Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown Rootkit infection


  • This topic is locked This topic is locked
30 replies to this topic

#1 destry.stevens

destry.stevens

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:55 AM

Posted 29 November 2012 - 03:08 AM

Hello Everyone or anyone,
I have a Gateway ID58 series with Windows Vista Sp 3 64-bit, had an outdated version of Norton 360 on it when I got it. So no real protection. Vista is running extremely slow, and the only two browsers on the laptop, IE and Chrome, will not connect to the Internet. I get an error message saying Webpage cannot be displayed, I tried the "diagnose connection problem" button, it says there is no trouble with the connection. Itunes updated just fine, so I know the machine knows its connected, but how do I repair the web browsers to recognize the connection?

I recently spent two days trying several different scans and possible fixex as any interested party can see if you follow the link below.

http://www.bleepingcomputer.com/forums/topic476492.html/page__pid__2907794#top

the users then told me my machine is infected by a rootkit.

Here are my dds.exe scan logs as requested by the preparation guide.

dds.txt log
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16455
Run by mariah at 23:43:04 on 2012-11-28
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4024.2360 [GMT -8:00]
.
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Gateway\Gateway PowerSave Solution\ePowerSvc.exe
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\VIA\VIAAUD\viaaud.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Gateway\Gateway PowerSave Solution\ePowerTray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Gateway\Gateway PowerSave Solution\ePowerEvent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\taskeng.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\mobsync.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=0609&m=id58_series
uSearch Bar = Preserve
uDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=0609&m=id58_series
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=0609&m=id58_series
mDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=0609&m=id58_series
mWinlogon: Userinit = userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: TheSea.TheSeaPlugin: {C585D593-E7F3-4852-A200-561686EE02E4} -
EB: TheSeaApp: {c585d593-e7f4-4852-a200-561686ee02e4} -
uRun: [DW6] "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [Exent_SDM] C:\Users\mariah\AppData\Local\Temp\SDM143\Free Ride Games.exe "l 'Startup' u 'http://www.freeridegames.com/do/SDM?action=config&contentId=%d' p '143' c '642550'"
uRun: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [VideoWebCamera] "C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe" -a
mRun: [LManager] "C:\Program Files (x86)\Launch Manager\LManager.exe"
mRun: [RemoteControl8] "c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
mRun: [PDVD8LanguageShortcut] "c:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
mRun: [CLMLServer] "c:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -k
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\mariah\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{6F8705C6-46FD-4875-93C8-618DADDCB53F} : DHCPNameServer = 192.168.1.1
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
x64-mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=0609&m=id58_series
x64-mDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=0609&m=id58_series
x64-Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe -hide
x64-Run: [VIAAUD] C:\Program Files\VIA\VIAAUD\viaaud.exe
x64-Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [Acer ePower Management] C:\Program Files\Gateway\Gateway PowerSave Solution\ePowerTrayLauncher.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-mPolicies-Explorer: NoActiveDesktop = dword:1
x64-mPolicies-Explorer: NoActiveDesktopChanges = dword:1
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
x64-Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\0502000.00D\symds64.sys [2012-1-31 450680]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\0502000.00D\symefa64.sys [2012-1-31 912504]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120317.002\BHDrvx64.sys [2012-3-20 1157240]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120328.002\IDSviA64.sys [2012-3-28 488568]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\0502000.00D\ironx64.sys [2012-1-31 171128]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\System32\drivers\N360x64\0502000.00D\symtdiv.sys [2012-1-31 432760]
R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [2012-11-25 464256]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Gateway\Gateway PowerSave Solution\ePowerSvc.exe [2009-6-18 794144]
R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
R2 HsfXAudioService;HsfXAudioService;C:\Windows\System32\svchost.exe -k HsfXAudioService [2008-1-20 27648]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-3-9 44800]
R3 CAXHWAZL;CAXHWAZL;C:\Windows\System32\drivers\CAXHWAZL.sys [2009-6-18 292864]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2009-6-18 126464]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2008-9-3 390656]
R3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw5v64.sys [2008-11-17 4751360]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2009-6-18 1120768]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 b57nd60a;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\b57nd60a.sys [2008-1-20 214016]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-3-19 138360]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-8-2 51712]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2011-1-17 89920]
.
=============== File Associations ===============
.
FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2012-11-25 11:01:41 66395536 ----a-w- C:\Windows\System32\mrt.exe
2012-10-13 03:09:32 25472 ----a-w- C:\Windows\System32\RegistryDefragBootTime.exe
2012-10-12 14:53:34 2769920 ----a-w- C:\Windows\System32\win32k.sys
2012-10-04 03:03:05 17811968 ----a-w- C:\Windows\System32\mshtml.dll
2012-10-04 02:24:36 10925568 ----a-w- C:\Windows\System32\ieframe.dll
2012-10-04 02:18:45 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-10-04 02:12:16 1346048 ----a-w- C:\Windows\System32\urlmon.dll
2012-10-04 02:11:22 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-10-04 02:10:43 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-10-04 02:10:19 237056 ----a-w- C:\Windows\System32\url.dll
2012-10-04 02:08:50 85504 ----a-w- C:\Windows\System32\jsproxy.dll
2012-10-04 02:07:11 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-10-04 02:07:01 816640 ----a-w- C:\Windows\System32\jscript.dll
2012-10-04 02:06:55 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-10-04 02:05:40 729088 ----a-w- C:\Windows\System32\msfeeds.dll
2012-10-04 02:04:55 2144768 ----a-w- C:\Windows\System32\iertutil.dll
2012-10-04 02:03:48 96768 ----a-w- C:\Windows\System32\mshtmled.dll
2012-10-04 02:03:26 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-10-04 01:59:12 248320 ----a-w- C:\Windows\System32\ieui.dll
2012-10-03 23:00:04 12320768 ----a-w- C:\Windows\SysWow64\mshtml.dll
2012-10-03 22:35:48 9738240 ----a-w- C:\Windows\SysWow64\ieframe.dll
2012-10-03 22:30:48 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-10-03 22:22:51 1103872 ----a-w- C:\Windows\SysWow64\urlmon.dll
2012-10-03 22:21:58 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-10-03 22:21:57 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-10-03 22:20:53 231936 ----a-w- C:\Windows\SysWow64\url.dll
2012-10-03 22:19:28 65024 ----a-w- C:\Windows\SysWow64\jsproxy.dll
2012-10-03 22:18:27 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-10-03 22:18:10 717824 ----a-w- C:\Windows\SysWow64\jscript.dll
2012-10-03 22:18:01 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-10-03 22:16:41 607744 ----a-w- C:\Windows\SysWow64\msfeeds.dll
2012-10-03 22:16:03 1793024 ----a-w- C:\Windows\SysWow64\iertutil.dll
2012-10-03 22:15:16 73216 ----a-w- C:\Windows\SysWow64\mshtmled.dll
2012-10-03 22:14:47 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-10-03 22:11:09 176640 ----a-w- C:\Windows\SysWow64\ieui.dll
2012-09-30 03:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-09-25 16:31:19 91648 ----a-w- C:\Windows\System32\synceng.dll
2012-09-25 16:19:41 75776 ----a-w- C:\Windows\SysWow64\synceng.dll
2012-09-13 13:45:46 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-09-13 13:28:08 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
.
============= FINISH: 23:43:18.80 ===============

