141:3738 64.126.40.59:445 SYN_SENT TCP 59.95.178.141:3739 29.40.91.2:445 SYN_SENT TCP 59.95.178.141:3740 134.77.33.96:445 SYN_SENT TCP 59.95.178.141:3741 25.71.157.78:445 SYN_SENT TCP 59.95.178.141:3742 67.120.160.121:445 SYN_SENT TCP 59.95.178.141:3743 207.30.40.53:445 SYN_SENT TCP 59.95.178.141:3744 181.121.37.72:445 SYN_SENT TCP 59.95.178.141:3745 105.77.195.72:445 SYN_SENT TCP 59.95.178.141:3746 218.108.242.67:445 SYN_SENT TCP 59.95.178.141:3747 126.114.55.11:445 SYN_SENT TCP 59.95.178.141:3748 58.83.90.37:445 SYN_SENT TCP 59.95.178.141:3749 202.82.47.21:445 SYN_SENT TCP 59.95.178.141:3750 185.60.240.23:445 SYN_SENT TCP 59.95.178.141:3751 221.41.161.66:445 SYN_SENT TCP 59.95.178.141:3752 118.18.154.123:445 SYN_SENT TCP 59.95.178.141:3753 112.97.125.112:445 SYN_SENT TCP 59.95.178.141:3754 172.2.117.39:445 SYN_SENT TCP 59.95.178.141:3755 37.118.45.42:445 SYN_SENT TCP 59.95.178.141:3756 19.121.191.66:445 SYN_SENT TCP 59.95.178.141:3757 46.96.188.51:445 SYN_SENT TCP 59.95.178.141:3758 70.53.113.2:445 SYN_SENT TCP 59.95.178.141:3759 32.53.223.74:445 SYN_SENT TCP 59.95.178.141:3760 141.118.72.6:445 SYN_SENT TCP 59.95.178.141:3761 13.28.92.64:445 SYN_SENT TCP 59.95.178.141:3762 29.102.200.116:445 SYN_SENT TCP 59.95.178.141:3763 218.124.178.118:445 SYN_SENT TCP 59.95.178.141:3764 215.122.174.100:445 SYN_SENT TCP 59.95.178.141:3765 169.73.239.56:445 SYN_SENT TCP 59.95.178.141:3766 92.85.220.15:445 SYN_SENT TCP 59.95.178.141:3767 68.48.165.70:445 SYN_SENT TCP 59.95.178.141:3768 63.65.203.111:445 SYN_SENT TCP 59.95.178.141:3769 201.15.66.73:445 SYN_SENT TCP 59.95.178.141:3770 44.62.128.24:445 SYN_SENT TCP 59.95.178.141:3771 79.66.167.48:445 SYN_SENT TCP 59.95.178.141:3772 160.85.69.4:445 SYN_SENT TCP 59.95.178.141:3773 45.31.128.42:445 SYN_SENT TCP 59.95.178.141:3774 69.50.17.115:445 SYN_SENT TCP 59.95.178.141:3775 18.53.166.104:445 SYN_SENT TCP 59.95.178.141:3776 197.34.205.67:445 SYN_SENT TCP 59.95.178.141:3777 138.71.156.93:445 SYN_SENT TCP 59.95.178.141:3778 120.21.44.35:445 SYN_SENT TCP 59.95.178.141:3779 113.60.205.12:445 SYN_SENT TCP 59.95.178.141:3780 93.45.122.86:445 SYN_SENT TCP 59.95.178.141:3781 214.104.179.69:445 SYN_SENT TCP 59.95.178.141:3782 220.120.209.14:445 SYN_SENT TCP 59.95.178.141:3783 52.30.205.31:445 SYN_SENT TCP 59.95.178.141:3784 210.2.134.101:445 SYN_SENT TCP 59.95.178.141:3785 157.111.184.85:445 SYN_SENT TCP 59.95.178.141:3786 192.36.39.64:445 SYN_SENT TCP 59.95.178.141:3787 25.119.96.37:445 SYN_SENT TCP 127.0.0.1:1026 0.0.0.0:0 LISTENING TCP 127.0.0.1:3566 127.0.0.1:3567 ESTABLISHED TCP 127.0.0.1:3567 127.0.0.1:3566 ESTABLISHED TCP 127.0.0.1:3624 127.0.0.1:3625 ESTABLISHED TCP 127.0.0.1:3625 127.0.0.1:3624 ESTABLISHED TCP 192.168.1.59:139 0.0.0.0:0 LISTENING UDP 0.0.0.0:445 *:* UDP 0.0.0.0:500 *:* UDP 0.0.0.0:1034 *:* UDP 0.0.0.0:1059 *:* UDP 0.0.0.0:1304 *:* UDP 0.0.0.0:1305 *:* UDP 0.0.0.0:1306 *:* UDP 0.0.0.0:1307 *:* UDP 0.0.0.0:1308 *:* UDP 0.0.0.0:1309 *:* UDP 0.0.0.0:4046 *:* UDP 0.0.0.0:4500 *:* UDP 0.0.0.0:4910 *:* UDP 59.95.178.141:123 *:* UDP 59.95.178.141:1900 *:* UDP 127.0.0.1:123 *:* UDP 127.0.0.1:1900 *:* UDP 192.168.1.59:123 *:* UDP 192.168.1.59:137 *:* UDP 192.168.1.59:138 *:* UDP 192.168.1.59:1900 *:* C:\> Code:
Here is HijackThis log : [quote]Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:44:21 AM, on 5/17/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Internet Download Manager\IEMonitor.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\netstat.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O15 - Trusted IP range: http://192.168.1.1 O15 - ESC Trusted IP range: http://192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{30C923B2-0E30-48AB-9CA1-F5972A73EC24}: NameServer = 218.248.240.208 218.248.240.135 O17 - HKLM\System\CCS\Services\Tcpip\..\{47702F2C-EA5D-4BD6-B273-0FDCEBA00A3F}: NameServer = 208.67.222.222,208.67.220.220 -- End of file - 3267 bytes |
|
|
|
|
17-05-2009, 06:08 PM
|
#653 | |
|
ƒ(ψ)=ΘΊΧφ
 
Join Date: May 2006
Location: India
Age: 23
Posts: 6,621
Thanks: 19
Thanked 645 Times in 603 Posts
Rep Power: 87
  OS:
 |
Re: Cannot access Antivirus Sites/Google/Avast etc.
