Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirect virus on internet firefox


  • This topic is locked This topic is locked
3 replies to this topic

#1 carwatcher

carwatcher

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:11:22 PM

Posted 06 June 2010 - 10:20 PM



DDS (Ver_10-03-17.01) - NTFSx86
Run by Charles at 13:00:23.71 on Sun 06/13/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1447 [GMT -7:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: avast! Antivirus *On-access scanning enabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\ATI\Catalyst Media Center\Kernel\TV\CLCapSvc.exe
C:\Program Files\ATI\Catalyst Media Center\Kernel\CLML_NTService\CLMLServer.exe
C:\java\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\Program Files\WinUtilities\WinUtil.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Charles\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uStart Page = hxxp://news.google.com/nwshp?hl=en&tab=wn
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\java\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\java\lib\deploy\jqs\ie\jqs_plugin.dll
TB: SpeedBit Video Downloader: {0329e7d6-6f54-462d-93f6-f5c3118badf2} - c:\program files\speedbit video downloader\toolbar\SpeedBitVideoDownloader.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} -
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} -
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - No File
TB: {645FCD0C-EADE-4B52-8CDB-EF33692A2E75} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [QuickTime Task] "c:\program files\quicktime alternative\qttask.exe" -atboottime
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}\SOFTWARE
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}\SOFTWARE\Classes
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}\SOFTWARE\Classes\CLSID
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}\ProgID
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}\SOFTWARE
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}\SOFTWARE\Classes
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}\SOFTWARE\Classes\CLSID
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}\ProgID
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263}\SOFTWARE
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263}\SOFTWARE\Classes
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263}\SOFTWARE\Classes\CLSID
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ProgID
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F}
Trusted Zone: globeinvestor.com\tdw3
Trusted Zone: stockcharts.com
DPF: Garmin Internet Explorer Plug-In - hxxps://my.garmin.com/mygarmin/m/GarminAxControl.CAB
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1275330088859
DPF: {721AA83C-CA63-470B-BDAB-17EEBEC7C7DD} - hxxp://history.endofday.com/eodsuite/setup.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://decima.webex.com/client/T26L/webex/ieatgpc.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: intu-qt2009 - {03947252-2355-4e9b-B446-8CCC75C43370} - c:\program files\quicktax 2009\ic2009pp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\charles\applic~1\mozilla\firefox\profiles\ax87f853.default\
FF - prefs.js: browser.startup.homepage - hxxp://news.google.com/news?ned=us
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10607&gct=&gc=1&q=
FF - plugin: c:\documents and settings\charles\local settings\application data\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\java\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\java\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbrowster.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\opera\program\plugins\np_gp.dll
FF - plugin: c:\program files\opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\photosynth\npPhotosynthMozilla.dll
FF - plugin: c:\program files\sony\reader\data\bin\npebldetectmoz.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}(2)
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}(3)
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-6-13 164048]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-6-13 19024]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-13 40384]
R2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;c:\program files\nitro pdf\reader\NitroPDFReaderDriverService.exe [2010-5-25 196912]
R3 AmdTools;AMD Special Tools Driver;c:\windows\system32\drivers\AmdTools.sys [2006-10-27 31744]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-13 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-13 40384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-8-27 133104]
S2 IcRecUsb;IC Recorder Driver;c:\windows\system32\drivers\IcRecUsb.sys [2006-1-23 17432]
S2 SlingAgentService;SlingAgentService; [x]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\toolbarbroker.exe --> c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [?]
S3 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver; [x]
S3 pmxscan;Visioneer USB Service;c:\windows\system32\drivers\usbscan.sys [2005-12-24 15104]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2008-11-18 7808]
S3 SNIFFXP;Sniffem NDIS 5.0 packet driver;c:\windows\system32\drivers\sniffxp.sys [2004-5-4 10752]