Attach.txt log
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 6/18/2009 7:17:04 PM
System Uptime: 11/28/2012 8:54:48 PM (3 hours ago)
.
Motherboard: Gateway | | SJM50MV
Processor: Intel® Core™2 Duo CPU T6500 @ 2.10GHz | U2E1 | 2100/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 454 GiB total, 401.001 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP144: 11/27/2012 5:49:43 AM - Scheduled Checkpoint
RP145: 11/28/2012 11:05:12 AM - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Acrobat.com
Adobe Acrobat 4.0
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9
Adobe Shockwave Player 11.5
Advanced SystemCare 6
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Backup Manager Basic
Bonjour
Broadcom Gigabit NetLink Controller
Choice Guard
Compatibility Pack for the 2007 Office system
CyberLink Power2Go
CyberLink PowerDVD 8
Gateway Games
Gateway MyBackup
Gateway PowerSave Solution
Gateway Recovery Management
Gateway ScreenSaver
GIMP
HDAUDIO Soft Data Fax Modem with SmartCP
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel® Graphics Media Accelerator Driver
iTunes
Junk Mail filter update
Launch Manager
Malwarebytes Anti-Malware version 1.65.1.1000
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Money Essentials
Microsoft Money Shared Libraries
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Platform
Play Pickle
Realtek USB 2.0 Card Reader
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition
Synaptics Pointing Device Driver
The Sea App (Internet Explorer)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VIA Platform Device Manager
Video Web Camera
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Writer
Wizard101
.
==== End Of File ===========================
Thank you in advance for any and all help or ideas.

BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:55 AM

Posted 04 December 2012 - 03:10 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/476830 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 destry.stevens

destry.stevens
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:55 AM

Posted 04 December 2012 - 09:29 AM

Hello Again,
I have a Gateway ID58 series with Windows Vista Sp 3 64-bit(I do not have the install disc), had an outdated version of Norton 360 on it when I got it. So no real protection. Vista is running extremely slow, and the only two browsers on the laptop, IE and Chrome, will not connect to the Internet. I get an error message saying Webpage cannot be displayed, I tried the "diagnose connection problem" button, it says there is no trouble with the connection. Itunes updated just fine, so I know the machine knows its connected, but how do I repair the web browsers to recognize the connection?

I recently spent two days trying several different scans and possible fixex as any interested party can see if you follow the link below.

http://www.bleepingcomputer.com/forums/topic476492.html/page__pid__2907794#top

the users then told me my machine is infected by a rootkit.

Here are my dds.exe scan logs as requested by the preparation guide.

dds.txt log
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16455
Run by mariah at 23:43:04 on 2012-11-28
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4024.2360 [GMT -8:00]
.
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Gateway\Gateway PowerSave Solution\ePowerSvc.exe
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\VIA\VIAAUD\viaaud.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Gateway\Gateway PowerSave Solution\ePowerTray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Gateway\Gateway PowerSave Solution\ePowerEvent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\taskeng.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\mobsync.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=0609&m=id58_series
uSearch Bar = Preserve
uDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=0609&m=id58_series
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=0609&m=id58_series
mDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=0609&m=id58_series
mWinlogon: Userinit = userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: TheSea.TheSeaPlugin: {C585D593-E7F3-4852-A200-561686EE02E4} -
EB: TheSeaApp: {c585d593-e7f4-4852-a200-561686ee02e4} -
uRun: [DW6] "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [Exent_SDM] C:\Users\mariah\AppData\Local\Temp\SDM143\Free Ride Games.exe "l 'Startup' u 'http://www.freeridegames.com/do/SDM?action=config&contentId=%d' p '143' c '642550'"
uRun: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [VideoWebCamera] "C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe" -a
mRun: [LManager] "C:\Program Files (x86)\Launch Manager\LManager.exe"
mRun: [RemoteControl8] "c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
mRun: [PDVD8LanguageShortcut] "c:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
mRun: [CLMLServer] "c:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -k
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\mariah\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{6F8705C6-46FD-4875-93C8-618DADDCB53F} : DHCPNameServer = 192.168.1.1
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
x64-mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=0609&m=id58_series
x64-mDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=0609&m=id58_series
x64-Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe -hide
x64-Run: [VIAAUD] C:\Program Files\VIA\VIAAUD\viaaud.exe
x64-Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [Acer ePower Management] C:\Program Files\Gateway\Gateway PowerSave Solution\ePowerTrayLauncher.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-mPolicies-Explorer: NoActiveDesktop = dword:1
x64-mPolicies-Explorer: NoActiveDesktopChanges = dword:1
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
x64-Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\0502000.00D\symds64.sys [2012-1-31 450680]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\0502000.00D\symefa64.sys [2012-1-31 912504]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120317.002\BHDrvx64.sys [2012-3-20 1157240]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120328.002\IDSviA64.sys [2012-3-28 488568]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\0502000.00D\ironx64.sys [2012-1-31 171128]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\System32\drivers\N360x64\0502000.00D\symtdiv.sys [2012-1-31 432760]
R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [2012-11-25 464256]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Gateway\Gateway PowerSave Solution\ePowerSvc.exe [2009-6-18 794144]
R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
R2 HsfXAudioService;HsfXAudioService;C:\Windows\System32\svchost.exe -k HsfXAudioService [2008-1-20 27648]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-3-9 44800]
R3 CAXHWAZL;CAXHWAZL;C:\Windows\System32\drivers\CAXHWAZL.sys [2009-6-18 292864]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2009-6-18 126464]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2008-9-3 390656]
R3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw5v64.sys [2008-11-17 4751360]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2009-6-18 1120768]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 b57nd60a;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\b57nd60a.sys [2008-1-20 214016]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-3-19 138360]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-8-2 51712]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2011-1-17 89920]
.
=============== File Associations ===============
.
FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2012-11-25 11:01:41 66395536 ----a-w- C:\Windows\System32\mrt.exe
2012-10-13 03:09:32 25472 ----a-w- C:\Windows\System32\RegistryDefragBootTime.exe
2012-10-12 14:53:34 2769920 ----a-w- C:\Windows\System32\win32k.sys
2012-10-04 03:03:05 17811968 ----a-w- C:\Windows\System32\mshtml.dll
2012-10-04 02:24:36 10925568 ----a-w- C:\Windows\System32\ieframe.dll
2012-10-04 02:18:45 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-10-04 02:12:16 1346048 ----a-w- C:\Windows\System32\urlmon.dll
2012-10-04 02:11:22 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-10-04 02:10:43 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-10-04 02:10:19 237056 ----a-w- C:\Windows\System32\url.dll
2012-10-04 02:08:50 85504 ----a-w- C:\Windows\System32\jsproxy.dll
2012-10-04 02:07:11 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-10-04 02:07:01 816640 ----a-w- C:\Windows\System32\jscript.dll
2012-10-04 02:06:55 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-10-04 02:05:40 729088 ----a-w- C:\Windows\System32\msfeeds.dll
2012-10-04 02:04:55 2144768 ----a-w- C:\Windows\System32\iertutil.dll
2012-10-04 02:03:48 96768 ----a-w- C:\Windows\System32\mshtmled.dll
2012-10-04 02:03:26 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-10-04 01:59:12 248320 ----a-w- C:\Windows\System32\ieui.dll
2012-10-03 23:00:04 12320768 ----a-w- C:\Windows\SysWow64\mshtml.dll
2012-10-03 22:35:48 9738240 ----a-w- C:\Windows\SysWow64\ieframe.dll
2012-10-03 22:30:48 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-10-03 22:22:51 1103872 ----a-w- C:\Windows\SysWow64\urlmon.dll
2012-10-03 22:21:58 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-10-03 22:21:57 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-10-03 22:20:53 231936 ----a-w- C:\Windows\SysWow64\url.dll
2012-10-03 22:19:28 65024 ----a-w- C:\Windows\SysWow64\jsproxy.dll
2012-10-03 22:18:27 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-10-03 22:18:10 717824 ----a-w- C:\Windows\SysWow64\jscript.dll
2012-10-03 22:18:01 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-10-03 22:16:41 607744 ----a-w- C:\Windows\SysWow64\msfeeds.dll
2012-10-03 22:16:03 1793024 ----a-w- C:\Windows\SysWow64\iertutil.dll
2012-10-03 22:15:16 73216 ----a-w- C:\Windows\SysWow64\mshtmled.dll
2012-10-03 22:14:47 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-10-03 22:11:09 176640 ----a-w- C:\Windows\SysWow64\ieui.dll
2012-09-30 03:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-09-25 16:31:19 91648 ----a-w- C:\Windows\System32\synceng.dll
2012-09-25 16:19:41 75776 ----a-w- C:\Windows\SysWow64\synceng.dll
2012-09-13 13:45:46 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-09-13 13:28:08 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
.
============= FINISH: 23:43:18.80 ===============