Your HijackThis log file looks ok.
First check this: Conficker Eye Chart Quote:
If that still doesn't fix run ComboFix and post ComboFix log file.
__________________
Please don't click here |
|
|
|
|
|
17-05-2009, 07:26 PM
|
#654 |
|
Newbie
Join Date: May 2009
Age: 18
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
Rep Power: 0
OS:
|
Re: Cannot access Antivirus Sites/Google/Avast etc.
Thanks a lot. It solved the problem.
Code:
Symantec W32.Downadup Removal Tool 1.1.0.7 process: svchost.exe, thread: 000001DC (terminated) process: svchost.exe, thread: 00000774 (terminated) process: svchost.exe, thread: 000000E4 (terminated) process: svchost.exe, thread: 000000FC (terminated) process: svchost.exe, thread: 000000F8 (terminated) process: svchost.exe, thread: 00000518 (terminated) process: svchost.exe, thread: 000007A4 (terminated) process: svchost.exe, thread: 0000094C (terminated) process: svchost.exe (terminated) C:\WINDOWS\system32\rgqnkin.dll: W32.Downadup.B (unrepairable) (deleted) registry: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Applets: dl (value deleted) registry: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Applets: ds (value deleted) registry: HKLM\System\CurrentControlSet\Services\Tcpip\Parameters: TcpNumConnections (value deleted) registry: HKLM\system\CurrentControlSet\Services\BITS: Start (value set to 0x00000003 (3)) registry: HKLM\system\CurrentControlSet\Services\wuauserv: Start (value set to 0x00000002 (2)) W32.Downadup has been successfully removed from your computer! Here is the report: The total number of the scanned files: 55749 The number of deleted threat files: 1 The number of threat processes terminated: 1 The number of threat threads terminated: 8 The number of registry entries fixed: 5 The tool initiated a system reboot.  |
|
|
|
|
20-05-2009, 09:37 PM
|
#655 |
|
Newbie
Join Date: May 2009
Posts: 5
Thanks: 1
Thanked 0 Times in 0 Posts
Rep Power: 0
OS:
|
Re: Cannot access Antivirus Sites/Google/Avast etc.
Dear Sir,
I am sorry to interrupt you again...I got the same problem for accessing the antivirus websites..I cannot access any antivirus websites or update it..Help me once more please......   My Hijackthis log file is given below... Code:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:22:54 PM, on 5/20/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20733)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
D:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
D:\WINDOWS\Explorer.EXE
C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
C:\Program Files\Alcohol 52\StarWind\StarWindService.exe
D:\WINDOWS\system32\svchost.exe
C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\NCLAUNCH.EXe
D:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
D:\Program Files\Internet Download Manager\IDMan.exe
D:\WINDOWS\system32\msiexec.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
D:\WINDOWS\system32\CF562.exe
D:\ComboFix\pv.cfexe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: cyber10 Toolbar - {09e8076c-66db-4976-896c-be391e7ee0c0} - D:\Program Files\cyber10\tbcybe.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MSOFFI~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: TweakMASTER PRO Component - {7DAAC7DE-9EF0-4FF0-BFA5-AFF3E899054C} - C:\PROGRA~1\TWEAKM~1\TweakBHO.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - D:\Program Files\Styler\TB\StylerTB.dll
O3 - Toolbar: cyber10 Toolbar - {09e8076c-66db-4976-896c-be391e7ee0c0} - D:\Program Files\cyber10\tbcybe.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [NCLaunch] D:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s
O4 - HKCU\..\Run: [IDMan] D:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: Add to &LinkFox - res://C:\PROGRA~1\TWEAKM~1\TweakBHO.dll/IESCRIPT
O8 - Extra context menu item: Download all links with IDM - D:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - D:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - D:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MSOFFI~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send by Bluetooth - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
O8 - Extra context menu item: Send via &Message... - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MSOFFI~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MSOFFI~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MSOFFI~1\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\WINDOWS\system32\skype4com.dll
O20 - Winlogon Notify: avgrsstarter - D:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: BlueSoleilCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: BsHelpCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: BsMobileCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
O23 - Service: ServiceLayer - Nokia. - D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol 52\StarWind\StarWindService.exe
--
End of file - 6447 bytes
Code:
ComboFix 09-05-15.08 - HhAaNnLlYy 05/20/2009 20:23.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1271.818 [GMT -7:00]
Running from: l:\backups\Antivirus & Security\ComboFix.exe
AV: AVG Anti-Virus *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((( Files Created from 2009-04-21 to 2009-05-21 )))))))))))))))))))))))))))))))
.