=============== Created Last 30 ================

2010-06-13 19:53:16 0 ----a-w- c:\documents and settings\charles\defogger_reenable
2010-06-13 19:25:44 731648 ----a-w- c:\windows\is-DF3DI.exe
2010-06-13 15:08:31 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-06-12 23:56:50 0 d-----w- c:\docume~1\charles\applic~1\Malwarebytes
2010-06-12 23:56:08 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-12 23:56:08 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-06-12 23:56:07 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-12 23:56:07 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-12 17:23:21 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-06-12 17:23:21 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-12 17:23:02 0 d-----w- C:\java
2010-06-12 16:14:49 0 ----a-w- c:\windows\system32\REN152.tmp
2010-06-12 16:14:49 0 ----a-w- c:\windows\system32\REN151.tmp
2010-06-12 16:14:49 0 ----a-w- c:\windows\system32\REN150.tmp
2010-05-31 18:23:36 0 d-----w- c:\program files\Support Tools
2010-05-31 16:26:43 0 d-----w- c:\program files\Innovative Solutions
2010-05-28 00:59:53 0 d-----w- C:\inv
2010-05-28 00:59:48 0 d-----w- C:\(null)
2010-05-27 22:38:18 0 d-----w- C:\New Folder (2)
2010-05-27 19:27:12 26416 ----a-w- c:\windows\system32\nitrolocalmon.dll
2010-05-27 19:27:12 17712 ----a-w- c:\windows\system32\nitrolocalui.dll
2010-05-27 19:27:00 0 d-----w- c:\program files\common files\Nitro PDF
2010-05-27 19:26:59 0 d-----w- c:\program files\Nitro PDF
2010-05-27 19:26:25 0 d-----w- c:\docume~1\charles\applic~1\Downloaded Installations
2010-05-27 19:16:33 0 d-----w- c:\program files\Foxit Software
2010-05-27 19:04:37 0 d-----w- c:\docume~1\charles\applic~1\Tracker Software
2010-05-27 02:56:59 0 d-----w- c:\docume~1\alluse~1\applic~1\TrueCrypt
2010-05-27 02:56:57 223440 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2010-05-27 02:56:52 0 d-----w- c:\program files\TrueCrypt
2010-05-27 02:46:14 279 ----a-w- C:\Shortcut to Local Disk ©.lnk
2010-05-26 16:21:40 0 d-----w- c:\windows\system32\wbem\Repository
2010-05-25 17:54:15 0 d-----w- c:\docume~1\alluse~1\applic~1\IObit
2010-05-25 17:05:30 17544 ------w- c:\windows\system32\drivers\RkPavproc1.sys
2010-05-21 05:00:34 0 d-----w- c:\program files\Realtek
2010-05-21 04:59:56 1251872 ----a-w- c:\windows\RtlExUpd.dll
2010-05-18 22:05:52 0 d-----w- c:\docume~1\alluse~1\applic~1\Insight Software Solutions
2010-05-18 22:05:52 0 d-----w- c:\docume~1\alluse~1\applic~1\Insight Software
2010-05-18 22:05:49 0 d-----w- c:\program files\common files\Insight Software Solutions
2010-05-18 22:05:45 0 d-----w- c:\program files\ShortKeys2

==================== Find3M ====================

2010-05-12 22:24:21 4224 ----a-w- c:\windows\system32\drivers\rdpcdd.sys
2010-04-28 18:50:24 600680 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-04-09 23:33:38 577536 ----a-w- c:\windows\SOUNDMAN.EXE
2010-04-09 23:33:38 32770 ----a-w- c:\windows\system32\ltltwin.dll
2010-04-09 23:33:38 217088 ----a-w- c:\windows\Alcrmv.exe
2010-04-09 23:33:38 147456 ----a-w- c:\windows\system32\RTLCPAPI.dll
2010-04-09 23:33:37 10528768 ----a-w- c:\windows\system32\RTLCPL.EXE
2010-03-31 01:58:04 133616 ------w- c:\windows\system32\pxafs.dll
2010-03-31 01:58:04 125424 ------w- c:\windows\system32\pxinsi64.exe
2010-03-31 01:58:04 123888 ------w- c:\windows\system32\pxcpyi64.exe
2010-03-16 10:37:50 278120 ----a-w- c:\windows\system32\nvmccs.dll
2010-03-16 10:37:50 154216 ----a-w- c:\windows\system32\nvsvc32.exe
2010-03-16 10:37:50 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-03-16 10:37:50 13670504 ----a-w- c:\windows\system32\nvcpl.dll
2010-03-16 10:37:50 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-03-16 10:37:44 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-03-16 06:51:59 6432128 ----a-w- c:\windows\system32\nv4_disp.dll
2010-03-16 06:51:59 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-03-16 06:51:59 600680 ----a-w- c:\windows\system32\nvudisp.exe
2010-03-16 06:51:59 4075520 ----a-w- c:\windows\system32\nvcuda.dll
2010-03-16 06:51:59 2646632 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-03-16 06:51:59 2183470 ----a-w- c:\windows\system32\nvdata.bin
2010-03-16 06:51:59 215656 ----a-w- c:\windows\system32\nvcodins.dll
2010-03-16 06:51:59 215656 ----a-w- c:\windows\system32\nvcod.dll
2010-03-16 06:51:59 2030184 ----a-w- c:\windows\system32\nvcuvid.dll
2010-03-16 06:51:59 14757888 ----a-w- c:\windows\system32\nvoglnt.dll
2010-03-16 06:51:59 11640832 ----a-w- c:\windows\system32\nvcompiler.dll
2010-03-16 06:51:59 1097728 ----a-w- c:\windows\system32\nvapi.dll
2009-08-25 02:40:20 2415 ----a-w- c:\program files\readme.wri
2009-08-25 02:40:06 835584 ----a-w- c:\program files\qsetup.dyn
2009-08-25 02:40:06 429 ----a-w- c:\program files\TAX.PRI
2009-08-25 02:40:06 42390 ----a-w- c:\program files\TAX.THP
2009-08-25 02:40:06 40960 ----a-w- c:\program files\qwonline.dyn
2009-08-25 02:40:06 31479 ----a-w- c:\program files\EMC.IMP
2009-08-25 02:40:06 24576 ----a-w- c:\program files\qreports.dyn
2009-08-25 02:40:06 2322432 ----a-w- c:\program files\qw.dyn
2009-08-25 02:40:06 20480 ----a-w- c:\program files\qacces32.dyn
2009-08-25 02:40:06 20480 ----a-w- c:\program files\alert.dyn
2009-08-25 02:40:06 12385 ----a-w- c:\program files\TAX.SCD
2009-08-25 02:39:34 5087 ----a-w- c:\program files\khash.dat
2009-08-25 02:39:34 1361880 ----a-w- c:\program files\phash.dat
2009-08-25 02:39:08 679 ----a-w- c:\program files\qreqst.dat
2009-08-25 02:39:08 1528 ----a-w- c:\program files\qwsync.dat
2009-08-25 02:39:08 128 ----a-w- c:\program files\fri.dat
2009-08-25 02:39:08 126 ----a-w- c:\program files\bgtbrwsr.dat
2001-07-30 18:42:14 7107 ----a-w- c:\program files\ttaxexpt.dat
1998-11-17 19:09:06 24576 ----a-w- c:\windows\inf\Vizpnpin.exe
1998-10-12 19:23:22 40960 ----a-w- c:\windows\inf\vizpnp\Vipersti.dll
1998-07-30 20:44:02 19112 ----a-w- c:\windows\inf\vizpnp\Pmxscan.sys
2008-10-07 01:22:38 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008100620081007\index.dat