Attach.txt log
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 6/18/2009 7:17:04 PM
System Uptime: 11/28/2012 8:54:48 PM (3 hours ago)
.
Motherboard: Gateway | | SJM50MV
Processor: Intel® Core™2 Duo CPU T6500 @ 2.10GHz | U2E1 | 2100/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 454 GiB total, 401.001 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP144: 11/27/2012 5:49:43 AM - Scheduled Checkpoint
RP145: 11/28/2012 11:05:12 AM - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Acrobat.com
Adobe Acrobat 4.0
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9
Adobe Shockwave Player 11.5
Advanced SystemCare 6
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Backup Manager Basic
Bonjour
Broadcom Gigabit NetLink Controller
Choice Guard
Compatibility Pack for the 2007 Office system
CyberLink Power2Go
CyberLink PowerDVD 8
Gateway Games
Gateway MyBackup
Gateway PowerSave Solution
Gateway Recovery Management
Gateway ScreenSaver
GIMP
HDAUDIO Soft Data Fax Modem with SmartCP
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel® Graphics Media Accelerator Driver
iTunes
Junk Mail filter update
Launch Manager
Malwarebytes Anti-Malware version 1.65.1.1000
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Money Essentials
Microsoft Money Shared Libraries
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Platform
Play Pickle
Realtek USB 2.0 Card Reader
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition
Synaptics Pointing Device Driver
The Sea App (Internet Explorer)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VIA Platform Device Manager
Video Web Camera
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Writer
Wizard101
.
==== End Of File ===========================

There is know active antivirus on the machine and I can't connect to the internet.
Thanks for any and all help I can receive from anyone here.