2009-05-21 03:20 . 2009-05-21 03:21 11952 ----a-w d:\windows\system32\avgrsstx.dll
2009-05-21 03:20 . 2009-05-21 03:21 12552 ----a-w d:\windows\system32\drivers\avgrkx86.sys
2009-05-21 03:20 . 2009-05-21 03:21 108552 ----a-w d:\windows\system32\drivers\avgtdix.sys
2009-05-21 03:19 . 2009-05-21 03:19 -------- d-----w d:\windows\system32\drivers\Avg
2009-05-21 03:19 . 2009-05-21 03:21 325896 ----a-w d:\windows\system32\drivers\avgldx86.sys
2009-05-21 03:15 . 2009-05-21 03:21 -------- d-----w d:\documents and settings\All Users\Application Data\Avg8
2009-05-19 07:28 . 2009-05-19 07:28 -------- d-----w d:\documents and settings\HhAaNnLlYy\Local Settings\Application Data\Help
2009-05-18 11:53 . 2009-05-19 19:53 -------- d-----w d:\documents and settings\HhAaNnLlYy\Application Data\TeraCopy
2009-05-17 05:08 . 2009-05-17 05:08 -------- d-----w d:\windows\system32\xircom
2009-05-17 05:08 . 2009-05-17 05:08 -------- d-----w d:\program files\microsoft frontpage
2009-05-13 05:00 . 2009-05-13 05:00 -------- d-----w d:\documents and settings\HhAaNnLlYy\Application Data\Notepad++
2009-05-09 06:27 . 2009-03-19 20:48 8320 ----a-w d:\windows\system32\drivers\nmwcdnsuc.sys
2009-05-09 06:27 . 2009-03-19 20:48 136704 ----a-w d:\windows\system32\drivers\nmwcdnsu.sys
2009-05-09 06:27 . 2009-02-09 14:37 7808 ----a-w d:\windows\system32\drivers\usbser_lowerflt.sys
2009-05-09 06:27 . 2009-02-09 14:37 22016 ----a-w d:\windows\system32\drivers\ccdcmbo.sys
2009-05-09 06:27 . 2009-02-09 14:37 17664 ----a-w d:\windows\system32\drivers\ccdcmb.sys
2009-05-09 06:27 . 2009-02-09 14:37 659968 ----a-w d:\windows\system32\nmwcdcocls.dll
2009-05-09 06:27 . 2009-02-09 14:32 1112288 ----a-w d:\windows\system32\wdfcoinstaller01007.dll
2009-05-08 18:10 . 2007-12-27 00:30 1970176 ----a-w d:\windows\system32\d3dx9.dll
2009-05-08 18:10 . 2007-12-27 00:30 679936 ----a-w d:\windows\system32\D3DX81ab.dll
2009-05-08 04:49 . 2009-05-08 04:49 -------- d-----w d:\documents and settings\HhAaNnLlYy\Application Data\URSoft
2009-05-07 04:08 . 2009-05-07 04:08 -------- d-----w d:\documents and settings\HhAaNnLlYy\Local Settings\Application Data\bluesoleil
2009-05-07 00:48 . 2009-05-07 00:48 -------- d-----w d:\documents and settings\HhAaNnLlYy\Application Data\Media Player Classic
2009-05-01 01:15 . 2009-05-01 01:15 -------- d-----w d:\program files\Common Files\System-G
2009-04-27 05:07 . 2003-04-24 05:29 32768 ----a-w d:\windows\system32\udaprop.dll
2009-04-27 05:07 . 2003-11-27 09:52 1454080 ----a-w d:\windows\system\SmWizard.exe
2009-04-27 05:07 . 2004-01-08 04:37 812416 ----a-w d:\windows\system32\drivers\cmuda.sys
2009-04-27 05:07 . 2004-01-12 06:01 151552 ----a-w d:\windows\system32\cmuda.dll
2009-04-27 05:07 . 2003-08-20 10:46 233472 ----a-w d:\windows\system32\cmirmdrv.exe
2009-04-27 05:07 . 2003-02-18 10:26 28672 ----a-w d:\windows\system32\cmirmdrv.dll
2009-04-27 05:07 . 2002-04-29 07:04 917504 ----a-w d:\windows\system\cmids3d.dll
2009-04-27 05:07 . 2001-11-23 04:08 712704 ----a-w d:\windows\system32\Audio3D.dll
2009-04-27 04:54 . 2009-05-11 21:20 -------- d-----w d:\windows\system32\ivtMobCache
2009-04-27 04:54 . 2009-04-27 04:54 -------- d-----w d:\documents and settings\HhAaNnLlYy\Local Settings\Application Data\BlueSoleil Dialer
2009-04-26 14:22 . 2009-05-08 19:36 -------- d-----w d:\documents and settings\All Users\Application Data\SeekappSrch
2009-04-26 14:22 . 2009-05-08 23:36 -------- d-----w d:\program files\SeekappSrch
2009-04-26 07:07 . 2009-04-26 07:07 993360 ----a-w d:\windows\Don't Touch My Computer 2.scr
2009-04-26 05:39 . 2009-04-26 05:39 146 ----a-w d:\windows\DelMR.bat
2009-04-26 04:54 . 2009-04-26 04:54 -------- d-----w d:\program files\Common Files\SWF Studio
2009-04-26 04:54 . 2009-04-26 07:04 40960 ----a-w d:\windows\NCLAUNCH.EXe
2009-04-26 04:54 . 2009-04-26 07:07 45056 ----a-w d:\windows\NCUNINST.EXe
2009-04-26 04:54 . 2009-04-26 04:54 -------- d-----w d:\program files\NCBuy
2009-04-26 01:38 . 2009-05-07 05:47 -------- d-----w d:\documents and settings\HhAaNnLlYy\Tracing
2009-04-25 23:46 . 2009-05-10 06:21 -------- d-----w d:\program files\Common Files\Stardock
2009-04-25 23:45 . 2009-04-25 23:46 -------- d-----w d:\program files\Java
2009-04-25 23:42 . 2009-04-25 23:42 -------- d-sh--w d:\documents and settings\LocalService.NT AUTHORITY
2009-04-25 16:20 . 2009-04-28 02:42 -------- d--h--w d:\documents and settings\Default User.WINDOWS.0
2009-04-24 07:14 . 2009-04-24 07:14 -------- d-----w d:\documents and settings\HhAaNnLlYy\Application Data\GRETECH