============= FINISH: 13:01:51.34 ===============


DDS (Ver_10-03-17.01) - NTFSx86
Run by Charles at 13:00:23.71 on Sun 06/13/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1447 [GMT -7:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: avast! Antivirus *On-access scanning enabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\ATI\Catalyst Media Center\Kernel\TV\CLCapSvc.exe
C:\Program Files\ATI\Catalyst Media Center\Kernel\CLML_NTService\CLMLServer.exe
C:\java\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\Program Files\WinUtilities\WinUtil.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Charles\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uStart Page = hxxp://news.google.com/nwshp?hl=en&tab=wn
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\java\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\java\lib\deploy\jqs\ie\jqs_plugin.dll
TB: SpeedBit Video Downloader: {0329e7d6-6f54-462d-93f6-f5c3118badf2} - c:\program files\speedbit video downloader\toolbar\SpeedBitVideoDownloader.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} -
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} -
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - No File
TB: {645FCD0C-EADE-4B52-8CDB-EF33692A2E75} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [QuickTime Task] "c:\program files\quicktime alternative\qttask.exe" -atboottime
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}\SOFTWARE
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}\SOFTWARE\Classes
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}\SOFTWARE\Classes\CLSID
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}\ProgID
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}\SOFTWARE
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}\SOFTWARE\Classes
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}\SOFTWARE\Classes\CLSID
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}\ProgID
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263}\SOFTWARE
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263}\SOFTWARE\Classes
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263}\SOFTWARE\Classes\CLSID
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ProgID
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F}
Trusted Zone: globeinvestor.com\tdw3
Trusted Zone: stockcharts.com
DPF: Garmin Internet Explorer Plug-In - hxxps://my.garmin.com/mygarmin/m/GarminAxControl.CAB
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1275330088859
DPF: {721AA83C-CA63-470B-BDAB-17EEBEC7C7DD} - hxxp://history.endofday.com/eodsuite/setup.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://decima.webex.com/client/T26L/webex/ieatgpc.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: intu-qt2009 - {03947252-2355-4e9b-B446-8CCC75C43370} - c:\program files\quicktax 2009\ic2009pp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\charles\applic~1\mozilla\firefox\profiles\ax87f853.default\
FF - prefs.js: browser.startup.homepage - hxxp://news.google.com/news?ned=us
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10607&gct=&gc=1&q=
FF - plugin: c:\documents and settings\charles\local settings\application data\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\java\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\java\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbrowster.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\opera\program\plugins\np_gp.dll
FF - plugin: c:\program files\opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\photosynth\npPhotosynthMozilla.dll
FF - plugin: c:\program files\sony\reader\data\bin\npebldetectmoz.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}(2)
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}(3)
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-6-13 164048]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-6-13 19024]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-13 40384]
R2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;c:\program files\nitro pdf\reader\NitroPDFReaderDriverService.exe [2010-5-25 196912]
R3 AmdTools;AMD Special Tools Driver;c:\windows\system32\drivers\AmdTools.sys [2006-10-27 31744]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-13 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-13 40384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-8-27 133104]
S2 IcRecUsb;IC Recorder Driver;c:\windows\system32\drivers\IcRecUsb.sys [2006-1-23 17432]
S2 SlingAgentService;SlingAgentService; [x]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\toolbarbroker.exe --> c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [?]
S3 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver; [x]
S3 pmxscan;Visioneer USB Service;c:\windows\system32\drivers\usbscan.sys [2005-12-24 15104]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2008-11-18 7808]
S3 SNIFFXP;Sniffem NDIS 5.0 packet driver;c:\windows\system32\drivers\sniffxp.sys [2004-5-4 10752]