#4 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:55 AM

Posted 04 December 2012 - 04:04 PM

Hello Destry and welcome to the forums :)

I apologize for the wait. This forum gets busy from time to time. Give me a few minutes to review your logs and propose a fix.

Thank you

#5 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:55 AM

Posted 04 December 2012 - 04:07 PM

Start with this first:

Run the Norton Removal Tool
We are going to remove the left-overs from your Norton installation. The Norton Removal Tool uninstalls all Norton 2003 and later products, Norton 360, and Norton SystemWorks 12.0 from your computer. If you plan to continue to use your Norton products again in the future, you should ensure that you have safely stored your product key.

  • Download the Norton Removal tool to your Desktop.
  • Double click the Norton Removal Tool icon.
  • Allow any security warnings and type your administrator password if required.
  • Follow the instructions given.
  • Restart your PC

Edited by thisisu, 04 December 2012 - 04:08 PM.


#6 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:55 AM

Posted 04 December 2012 - 04:14 PM

Do this afterwards:

Posted Image Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure all the options are checked
  • Press Scan.
  • It will create a log (FSS.txt) in the same directory the tool was run.
  • Please attach or post the contents of FSS.txt into your next message.


#7 destry.stevens

destry.stevens
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:55 AM

Posted 04 December 2012 - 09:38 PM

Thank you very much for responding to my posts. I ran the norton removal tool as instructed. Then ran FSS.exe, the log file is as follows.

Farbar Service Scanner Version: 04-12-2012
Ran by mariah (administrator) on 04-12-2012 at 18:26:53
Running from "C:\Users\mariah\Desktop"
Windows Vista ™ Home Premium Service Pack 2 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcsvc.dll
[2011-01-17 18:56] - [2009-04-10 23:11] - 0268288 ____A (Microsoft Corporation) 3ED0321127CE70ACDAABBF77E157C2A7

C:\Windows\System32\drivers\afd.sys
[2012-02-14 17:06] - [2012-01-03 06:25] - 0404992 ____A (Microsoft Corporation) C4F6CE6087760AD70960C9EB130E7943

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2012-05-10 17:16] - [2012-03-30 04:45] - 1423744 ____A (Microsoft Corporation) 46D448E9117464E4D3BBF36D7E3FA48E

C:\Windows\System32\dnsrslvr.dll
[2011-04-15 05:02] - [2011-03-02 08:12] - 0117760 ____A (Microsoft Corporation) 06230F1B721494A6DF8D47FD395BB1B0

C:\Windows\System32\mpssvc.dll
[2011-01-17 18:57] - [2009-04-10 23:11] - 0603136 ____A (Microsoft Corporation) 897E3BAF68BA406A61682AE39C83900C

C:\Windows\System32\bfe.dll
[2011-01-17 18:56] - [2009-04-10 23:11] - 0458240 ____A (Microsoft Corporation) FFB96C2589FFA60473EAD78B39FBDE29

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe
[2011-01-17 18:57] - [2009-04-10 23:11] - 1433600 ____A (Microsoft Corporation) B75232DAD33BFD95BF6F0A3E6BFF51E1

C:\Windows\System32\wscsvc.dll
[2011-01-17 18:56] - [2009-04-10 23:11] - 0074752 ____A (Microsoft Corporation) 9EA3E6D0EF7A5C2B9181961052A4B01A

C:\Windows\System32\wbem\WMIsvc.dll
[2011-01-17 18:56] - [2009-04-10 23:11] - 0221696 ____A (Microsoft Corporation) D2E7296ED1BD26D8DB2799770C077A02

C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll
[2011-01-17 18:57] - [2009-04-10 23:11] - 1081856 ____A (Microsoft Corporation) 6D316F4859634071CC25C4FD4589AD2C

C:\Windows\System32\es.dll
[2011-01-17 18:57] - [2009-04-10 23:11] - 0361984 ____A (Microsoft Corporation) E12F22B73F153DECE721CD45EC05B4AF

C:\Windows\System32\cryptsvc.dll
[2012-10-16 14:48] - [2012-06-01 16:20] - 0174592 ____A (Microsoft Corporation) CA78B312C44E4D52E842C2C8BD48E452

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2011-01-17 18:57] - [2009-04-10 23:11] - 0719872 ____A (Microsoft Corporation) CF8B9A3A5E7DC57724A89D0C3E8CF9EF



**** End of log ****

The laptop still will not connect to the internet, says it is connected to the network but I have no internet access.