2009-04-24 05:31 . 2009-04-24 05:31 -------- d-----w d:\program files\Common Files\Windows Live
2009-04-23 02:08 . 2009-04-26 01:57 -------- d-----w d:\documents and settings\HhAaNnLlYy\Local Settings\Application Data\Identities
2009-04-22 06:03 . 2008-04-26 23:14 42672 ------w d:\windows\system32\wbsys.dll
2009-04-22 05:10 . 2009-04-22 05:10 -------- d-----w d:\documents and settings\HhAaNnLlYy\Application Data\Launchy
2009-04-22 04:55 . 2009-04-22 04:55 -------- d-----w d:\documents and settings\HhAaNnLlYy\Local Settings\Application Data\RapidShare_
2009-04-22 04:33 . 2009-04-22 04:33 -------- d-----w d:\documents and settings\LocalService\Local Settings\Application Data\Mozilla
2009-04-22 02:17 . 2009-04-22 02:17 -------- d-----w d:\windows\Icons
2009-04-22 02:17 . 2009-04-22 02:17 -------- d-----w d:\documents and settings\HhAaNnLlYy\Application Data\FileSubmit
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-13 02:22 . 2009-03-05 15:19 -------- d-----w d:\program files\Common Files\Adobe
2009-05-13 02:08 . 2009-03-07 02:49 -------- d-----w d:\program files\Opera
2009-05-09 06:27 . 2009-03-12 03:01 -------- d-----w d:\program files\Nokia
2009-05-09 06:26 . 2009-04-19 14:06 -------- d-----w d:\program files\Common Files\Nokia
2009-05-07 05:16 . 2009-04-02 04:50 75008 ----a-w d:\windows\system32\GDIPFONTCACHEV1.DAT
2009-04-27 06:51 . 2009-03-12 03:57 -------- d--h--w d:\program files\InstallShield Installation Information
2009-04-27 05:07 . 2009-03-05 09:26 -------- d-----w d:\program files\C-Media 3D Audio
2009-04-26 05:39 . 2009-03-12 03:56 -------- d-----w d:\program files\Common Files\InstallShield
2009-04-25 23:47 . 2009-03-05 08:53 -------- d-----w d:\program files\Windows Sidebar
2009-04-25 23:33 . 2009-03-05 08:54 -------- d-----w d:\program files\VistaExperience.org
2009-04-25 23:32 . 2009-03-05 08:52 -------- d-----w d:\program files\Unlocker
2009-04-25 23:32 . 2009-03-05 08:53 -------- d-----w d:\program files\LClock
2009-04-25 23:31 . 2009-03-05 08:52 -------- d-----w d:\program files\HashTab Shell Extension
2009-04-25 23:31 . 2009-03-05 08:52 -------- d-----w d:\program files\Microsoft PowerToys
2009-04-19 18:47 . 2009-04-19 18:44 664 ----a-w d:\windows\system32\d3d9caps.dat
2009-04-19 16:42 . 2009-04-19 16:42 0 ---ha-w d:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-04-19 16:42 . 2009-04-19 16:42 0 ---ha-w d:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-04-19 14:06 . 2009-04-19 14:06 -------- d-----w d:\program files\Common Files\PCSuite
2009-04-18 05:46 . 2009-04-18 05:46 -------- d-----w d:\program files\DU Meter
2009-04-18 05:01 . 2009-03-25 02:42 -------- d-----w d:\program files\Microsoft Expression
2009-04-05 18:20 . 2009-03-05 09:11 -------- d-----w d:\program files\Windows Media Connect 2
2009-04-04 06:13 . 2009-04-04 06:13 -------- d-----w d:\program files\Stardock
2009-04-01 22:16 . 2009-04-01 22:16 129536 ----a-w d:\windows\system32\IJL15.dll
2009-03-30 05:58 . 2008-01-10 21:34 218624 ----a-w d:\windows\system32\uxtheme.dll
2009-03-26 06:21 . 2009-03-26 06:21 -------- d-----w d:\program files\Common Files\Wise Installation Wizard
2009-03-10 04:51 . 2009-03-10 04:51 223128 ----a-w d:\windows\system32\drivers\vaxscsi.sys
2009-03-10 04:39 . 2009-03-10 04:39 611064 ----a-w d:\windows\system32\drivers\sptd.sys
2009-03-05 10:02 . 2009-03-05 10:02 0 ----a-w d:\windows\nsreg.dat
2009-03-05 09:03 . 2009-03-05 09:03 68936 ----a-w d:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-03-05 08:56 . 2009-03-05 08:56 21640 ----a-w d:\windows\system32\emptyregdb.dat
2009-02-27 23:45 . 2009-02-27 23:45 9728 ----a-w d:\windows\system32\BsMonUI.dll
2009-02-27 23:45 . 2009-02-27 23:45 18432 ----a-w d:\windows\system32\BsMonSvr.dll
2009-02-27 23:45 . 2009-02-27 23:45 405589 ----a-w d:\windows\system32\BsUI.dll
2009-02-27 23:45 . 2009-02-27 23:45 57430 ----a-w d:\windows\system32\btfunc.dll
2009-02-27 23:44 . 2009-02-27 23:44 278647 ----a-w d:\windows\system32\outlookAddin.dll
2009-02-27 23:44 . 2009-02-27 23:44 53248 ----a-w d:\windows\system32\HtmPrintHelper.dll
2009-02-27 23:44 . 2009-02-27 23:44 114774 ----a-w d:\windows\system32\versit.dll
2009-02-27 23:44 . 2009-02-27 23:44 622693 ----a-w d:\windows\system32\BSShell.dll
2009-02-27 23:43 . 2009-02-27 23:43 557142 ----a-w d:\windows\system32\Bscdlg.dll
2009-02-27 23:43 . 2009-02-27 23:43 114788 ----a-w d:\windows\system32\BsProfileFunc.dll
2009-02-27 23:43 . 2009-02-27 23:43 151642 ----a-w d:\windows\system32\BsCommon.dll
