SpyWare BeWare! ASAP
April 23, 2017, 10:36:21 PM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News:
 
   Home   Help Search Calendar Donations Login Register Chat  



Google It!
Pages: [1] 2 3   Go Down
  Print  
Author Topic: Browser windows to random sites w/o request  (Read 2969 times)
0 Members and 1 Guest are viewing this topic.
K_Sweet
Jr. Member
**
Offline Offline

Date Registered:August 22, 2012, 11:35:37 AM
Posts: 93


« on: September 25, 2013, 07:04:13 PM »

Ok I tried to down load dds.scr from "link 1"
http://download.bleepingcomputer.com/sUBs/dds.scr is where the browser says I am but the rest of it is totally blank. I have 60mbps- high speed internet. and it just never shows anything else

I tried to download dds.scr from "link 2" and it has "dds.pif" and is in Spanish . . . Meh. not sure what to do next.

What is happening is sometimes when I leave the internet browser open and go to bed, I will come back to the computer and find tabs up I didn't request, mostly they are tabs that say "fix the computer" or such, and when I try to block them I cannot. I cannot fathom why the browser would be doing thing it was not asked to do. There is no one here messing with it - so could it be a bug? or a virus? or something?

Thank you - I will be available from 9:30am EST to 3pm EST & after 5pm the next 2 days and all weekend to work on this issue so whenever you have time it should go pretty fast. :-)

Thank you!

Logged
MrCharlie
Moderator
Hero Member
*****
Offline Offline

Gender: Male
Date Registered:June 06, 2004, 05:50:23 PM
Posts: 6662


Coby


WWW
« Reply #1 on: September 25, 2013, 07:10:25 PM »

Try this one:
http://www.bleepingcomputer.com/download/dds/dl/104/

MrC
Logged

My help is always free here but if you would like to show your appreciation, it will be much appreciated.
Thanks MrC
K_Sweet
Jr. Member
**
Offline Offline

Date Registered:August 22, 2012, 11:35:37 AM
Posts: 93


« Reply #2 on: September 25, 2013, 08:07:04 PM »

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 3/8/2010 9:31:57 PM
System Uptime: 9/23/2013 8:22:01 AM (61 hours ago)
.
Motherboard: eMachines |  | EMCP73VT-PM
Processor: Intel(R) Celeron(R) CPU          450  @ 2.20GHz | CPU 1 | 2199/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 452 GiB total, 339.832 GiB free.
D: is CDROM (UDF)
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is Removable
K: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
Description: Microsoft PS/2 Mouse
Device ID: ACPI\PNP0F03\4&EABE7E6&0
Manufacturer: Microsoft
Name: Microsoft PS/2 Mouse
PNP Device ID: ACPI\PNP0F03\4&EABE7E6&0
Service: i8042prt
.
==== System Restore Points ===================
.
RP977: 9/5/2013 12:00:05 AM - Scheduled Checkpoint
RP978: 9/11/2013 3:00:52 AM - Windows Update
RP979: 9/12/2013 3:00:21 AM - Windows Update
RP980: 9/12/2013 7:34:43 PM - Windows Update
RP981: 9/13/2013 3:00:29 AM - Windows Update
RP982: 9/13/2013 10:35:49 AM - Windows Update
RP983: 9/14/2013 3:00:30 AM - Windows Update
RP984: 9/19/2013 5:52:42 PM - Installed Java 7 Update 40
RP985: 9/20/2013 7:04:35 PM - Removed Java 7 Update 40
RP986: 9/20/2013 7:09:25 PM - Installed Java 7 Update 40
.
==== Installed Programs ======================
.
 Update for Microsoft Office 2007 (KB2508958)
Acrobat.com
Adobe AIR
Adobe Digital Editions 2.0
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.Cool
Adobe Shockwave Player 11.6
Apple Application Support
Apple Mobile Device Support
Apple Software Update
avast! Free Antivirus
Bing Rewards Client Installer
Bonjour
Cisco WebEx Meetings
Computer Requirements 1.0
Easy Gadget
eMachines Games
eMachines Recovery Management
eMachines Registration
eMachines ScreenSaver
eMachines Updater
Facebook Plug-In
Google Chrome
Google Drive
Google Earth Plug-in
Google Update Helper
GoToMeeting 5.5.0.1132
HP Officejet 6500 E710n-z Basic Device Software
HP Officejet 6500 E710n-z Help
HP Officejet 6500 E710n-z Product Improvement Study
HP Update
I.R.I.S. OCR
iCloud
Identity Card
iLinc 11 Client
ImagXpress
iTunes
Java 7 Update 40
Java Auto Updater
JavaFX 2.1.1
LeapFrog Connect
LeapFrog Leapster Explorer Plugin
LeapFrog Tag Plugin
Malwarebytes Anti-Malware version 1.75.0.1300
Marketsplash Print Software
Marketsplash Shortcuts
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Mouse and Keyboard Center
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
MobileMe Control Panel
Mozilla Firefox 22.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
neroxml
NVIDIA Control Panel 307.83
NVIDIA Display Control Panel
NVIDIA Graphics Driver 307.83
NVIDIA Install Application
NVIDIA Update 1.10.8
NVIDIA Update Components
PDF Reader
PDF Reader Packages
PVSonyDll
QuickTime
Realtek High Definition Audio Driver
RingCentral Softphone
Safari
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760588) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760823) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2760583) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office Outlook 2007 (KB2825999) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2767773) 32-Bit Edition
Skype Click to Call
Skype™ 5.10
SmartDraw 2012
swMSM
Trust Webcam 14839
TweetDeck
Unity Web Player
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2825641) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for PDF Reader
Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster Explorer Plugin)
Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin)
VitalSource Bookshelf
VLC media player 2.0.7
VS10Runtimex64
Welcome Center
Windows Driver Package - LeapFrog (FlyUsb) USB  (11/05/2008 1.1.1.0)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012)
Windows Live Sync
Windows Live Upload Tool
Windows Media Player Firefox Plugin
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
Zoodles
.
==== Event Viewer Messages From Past Week ========
.
9/20/2013 8:09:26 AM, Error: Service Control Manager [7031]  - The Apple Mobile Device service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
9/19/2013 2:00:12 PM, Error: Microsoft-Windows-WMPNSS-Service [14332]  - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
.
==== End Of File ===========================
Logged
K_Sweet
Jr. Member
**
Offline Offline