#8 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:55 AM

Posted 04 December 2012 - 10:10 PM

Try this and let me know if the webpage loaded or not.

  • Press and hold the Windows key Posted Image and then press the letter R on your keyboard.
  • This opens the Run dialog box.
  • Copy and paste the below text inside the text-field:
    • iexplore www.google.com
  • Now press ENTER or OK

Edited by thisisu, 04 December 2012 - 10:11 PM.


#9 destry.stevens

destry.stevens
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:55 AM

Posted 05 December 2012 - 02:33 AM

I did as you asked.

I turned on the laptop and it offered, once again, to uprgade iTunes. I was feeling generous so I allowed to upgrade iTunes. I have been refusing it this whole time thinking it wouldn't work. Well, it worked and allowed me to log in to the iTunes store and search.

Then I tried what you said. It loaded the webpage but then had an error at any attempt open any link from that page.

I closed that window and simply attempted to open IE normally by clicking on the icon in the quickluanch on the taskbar. The same thing happened, loaded the page but couldn't access any links from there.

So I tried the IE link from the start menu and noticed that there were two of them, one regular and one 64 bit. I tried the 64 bit and it works wonderfully. The regular one still won't access any links from the home page.

Just to see what would happen I attempted to download google chrome using the 64 bit browser and it worked and installed perfectly. Chrome works appropriately.

So what happened to the regular version of Inerenet explorer. every link I click on from the homepage of Google.com gets a window that says:

Internet Explorer Security

A website wants open web content usint this program on your computer

This program will open outside of Protected mode. INternet Explorer's Protected mode helps protect your computer. If you do not trust this website, do not open this program.

name: dw20.exe
Publisher: Microsoft Corporation

It then gives the option to allow or don't allow

if you click allow it loads continually and goes nowhere.
if yo click don't allow it brings the same window back up again asking to allow or don't allow.

I tried turning protected mode off. then when I click a link it says Internet Explorere has stopped working.

Sorry if I made this more complicated. I didn't thinkg upgrading iTunes would work much less solve anything.

#10 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:55 AM

Posted 05 December 2012 - 03:04 PM

Hi. I've noticed there are some quirks with IE9 and Windows Vista.

My recommendation would be to use IE8.

Follow the steps listed here under "To uninstall Internet Explorer".

Let me know how it goes and if this fixed the issue.

#11 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:55 AM

Posted 08 December 2012 - 05:03 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

#12 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:55 AM

Posted 28 December 2012 - 02:06 AM

Topic re-opened per user request

Describe your current issues here please.

Edited by thisisu, 28 December 2012 - 02:07 AM.


#13 destry.stevens

destry.stevens
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:55 AM

Posted 28 December 2012 - 05:58 AM

I now have complete redirect of Internet explorer browsers, both 64 bit and 32 bit. it redirects to several different add sites like "double click", and then gets stuck on an ip address from Dallas texas "75.126.76.144", there is also this add program called "the sea" that I don't remember adding myself. Google chrome seems to be working just fine for now. I also cannot seem to get Microsoft Silverlight to work in IE. everytime I go to netflix it tells me to reinstall bot the program is listed and works okay in google chrome, I think it has something to do with the Add-ons and the control there of. very frustrating.

Any and all help will be greatly appreciated.

#14 destry.stevens

destry.stevens
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:55 AM

Posted 28 December 2012 - 05:59 AM

also, if I do get it to go to a website it will continually reload the site and give the error that "an error on this page has caused this tab to close and reopen"

#15 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:55 AM

Posted 28 December 2012 - 02:25 PM

Posted Image Please download and run TDSSKiller
  • Click the Change parameters link/button.
  • In the new window, add a checkmark into "Detect TDLFS file system" and then press OK.
  • Now press the "Start scan" button.
  • In the event that threats are detected, allow TDSSKiller to perform the default action by simply pressing the "Continue" button.
  • After the scan / cure is complete, you can find the TDSSKiller log at the root of your C: drive.
    • Example: C:\TDSSKiller.2.8.10.0_29.09.2012_00.22.50_log.txt
  • Please post the contents of this file to your next message.

__

Posted Image Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

__

Please perform the following scan:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users