2009-02-27 23:43 . 2009-02-27 23:43 94314 ----a-w d:\windows\system32\BsHelpCSps.dll
2009-02-27 23:43 . 2009-02-27 23:43 553075 ----a-w d:\windows\system32\BlueSoleilCSps.dll
2009-02-27 23:41 . 2009-02-27 23:41 28766 ----a-w d:\windows\system32\PlayerCtrl.dll
2009-02-27 23:41 . 2009-02-27 23:41 98403 ----a-w d:\windows\system32\Bs2Res.dll
2009-02-27 23:41 . 2009-02-27 23:41 241748 ----a-w d:\windows\system32\BsSDK.dll
2009-02-27 23:41 . 2009-02-27 23:41 122976 ----a-w d:\windows\system32\BsMobileSDK.dll
2009-02-27 23:40 . 2009-02-27 23:40 28672 ----a-w d:\windows\system32\BsMobileCSps.dll
2009-02-27 23:40 . 2009-02-27 23:40 28760 ----a-w d:\windows\system32\BsTrace.dll
2008-03-12 10:42 . 2009-04-25 23:45 67696 ----a-w d:\program files\mozilla firefox\components\jar50.dll
2008-03-12 10:42 . 2009-04-25 23:45 54376 ----a-w d:\program files\mozilla firefox\components\jsd3250.dll
2008-03-12 10:42 . 2009-04-25 23:45 34952 ----a-w d:\program files\mozilla firefox\components\myspell.dll
2008-03-12 10:42 . 2009-04-25 23:45 46720 ----a-w d:\program files\mozilla firefox\components\spellchk.dll
2008-03-12 10:42 . 2009-04-25 23:45 172144 ----a-w d:\program files\mozilla firefox\components\xpinstal.dll
2008-03-21 07:36 . 2008-03-21 07:36 160464 --sha-r d:\windows\system32\jpebt.dll
.
------- Sigcheck -------
[-] 2008-04-07 15:03 361344 A3C3D568108AD955870B288769F9C97D d:\windows\system32\drivers\tcpip.sys
[-] 2008-04-04 20:48 2350208 56313F4D281F6770783A918474539594 d:\windows\system32\ntoskrnl.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-05-17_05.09.58 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-21 03:17 . 2009-05-21 03:17 16384 d:\windows\Temp\Perflib_Perfdata_168.dat
+ 2009-05-21 03:19 . 2009-05-21 03:21 27784 d:\windows\system32\drivers\avgmfx86.sys
- 2009-03-05 10:09 . 2009-05-01 04:21 27784 d:\windows\system32\drivers\avgmfx86.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{09e8076c-66db-4976-896c-be391e7ee0c0}]
2008-09-15 14:47 1784856 ----a-w d:\program files\cyber10\tbcybe.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{09e8076c-66db-4976-896c-be391e7ee0c0}"= "d:\program files\cyber10\tbcybe.dll" [2008-09-15 1784856]
[HKEY_CLASSES_ROOT\clsid\{09e8076c-66db-4976-896c-be391e7ee0c0}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{09E8076C-66DB-4976-896C-BE391E7EE0C0}"= "d:\program files\cyber10\tbcybe.dll" [2008-09-15 1784856]
[HKEY_CLASSES_ROOT\clsid\{09e8076c-66db-4976-896c-be391e7ee0c0}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NCLaunch"="d:\windows\NCLAUNCH.EXe" [2009-04-26 40960]
"ctfmon.exe"="d:\windows\system32\ctfmon.exe" [2008-03-21 15360]
"Uniblue SpeedUpMyPC"="c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe" [2007-08-16 9495832]
"IDMan"="d:\program files\Internet Download Manager\IDMan.exe" [2008-08-03 931248]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-21 1261336]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
"nltide_3"="advpack.dll" - d:\windows\system32\advpack.dll [2008-04-07 124928]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-21 03:21 11952 ----a-w d:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck xmnt2002 /bat=d:\windows\TEMP\PQ_BATCH.PQB /win=d:\windows /dbg=d:\WINDOWS\TEMP\PQ_DEBUG.TXT /ver=262144 /prd=PartitionMagic\0autocheck autochk *\0lsdelete
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Launchy.lnk]
path=d:\documents and settings\All Users\Start Menu\Programs\Startup\Launchy.lnk
backup=d:\windows\pss\Launchy.lnkCommon Startup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\MS OFFICE 2007\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\MS OFFICE 2007\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\MS OFFICE 2007\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6780:TCP"= 6780:TCP:thtjzar
R0 AvgRkx86;avgrkx86.sys;d:\windows\system32\drivers\avgrkx86.sys [5/20/2009 8:20 PM 12552]
R0 BtHidBus;Bluetooth HID Bus Service;d:\windows\system32\drivers\BtHidBus.sys [1/7/2009 11:39 PM 20744]
R1 AvgLdx86;AVG AVI Loader Driver x86;d:\windows\system32\drivers\avgldx86.sys [5/20/2009 8:19 PM 325896]
R1 AvgTdiX;AVG8 Network Redirector;d:\windows\system32\drivers\avgtdix.sys [5/20/2009 8:20 PM 108552]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [5/20/2009 8:19 PM 874776]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [5/20/2009 8:19 PM 231704]
R2 BsMobileCS;BsMobileCS;c:\program files\IVT Corporation\BlueSoleil\BsMobileCS.exe [2/27/2009 4:40 PM 143467]
R3 btnetBUs;Bluetooth PAN Bus Service;d:\windows\system32\drivers\btnetBus.sys [12/7/2008 12:44 PM 30088]