=============== Created Last 30 ================

2010-06-13 19:53:16 0 ----a-w- c:\documents and settings\charles\defogger_reenable
2010-06-13 19:25:44 731648 ----a-w- c:\windows\is-DF3DI.exe
2010-06-13 15:08:31 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-06-12 23:56:50 0 d-----w- c:\docume~1\charles\applic~1\Malwarebytes
2010-06-12 23:56:08 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-12 23:56:08 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-06-12 23:56:07 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-12 23:56:07 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-12 17:23:21 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-06-12 17:23:21 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-12 17:23:02 0 d-----w- C:\java
2010-06-12 16:14:49 0 ----a-w- c:\windows\system32\REN152.tmp
2010-06-12 16:14:49 0 ----a-w- c:\windows\system32\REN151.tmp
2010-06-12 16:14:49 0 ----a-w- c:\windows\system32\REN150.tmp
2010-05-31 18:23:36 0 d-----w- c:\program files\Support Tools
2010-05-31 16:26:43 0 d-----w- c:\program files\Innovative Solutions
2010-05-28 00:59:53 0 d-----w- C:\inv
2010-05-28 00:59:48 0 d-----w- C:\(null)
2010-05-27 22:38:18 0 d-----w- C:\New Folder (2)
2010-05-27 19:27:12 26416 ----a-w- c:\windows\system32\nitrolocalmon.dll
2010-05-27 19:27:12 17712 ----a-w- c:\windows\system32\nitrolocalui.dll
2010-05-27 19:27:00 0 d-----w- c:\program files\common files\Nitro PDF
2010-05-27 19:26:59 0 d-----w- c:\program files\Nitro PDF
2010-05-27 19:26:25 0 d-----w- c:\docume~1\charles\applic~1\Downloaded Installations
2010-05-27 19:16:33 0 d-----w- c:\program files\Foxit Software
2010-05-27 19:04:37 0 d-----w- c:\docume~1\charles\applic~1\Tracker Software
2010-05-27 02:56:59 0 d-----w- c:\docume~1\alluse~1\applic~1\TrueCrypt
2010-05-27 02:56:57 223440 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2010-05-27 02:56:52 0 d-----w- c:\program files\TrueCrypt
2010-05-27 02:46:14 279 ----a-w- C:\Shortcut to Local Disk ©.lnk
2010-05-26 16:21:40 0 d-----w- c:\windows\system32\wbem\Repository
2010-05-25 17:54:15 0 d-----w- c:\docume~1\alluse~1\applic~1\IObit
2010-05-25 17:05:30 17544 ------w- c:\windows\system32\drivers\RkPavproc1.sys
2010-05-21 05:00:34 0 d-----w- c:\program files\Realtek
2010-05-21 04:59:56 1251872 ----a-w- c:\windows\RtlExUpd.dll
2010-05-18 22:05:52 0 d-----w- c:\docume~1\alluse~1\applic~1\Insight Software Solutions
2010-05-18 22:05:52 0 d-----w- c:\docume~1\alluse~1\applic~1\Insight Software
2010-05-18 22:05:49 0 d-----w- c:\program files\common files\Insight Software Solutions
2010-05-18 22:05:45 0 d-----w- c:\program files\ShortKeys2