R3 IvtBtBUs;IVT Bluetooth Bus Service;d:\windows\system32\drivers\IvtBtBus.sys [7/2/2008 2:58 PM 26248]
R3 td_cbus;TELSON USB Composite Device driver (WDM);d:\windows\system32\drivers\td_cbus.sys [3/5/2009 2:59 AM 51040]
R3 td_cmdfl;TELSON Handset Filter;d:\windows\system32\drivers\td_cmdfl.sys [3/5/2009 3:00 AM 6032]
R3 td_cmdm;TELSON Handset Drivers;d:\windows\system32\drivers\td_cmdm.sys [3/5/2009 3:00 AM 82608]
R3 td_cserd;TELSON Handset Diagnostic Serial Port (WDM);d:\windows\system32\drivers\td_cserd.sys [3/5/2009 3:01 AM 64064]
S2 enkqgmi;System Boot;d:\windows\system32\svchost.exe -k netsvcs [3/21/2008 12:36 AM 14336]
S2 nntvbvk;Update Shell;d:\windows\system32\svchost.exe -k netsvcs [3/21/2008 12:36 AM 14336]
S2 yscmfhafz;jpsvhqm;d:\windows\system32\svchost.exe -k netsvcs [3/21/2008 12:36 AM 14336]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;d:\windows\system32\drivers\nmwcdnsu.sys [5/8/2009 11:27 PM 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;d:\windows\system32\drivers\nmwcdnsuc.sys [5/8/2009 11:27 PM 8320]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - AVG8EMC
*NewlyCreated* - AVG8WD
*NewlyCreated* - AVGLDX86
*NewlyCreated* - AVGMFX86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
enkqgmi
yscmfhafz
nntvbvk
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
RUNDLL32 advpack.dll,LaunchINFSection Sidebar.inf,Register
.
Contents of the 'Scheduled Tasks' folder
2009-05-17 d:\windows\Tasks\Uniblue SpyEraser.job
- c:\program files\Uniblue\SpyEraser\SpyEraser.exe [2009-05-17 16:03]
2009-05-21 d:\windows\Tasks\User_Feed_Synchronization-{27791226-1365-413F-BE55-C4605C965C51}.job
- d:\windows\system32\msfeedssync.exe [2009-03-05 02:36]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = hxxp://www.microsoft.com
mWindow Title = Microsoft Internet Explorer
IE: Add to &LinkFox - c:\progra~1\TWEAKM~1\TweakBHO.dll/IESCRIPT
IE: Download all links with IDM - d:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - d:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - d:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MSOFFI~1\Office12\EXCEL.EXE/3000
IE: Send by Bluetooth - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
IE: Send via &Message... - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
FF - ProfilePath - d:\documents and settings\HhAaNnLlYy\Application Data\Mozilla\Firefox\Profiles\xa121yrk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/Result***t.aspx?ctid=CT1017851&SearchSource=3&q={searchTerms}
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/Result***t.aspx?ctid=CT1017851&SearchSource=2&q=
FF - component: d:\documents and settings\HhAaNnLlYy\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
FF - component: d:\documents and settings\HhAaNnLlYy\Application Data\Mozilla\Firefox\Profiles\xa121yrk.default\extensions\{4095394d-e948-456a-8ad1-19ba354dbc75}\components\FFExternalAlert.dll
FF - plugin: c:\program files\Adobe\Reader 9.0\Reader\browser\nppdf32.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-20 20:24
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\enkqgmi]
"ServiceDll"="d:\windows\system32\jpebt.dll"
--
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\nntvbvk]
"ServiceDll"="d:\windows\system32\jpebt.dll"
--
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\yscmfhafz]
"ServiceDll"="d:\windows\system32\jpebt.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-2025429265-1035525444-1606980848-1009\Software\Microsoft\Windows\CurrentVersion\Explorer\Clsid]
@Denied: (Full) (LocalSystem)
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0233141f-d41b-4289-a7ec-a8d945527281}]
@Denied: (Full) (Everyone)
"Model"=dword:00000089
"Therad"=dword:00000011
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):f9,bf,87,2e,a2,e2,a0,2c,37,a0,3a,11,50,86,ff,8b,8e,3a,e9,35,a0,
d7,e6,5f,be,31,75,18,3d,3a,fc,84,71,84,86,b9,ba,f3,a1,ce,00,00,00,00,00,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(1636)
d:\windows\system32\msi.dll
d:\windows\system32\WPDShServiceObj.dll
d:\windows\system32\PortableDeviceTypes.dll
d:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-05-21 20:26
ComboFix-quarantined-files.txt 2009-05-21 03:26
ComboFix2.txt 2009-05-21 03:11
Pre-Run: 1,460,883,456 bytes free
Post-Run: 1,451,089,920 bytes free
279
|
|
|
|
|
23-05-2009, 06:20 PM
|
#656 | |
|
ƒ(ψ)=ΘΊΧφ
Join Date: May 2006
Location: India
Age: 23
Posts: 6,621
Thanks: 19
Thanked 645 Times in 603 Posts
Rep Power: 87
OS:
|
Re: Cannot access Antivirus Sites/Google/Avast etc.