==================== Find3M ====================

2010-05-12 22:24:21 4224 ----a-w- c:\windows\system32\drivers\rdpcdd.sys
2010-04-28 18:50:24 600680 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-04-09 23:33:38 577536 ----a-w- c:\windows\SOUNDMAN.EXE
2010-04-09 23:33:38 32770 ----a-w- c:\windows\system32\ltltwin.dll
2010-04-09 23:33:38 217088 ----a-w- c:\windows\Alcrmv.exe
2010-04-09 23:33:38 147456 ----a-w- c:\windows\system32\RTLCPAPI.dll
2010-04-09 23:33:37 10528768 ----a-w- c:\windows\system32\RTLCPL.EXE
2010-03-31 01:58:04 133616 ------w- c:\windows\system32\pxafs.dll
2010-03-31 01:58:04 125424 ------w- c:\windows\system32\pxinsi64.exe
2010-03-31 01:58:04 123888 ------w- c:\windows\system32\pxcpyi64.exe
2010-03-16 10:37:50 278120 ----a-w- c:\windows\system32\nvmccs.dll
2010-03-16 10:37:50 154216 ----a-w- c:\windows\system32\nvsvc32.exe
2010-03-16 10:37:50 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-03-16 10:37:50 13670504 ----a-w- c:\windows\system32\nvcpl.dll
2010-03-16 10:37:50 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-03-16 10:37:44 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-03-16 06:51:59 6432128 ----a-w- c:\windows\system32\nv4_disp.dll
2010-03-16 06:51:59 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-03-16 06:51:59 600680 ----a-w- c:\windows\system32\nvudisp.exe
2010-03-16 06:51:59 4075520 ----a-w- c:\windows\system32\nvcuda.dll
2010-03-16 06:51:59 2646632 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-03-16 06:51:59 2183470 ----a-w- c:\windows\system32\nvdata.bin
2010-03-16 06:51:59 215656 ----a-w- c:\windows\system32\nvcodins.dll
2010-03-16 06:51:59 215656 ----a-w- c:\windows\system32\nvcod.dll
2010-03-16 06:51:59 2030184 ----a-w- c:\windows\system32\nvcuvid.dll
2010-03-16 06:51:59 14757888 ----a-w- c:\windows\system32\nvoglnt.dll
2010-03-16 06:51:59 11640832 ----a-w- c:\windows\system32\nvcompiler.dll
2010-03-16 06:51:59 1097728 ----a-w- c:\windows\system32\nvapi.dll
2009-08-25 02:40:20 2415 ----a-w- c:\program files\readme.wri
2009-08-25 02:40:06 835584 ----a-w- c:\program files\qsetup.dyn
2009-08-25 02:40:06 429 ----a-w- c:\program files\TAX.PRI
2009-08-25 02:40:06 42390 ----a-w- c:\program files\TAX.THP
2009-08-25 02:40:06 40960 ----a-w- c:\program files\qwonline.dyn
2009-08-25 02:40:06 31479 ----a-w- c:\program files\EMC.IMP
2009-08-25 02:40:06 24576 ----a-w- c:\program files\qreports.dyn
2009-08-25 02:40:06 2322432 ----a-w- c:\program files\qw.dyn
2009-08-25 02:40:06 20480 ----a-w- c:\program files\qacces32.dyn
2009-08-25 02:40:06 20480 ----a-w- c:\program files\alert.dyn
2009-08-25 02:40:06 12385 ----a-w- c:\program files\TAX.SCD
2009-08-25 02:39:34 5087 ----a-w- c:\program files\khash.dat
2009-08-25 02:39:34 1361880 ----a-w- c:\program files\phash.dat
2009-08-25 02:39:08 679 ----a-w- c:\program files\qreqst.dat
2009-08-25 02:39:08 1528 ----a-w- c:\program files\qwsync.dat
2009-08-25 02:39:08 128 ----a-w- c:\program files\fri.dat
2009-08-25 02:39:08 126 ----a-w- c:\program files\bgtbrwsr.dat
2001-07-30 18:42:14 7107 ----a-w- c:\program files\ttaxexpt.dat
1998-11-17 19:09:06 24576 ----a-w- c:\windows\inf\Vizpnpin.exe
1998-10-12 19:23:22 40960 ----a-w- c:\windows\inf\vizpnp\Vipersti.dll
1998-07-30 20:44:02 19112 ----a-w- c:\windows\inf\vizpnp\Pmxscan.sys
2008-10-07 01:22:38 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008100620081007\index.dat

============= FINISH: 13:01:51.34 ===============


DDS (Ver_10-03-17.01) - NTFSx86
Run by Charles at 13:00:23.71 on Sun 06/13/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1447 [GMT -7:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: avast! Antivirus *On-access scanning enabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\ATI\Catalyst Media Center\Kernel\TV\CLCapSvc.exe
C:\Program Files\ATI\Catalyst Media Center\Kernel\CLML_NTService\CLMLServer.exe
C:\java\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\Program Files\WinUtilities\WinUtil.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Charles\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uStart Page = hxxp://news.google.com/nwshp?hl=en&tab=wn
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\java\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\java\lib\deploy\jqs\ie\jqs_plugin.dll
TB: SpeedBit Video Downloader: {0329e7d6-6f54-462d-93f6-f5c3118badf2} - c:\program files\speedbit video downloader\toolbar\SpeedBitVideoDownloader.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} -
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} -
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - No File
TB: {645FCD0C-EADE-4B52-8CDB-EF33692A2E75} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [QuickTime Task] "c:\program files\quicktime alternative\qttask.exe" -atboottime
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}\SOFTWARE
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}\SOFTWARE\Classes
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}\SOFTWARE\Classes\CLSID
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}\ProgID
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}\SOFTWARE
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}\SOFTWARE\Classes
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}\SOFTWARE\Classes\CLSID
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}\ProgID
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263}\SOFTWARE
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263}\SOFTWARE\Classes
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263}\SOFTWARE\Classes\CLSID
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ProgID
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F}
Trusted Zone: globeinvestor.com\tdw3
Trusted Zone: stockcharts.com
DPF: Garmin Internet Explorer Plug-In - hxxps://my.garmin.com/mygarmin/m/GarminAxControl.CAB
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1275330088859
DPF: {721AA83C-CA63-470B-BDAB-17EEBEC7C7DD} - hxxp://history.endofday.com/eodsuite/setup.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://decima.webex.com/client/T26L/webex/ieatgpc.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: intu-qt2009 - {03947252-2355-4e9b-B446-8CCC75C43370} - c:\program files\quicktax 2009\ic2009pp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\charles\applic~1\mozilla\firefox\profiles\ax87f853.default\
FF - prefs.js: browser.startup.homepage - hxxp://news.google.com/news?ned=us
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10607&gct=&gc=1&q=
FF - plugin: c:\documents and settings\charles\local settings\application data\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\java\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\java\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbrowster.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\opera\program\plugins\np_gp.dll
FF - plugin: c:\program files\opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\photosynth\npPhotosynthMozilla.dll
FF - plugin: c:\program files\sony\reader\data\bin\npebldetectmoz.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}(2)
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}(3)
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-6-13 164048]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-6-13 19024]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-13 40384]
R2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;c:\program files\nitro pdf\reader\NitroPDFReaderDriverService.exe [2010-5-25 196912]
R3 AmdTools;AMD Special Tools Driver;c:\windows\system32\drivers\AmdTools.sys [2006-10-27 31744]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-13 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-13 40384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-8-27 133104]
S2 IcRecUsb;IC Recorder Driver;c:\windows\system32\drivers\IcRecUsb.sys [2006-1-23 17432]
S2 SlingAgentService;SlingAgentService; [x]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\toolbarbroker.exe --> c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [?]
S3 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver; [x]
S3 pmxscan;Visioneer USB Service;c:\windows\system32\drivers\usbscan.sys [2005-12-24 15104]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2008-11-18 7808]
S3 SNIFFXP;Sniffem NDIS 5.0 packet driver;c:\windows\system32\drivers\sniffxp.sys [2004-5-4 10752]

=============== Created Last 30 ================

2010-06-13 19:53:16 0 ----a-w- c:\documents and settings\charles\defogger_reenable
2010-06-13 19:25:44 731648 ----a-w- c:\windows\is-DF3DI.exe
2010-06-13 15:08:31 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-06-12 23:56:50 0 d-----w- c:\docume~1\charles\applic~1\Malwarebytes
2010-06-12 23:56:08 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-12 23:56:08 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-06-12 23:56:07 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-12 23:56:07 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-12 17:23:21 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-06-12 17:23:21 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-12 17:23:02 0 d-----w- C:\java
2010-06-12 16:14:49 0 ----a-w- c:\windows\system32\REN152.tmp
2010-06-12 16:14:49 0 ----a-w- c:\windows\system32\REN151.tmp
2010-06-12 16:14:49 0 ----a-w- c:\windows\system32\REN150.tmp
2010-05-31 18:23:36 0 d-----w- c:\program files\Support Tools
2010-05-31 16:26:43 0 d-----w- c:\program files\Innovative Solutions
2010-05-28 00:59:53 0 d-----w- C:\inv
2010-05-28 00:59:48 0 d-----w- C:\(null)
2010-05-27 22:38:18 0 d-----w- C:\New Folder (2)
2010-05-27 19:27:12 26416 ----a-w- c:\windows\system32\nitrolocalmon.dll
2010-05-27 19:27:12 17712 ----a-w- c:\windows\system32\nitrolocalui.dll
2010-05-27 19:27:00 0 d-----w- c:\program files\common files\Nitro PDF
2010-05-27 19:26:59 0 d-----w- c:\program files\Nitro PDF
2010-05-27 19:26:25 0 d-----w- c:\docume~1\charles\applic~1\Downloaded Installations
2010-05-27 19:16:33 0 d-----w- c:\program files\Foxit Software
2010-05-27 19:04:37 0 d-----w- c:\docume~1\charles\applic~1\Tracker Software
2010-05-27 02:56:59 0 d-----w- c:\docume~1\alluse~1\applic~1\TrueCrypt
2010-05-27 02:56:57 223440 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2010-05-27 02:56:52 0 d-----w- c:\program files\TrueCrypt
2010-05-27 02:46:14 279 ----a-w- C:\Shortcut to Local Disk ©.lnk
2010-05-26 16:21:40 0 d-----w- c:\windows\system32\wbem\Repository
2010-05-25 17:54:15 0 d-----w- c:\docume~1\alluse~1\applic~1\IObit
2010-05-25 17:05:30 17544 ------w- c:\windows\system32\drivers\RkPavproc1.sys
2010-05-21 05:00:34 0 d-----w- c:\program files\Realtek
2010-05-21 04:59:56 1251872 ----a-w- c:\windows\RtlExUpd.dll
2010-05-18 22:05:52 0 d-----w- c:\docume~1\alluse~1\applic~1\Insight Software Solutions
2010-05-18 22:05:52 0 d-----w- c:\docume~1\alluse~1\applic~1\Insight Software
2010-05-18 22:05:49 0 d-----w- c:\program files\common files\Insight Software Solutions
2010-05-18 22:05:45 0 d-----w- c:\program files\ShortKeys2