Disable System Restore
Fix the following entries in HijackThis : Quote:
Code:
File:: d:\windows\system32\jpebt.dll D:\WINDOWS\system32\CF562.exe Registry:: [-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\enkqgmi] [-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\nntvbvk] [-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\yscmfhafz] Code:
netsh firewall set opmode mode=ENABLE netsh firewall set portopening protocol=ALL port=6780 mode=DISABLE scope=ALL profile=CURRENT sc delete enkqgmi sc delete nntvbvk sc delete yscmfhafz find the value (in the right hand pane) named netsvcs (entries are not in alphabetical order), double click to edit, find the lines containing enkqgmi, yscmfhafz, nntvbvk (each line will contain one value, and they won't be in alphabetical order) and delete only those lines. Click OK and close the edit window and close regedit. Finally install this security update : http://www.microsoft.com/technet/sec.../MS08-067.mspx Reboot and check if you can access all sites. You can enable System Restore now. |
|
|
|
|
|
24-05-2009, 12:57 AM
|
#657 |
|
Newbie
Join Date: May 2009
Posts: 5
Thanks: 1
Thanked 0 Times in 0 Posts
Rep Power: 0
OS:
|
Re: Cannot access Antivirus Sites/Google/Avast etc.
It had solved the problem...But when i restarted,the problem resurfaced....Please help me once more......
 |
|
|
|
|
24-05-2009, 03:18 AM
|
#658 | |
|
ƒ(ψ)=ΘΊΧφ
Join Date: May 2006
Location: India
Age: 23
Posts: 6,621
Thanks: 19
Thanked 645 Times in 603 Posts
Rep Power: 87
OS:
|
Re: Cannot access Antivirus Sites/Google/Avast etc.
Did you install the security patch : http://www.microsoft.com/technet/sec.../MS08-067.mspx
First check this: Conficker Eye Chart Quote:
If that still doesn't fix run ComboFix once again and post ComboFix log file. Also after the problem is fixed, do not forget to update your antivirus and run a full scan. And install the security patch. |
|
|
|
|
|
25-05-2009, 06:38 PM
|
#659 |
|
Newbie
Join Date: May 2009
Posts: 5
Thanks: 1
Thanked 0 Times in 0 Posts
Rep Power: 0
OS:
|
Re: Cannot access Antivirus Sites/Google/Avast etc.
Thank You very much....You are really gr8.......
|
|
|
|
|
29-05-2009, 05:05 AM
|
#660 |
|
Newbie
Join Date: May 2009
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
Rep Power: 0
OS:
|
Re: Cannot access Antivirus Sites/Google/Avast etc.
hi bakuryu,
i've been experiencing the same problems that other people have posted here, however i'm still not certain what the exact procedure is to resolve it. from what i gather i need to post a log after running combofix. hopefully you'll be able to guide me through this, thanks for you time in advance. my log is as follows: Code:
ComboFix 09-05-28.01 - Administrator 29.05.2009 1:28.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1254.90.1055.18.2940.2554 [GMT 3:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\scrrntr.dll
.
((((((((((((((((((((((((( Files Created from 2009-04-28 to 2009-05-28 )))))))))))))))))))))))))))))))
.
2009-05-28 22:17 . 2009-05-28 22:16 388096 ----a-w c:\windows\system32\CF2413.exe
2009-05-28 21:42 . 2009-05-28 21:42 -------- d-----w c:\documents and settings\Administrator\Application Data\.clamwin
2009-05-28 21:42 . 2009-05-28 21:42 -------- d-----w c:\program files\ClamWin
2009-05-28 21:42 . 2009-05-28 21:42 -------- d-----w c:\documents and settings\All Users\.clamwin
2009-05-28 19:00 . 2009-05-28 19:00 -------- d-----w c:\program files\VS Revo Group
2009-05-28 19:00 . 2009-05-28 19:00 -------- d-----w c:\program files\CCleaner
2009-05-28 17:52 . 2008-08-28 11:25 220032 ----a-w c:\windows\system32\drivers\SynTP.sys
2009-05-28 17:52 . 2008-08-28 11:25 147456 ----a-w c:\windows\system32\SynTPAPI.dll
2009-05-28 17:52 . 2008-08-28 11:25 110592 ----a-w c:\windows\system32\SynTPCo4.dll
2009-05-28 17:52 . 2008-08-28 11:25 196608 ----a-w c:\windows\system32\SynCtrl.dll
2009-05-28 17:52 . 2008-08-28 11:25 163840 ----a-w c:\windows\system32\SynCOM.dll
2009-05-28 17:52 . 2009-05-28 17:52 -------- d-----w c:\program files\Synaptics
2009-05-28 16:24 . 2009-05-28 16:24 -------- d-----w c:\program files\AVG
2009-05-28 16:12 . 2009-05-28 16:22 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-05-28 15:05 . 2009-05-28 15:06 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Google
2009-05-28 15:00 . 2009-05-28 15:00 43024 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-28 15:00 . 2009-05-28 15:00 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Deployment
2009-05-28 14:38 . 2001-11-21 13:12 12160 ----a-w c:\windows\system32\drivers\mouhid.sys
2009-05-28 14:37 . 2008-04-13 05:45 10368 ----a-w c:\windows\system32\drivers\hidusb.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-28 17:52 . 2009-05-28 11:20 -------- d-----w c:\program files\Common Files\InstallShield
2009-05-28 17:05 . 2009-05-28 11:20 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-28 17:04 . 2009-05-28 11:14 -------- d-----w c:\documents and settings\Administrator\Application Data\TeraCopy
2009-05-28 13:01 . 2009-05-28 13:01 -------- d-----w c:\program files\TOSHIBA
2009-05-28 12:37 . 2009-05-28 12:37 -------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2009-05-28 12:32 . 2009-05-28 12:32 -------- d-----w c:\program files\Common Files\Control Panels
2009-05-28 12:32 . 2009-05-28 12:13 -------- d-----w c:\program files\Common Files\Adobe
2009-05-28 12:30 . 2009-05-28 12:30 -------- d-----w c:\documents and settings\All Users\Application Data\ALM
2009-05-28 12:27 . 2009-05-28 12:27 -------- d-----w c:\program files\QuickTime
2009-05-28 12:19 . 2009-05-28 12:19 -------- d-----w c:\program files\Bonjour
2009-05-28 12:16 . 2009-05-28 12:16 -------- d-----w c:\program files\Common Files\Macrovision Shared
2009-05-28 12:09 . 2009-05-28 12:09 -------- d-----w c:\program files\Microsoft ActiveSync
2009-05-28 12:07 . 2009-05-28 12:07 -------- d-----w c:\program files\Microsoft.NET
2009-05-28 12:02 . 2001-11-22 18:00 81820 ----a-w c:\windows\system32\perfc01F.dat
2009-05-28 12:02 . 2001-11-22 18:00 429186 ----a-w c:\windows\system32\perfh01F.dat
2009-05-28 12:01 . 2009-05-28 12:01 -------- d-----w c:\program files\CONEXANT
2009-05-28 11:53 . 2009-05-28 11:53 -------- d-----w c:\program files\ltmoh
2009-05-28 11:44 . 2009-05-28 11:17 -------- d-----w c:\program files\Intel
2009-05-28 11:25 . 2009-05-28 11:25 -------- d-----w c:\program files\Camera Assistant Software for Toshiba
2009-05-28 11:22 . 2009-05-28 11:20 -------- d-----w c:\program files\Realtek
2009-05-28 11:22 . 2009-05-28 11:22 -------- d-----w c:\documents and settings\Administrator\Application Data\InstallShield
2009-05-28 11:20 . 2009-05-28 11:20 315392 ----a-w c:\windows\HideWin.exe
2009-05-28 10:57 . 2009-05-28 10:57 64200 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-05-28 10:57 . 2009-05-28 10:57 -------- d-----w c:\program files\MSBuild
2009-05-28 10:57 . 2009-05-28 10:57 -------- d-----w c:\program files\Reference Assemblies
2009-05-28 10:55 . 2009-05-28 10:55 -------- d-----w c:\program files\TeraCopy
2009-05-28 10:54 . 2009-05-28 10:54 -------- d-----w c:\program files\Java
2009-05-28 10:54 . 2009-05-28 10:54 -------- d-----w c:\program files\Common Files\Java
2009-05-28 10:53 . 2009-05-28 10:53 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-28 10:51 . 2009-05-28 10:51 21736 ----a-w c:\windows\system32\emptyregdb.dat
2009-05-28 10:51 . 2009-05-28 10:51 -------- d-----w c:\program files\Windows Media Connect 2
2009-05-28 10:51 . 2009-05-28 10:51 -------- d-----w c:\program files\Unlocker
2009-05-25 13:57 . 2009-05-28 11:44 1503840 ----a-w c:\windows\system32\drivers\athw.sys
2008-04-14 06:00 . 2008-04-14 06:00 158873 --sha-r c:\windows\system32\cfgnm.dll
.
------- Sigcheck -------
[-] 2008-05-04 10:03 361344 ACCF5A9A1FFAA490F33DBA1C632B95E1 c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Google Update"="c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-05-28 133104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-28 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-28 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-28 141848]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-04-29 417792]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2008-05-27 360448]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-28 1024000]
"ClamWin"="c:\program files\ClamWin\bin\ClamTray.exe" [2009-04-14 86016]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-08-28 16860672]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2008-03-01 124928]
"Set Visual Effects"="SetVisualEffects.exe" - c:\windows\system32\SetVisualEffects.exe [2004-10-16 77824]
c:\documents and settings\All Users\Start Menu\Programlar\BaŸlang‡\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe [2009-5-28 295606]
Adobe Acrobat Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 1 (0x1)
"NoStartMenuMyMusic"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4527:TCP"= 4527:TCP:cgftfwnk
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [28.05.2009 16:01 5888]
S2 wrxyvjp;Config Image;c:\windows\system32\svchost.exe -k netsvcs [14.04.2008 09:00 14336]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
wrxyvjp
.
Contents of the 'Scheduled Tasks' folder
2009-05-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-299502267-1801674531-500.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-28 15:05]
.
- - - - ORPHANS REMOVED - - - -
SafeBoot-procexp90.Sys
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.tnctr.com/
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-05-29 01:30
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wrxyvjp]
"ServiceDll"="c:\windows\system32\cfgnm.dll"
.
Completion time: 2009-05-28 1:31
ComboFix-quarantined-files.txt 2009-05-28 22:31
Pre-Run: 149.785.915.392 bayt boş
Post-Run: 149.922.852.864 bayt boş
159
Last edited by bakuryu; 29-05-2009 at 01:39 PM.. |
|
|
|
|
| Tags |
| antivirus, cleanup, infection, virus, virus removal |
| Thread Tools | |
| Display Modes | |
|
|
< Windows Help - MS Office Help - Hardware Support >
| New To Site? | Need Help? |
Linear Mode