==================== Find3M ====================

2010-05-12 22:24:21 4224 ----a-w- c:\windows\system32\drivers\rdpcdd.sys
2010-04-28 18:50:24 600680 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-04-09 23:33:38 577536 ----a-w- c:\windows\SOUNDMAN.EXE
2010-04-09 23:33:38 32770 ----a-w- c:\windows\system32\ltltwin.dll
2010-04-09 23:33:38 217088 ----a-w- c:\windows\Alcrmv.exe
2010-04-09 23:33:38 147456 ----a-w- c:\windows\system32\RTLCPAPI.dll
2010-04-09 23:33:37 10528768 ----a-w- c:\windows\system32\RTLCPL.EXE
2010-03-31 01:58:04 133616 ------w- c:\windows\system32\pxafs.dll
2010-03-31 01:58:04 125424 ------w- c:\windows\system32\pxinsi64.exe
2010-03-31 01:58:04 123888 ------w- c:\windows\system32\pxcpyi64.exe
2010-03-16 10:37:50 278120 ----a-w- c:\windows\system32\nvmccs.dll
2010-03-16 10:37:50 154216 ----a-w- c:\windows\system32\nvsvc32.exe
2010-03-16 10:37:50 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-03-16 10:37:50 13670504 ----a-w- c:\windows\system32\nvcpl.dll
2010-03-16 10:37:50 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-03-16 10:37:44 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-03-16 06:51:59 6432128 ----a-w- c:\windows\system32\nv4_disp.dll
2010-03-16 06:51:59 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-03-16 06:51:59 600680 ----a-w- c:\windows\system32\nvudisp.exe
2010-03-16 06:51:59 4075520 ----a-w- c:\windows\system32\nvcuda.dll
2010-03-16 06:51:59 2646632 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-03-16 06:51:59 2183470 ----a-w- c:\windows\system32\nvdata.bin
2010-03-16 06:51:59 215656 ----a-w- c:\windows\system32\nvcodins.dll
2010-03-16 06:51:59 215656 ----a-w- c:\windows\system32\nvcod.dll
2010-03-16 06:51:59 2030184 ----a-w- c:\windows\system32\nvcuvid.dll
2010-03-16 06:51:59 14757888 ----a-w- c:\windows\system32\nvoglnt.dll
2010-03-16 06:51:59 11640832 ----a-w- c:\windows\system32\nvcompiler.dll
2010-03-16 06:51:59 1097728 ----a-w- c:\windows\system32\nvapi.dll
2009-08-25 02:40:20 2415 ----a-w- c:\program files\readme.wri
2009-08-25 02:40:06 835584 ----a-w- c:\program files\qsetup.dyn
2009-08-25 02:40:06 429 ----a-w- c:\program files\TAX.PRI
2009-08-25 02:40:06 42390 ----a-w- c:\program files\TAX.THP
2009-08-25 02:40:06 40960 ----a-w- c:\program files\qwonline.dyn
2009-08-25 02:40:06 31479 ----a-w- c:\program files\EMC.IMP
2009-08-25 02:40:06 24576 ----a-w- c:\program files\qreports.dyn
2009-08-25 02:40:06 2322432 ----a-w- c:\program files\qw.dyn
2009-08-25 02:40:06 20480 ----a-w- c:\program files\qacces32.dyn
2009-08-25 02:40:06 20480 ----a-w- c:\program files\alert.dyn
2009-08-25 02:40:06 12385 ----a-w- c:\program files\TAX.SCD
2009-08-25 02:39:34 5087 ----a-w- c:\program files\khash.dat
2009-08-25 02:39:34 1361880 ----a-w- c:\program files\phash.dat
2009-08-25 02:39:08 679 ----a-w- c:\program files\qreqst.dat
2009-08-25 02:39:08 1528 ----a-w- c:\program files\qwsync.dat
2009-08-25 02:39:08 128 ----a-w- c:\program files\fri.dat
2009-08-25 02:39:08 126 ----a-w- c:\program files\bgtbrwsr.dat
2001-07-30 18:42:14 7107 ----a-w- c:\program files\ttaxexpt.dat
1998-11-17 19:09:06 24576 ----a-w- c:\windows\inf\Vizpnpin.exe
1998-10-12 19:23:22 40960 ----a-w- c:\windows\inf\vizpnp\Vipersti.dll
1998-07-30 20:44:02 19112 ----a-w- c:\windows\inf\vizpnp\Pmxscan.sys
2008-10-07 01:22:38 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008100620081007\index.dat

============= FINISH: 13:01:51.34 ===============
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-13 15:18:21
Windows 5.1.2600 Service Pack 3
Running: rsxku3z7.exe; Driver: C:\DOCUME~1\Charles\LOCALS~1\Temp\pwryapog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xB22CCC7A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xB22CCB36]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteKey [0xB22CD0EA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xB22CD014]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xB22CC70C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xB22CCC10]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xB22CC64C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xB22CC6B0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xB22CCD30]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRenameKey [0xB22CD1B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xB22CCCF0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xB22CCE70]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0xB22D9AC6]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xB22D98EA]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0xB22D9A24]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2468 80501CA0 4 Bytes JMP DAB22CD0
PAGE ntkrnlpa.exe!ZwLoadDriver 805795FA 7 Bytes JMP B22D9A28 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!NtCreateSection 805A075C 7 Bytes JMP B22D98EE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805B1CE0 5 Bytes JMP B22D5536 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ObInsertObject 805B8B58 5 Bytes JMP B22D6EC2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805C73EA 7 Bytes JMP B22D9ACA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB68EC380, 0x566465, 0xE8000020]
.rsrc C:\WINDOWS\System32\DRIVERS\RDPCDD.sys entry point in ".rsrc" section [0xB8618C14]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[464] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B7000A
.text C:\WINDOWS\Explorer.EXE[464] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00BD000A
.text C:\WINDOWS\Explorer.EXE[464] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B6000C
.text C:\WINDOWS\System32\svchost.exe[1172] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0092000A
.text C:\WINDOWS\System32\svchost.exe[1172] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0093000A
.text C:\WINDOWS\System32\svchost.exe[1172] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0091000C
.text C:\WINDOWS\System32\svchost.exe[1172] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 00DB000A
.text C:\WINDOWS\System32\svchost.exe[1172] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00DF000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3568] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0132000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3568] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0133000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3568] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0131000C

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device -> \Driver\atapi \Device\Harddisk0\DR0 895A3AC8

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\System32\DRIVERS\RDPCDD.sys suspicious modification
File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:22 AM

Posted 06 June 2010 - 10:32 PM

Greetings

One or more of the identified infections is a Backdoor Trojan.

This could allow hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC could be compromised and there is no way to be sure that your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. "If you would like to continue, then follow the steps below, otherwise please let me know"

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:
    Please visit this webpage for download links, and instructions for running the tool:

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    Please ensure you read this guide carefully and install the Recovery Console first.

    The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode.
    This allows us to more easily help you should your computer have a problem after an attempted removal of malware.
    It is a simple procedure that will only take a few moments of your time.


    Once installed, you should see a blue screen prompt that says:
      The Recovery Console was successfully installed.
    Please continue as follows:
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Click Yes to allow ComboFix to continue scanning for malware.

    When the tool is finished, it will produce a report for you.

    Please include the report in your next post:

    C:\ComboFix.txt

"information and logs"
    In your next post I need the following
    1. Log from Combofix
    2. let me know of any problems you may have had
    3. How is the computer doing now?

Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:22 AM

Posted 09 June 2010 - 03:30 AM

Hello

three day bump

It has been Three days since my last post.
  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:22 AM

Posted 12 June 2010 - 11:01 PM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

The fixes and advice in this thread are for this machine only.
Do not apply the instructions from this thread to your own machine.
Please start a new thread describing your issue and someone will be along to assist you.


With Regards,
Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users