Date Registered:August 22, 2012, 11:35:37 AM
Posts: 93


« Reply #3 on: September 25, 2013, 08:08:39 PM »

my first reply didn't post, not a regular forum user, so it's probably me.

Your replied link worked like a  charm! thank you!

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16686  BrowserJavaVersion: 10.40.2
Run by Karol at 20:59:21 on 2013-09-25
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2815.1095 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskeng.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Windows\SysWOW64\atashost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\PixArt\Pac7311\Monitor.exe
C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\System32\StikyNot.exe
C:\Users\Karol\AppData\Local\Google\Update\1.3.21.153\GoogleCrashHandler.exe
C:\Users\Karol\AppData\Local\Google\Update\1.3.21.153\GoogleCrashHandler64.exe
C:\Program Files (x86)\RingCentral\RingCentral Softphone\RCUI.exe
C:\Program Files (x86)\Hewlett-Packard\Marketsplash by HP\HPLocalWebPrintAgent.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Users\Karol\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Karol\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Karol\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Karol\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Karol\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Karol\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\splwow64.exe
C:\Users\Karol\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Users\Karol\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Karol\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Karol\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE
C:\Users\Karol\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Karol\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Karol\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn8\yt.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn8\yt.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [Google Update] "C:\Users\Karol\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [RCUI] "C:\PROGRA~2\RINGCE~1\RINGCE~3\RCUI.exe"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce: [20130923] C:\Program Files\AVAST Software\Avast\setup\emupdate\b12ffae3-cf69-445a-a46a-4000913bcc47.exe /check
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MARKET~1.LNK - C:\Program Files (x86)\Hewlett-Packard\Marketsplash by HP\HPLocalWebPrintAgent.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} -
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} - hxxp://www.convergysworkathome.com/AppHardT.CAB
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 65.32.5.111 65.32.5.112
TCP: Interfaces\{6259D124-E276-4106-ADCC-B6099C1EC364} : DHCPNameServer = 65.32.5.111 65.32.5.112
TCP: Interfaces\{7BF04C87-976E-4086-A1B7-498524A01738} : DHCPNameServer = 65.32.5.111 65.32.5.112
TCP: Interfaces\{9E7EED3D-EF1D-4DCC-936D-D2364588BAAB} : DHCPNameServer = 65.32.5.111 65.32.5.112
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
x64-Run: [Monitor] C:\Windows\PixArt\PAC7311\Monitor.exe
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Karol\AppData\Roaming\Mozilla\Firefox\Profiles\c6n5aiwk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=mkg030&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Users\Karol\AppData\Local\Citrix\Plugins\79\npappdetector.dll
FF - plugin: C:\Users\Karol\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Users\Karol\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Karol\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(general.useragent.extra.brc, BRI/1
.
.
.
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-16 65336]
R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-3-16 204880]
R1 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2012-9-12 19600]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-8-12 1030952]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-8-12 378944]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2012-8-12 33400]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-8-12 80816]
R2 atashost;WebEx Service Host for Support Center;C:\Windows\SysWOW64\atashost.exe [2012-11-15 136784]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-9-15 46808]
R2 Greg_Service;GRegService;C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe [2009-8-28 1150496]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-21 418376]
R2 Updater Service;Updater Service;C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [2009-10-29 240160]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-8-12 25928]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-10-29 215040]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-21 701512]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 athur;Atheros AR9271 Wireless Network Adapter Service;C:\Windows\System32\drivers\athurx.sys [2010-1-5 1847296]
S3 FlyUsb;FLY Fusion;C:\Windows\System32\drivers\FlyUsb.sys [2012-9-28 24576]
S3 PAC7311;Trust Webcam 14839;C:\Windows\System32\drivers\PA707UCM.SYS [2006-11-8 602112]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-3-30 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-3-30 57856]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-4-27 1255736]
.
=============== Created Last 30 ================
.
2013-09-20 23:11:08   96168   ----a-w-   C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-09-20 12:14:13   --------   d-----w-   C:\Program Files\iPod
2013-09-20 12:14:11   --------   d-----w-   C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-09-20 12:14:11   --------   d-----w-   C:\Program Files\iTunes
2013-09-20 12:14:11   --------   d-----w-   C:\Program Files (x86)\iTunes
2013-09-19 22:08:19   --------   d-----w-   C:\ProgramData\Oracle
2013-09-10 22:46:04   155584   ----a-w-   C:\Windows\System32\drivers\ataport.sys
2013-09-10 22:46:02   3155456   ----a-w-   C:\Windows\System32\win32k.sys
2013-09-08 15:26:25   --------   d-----w-   C:\Windows\DCF0D853BC4E4EE6A0116B9BC84CF8F9.TMP
2013-09-03 13:53:52   187248   ----a-w-   C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
.
==================== Find3M  ====================
.
2013-09-20 23:10:44   868264   ----a-w-   C:\Windows\SysWow64\npDeployJava1.dll
2013-09-20 23:10:44   790440   ----a-w-   C:\Windows\SysWow64\deployJava1.dll
2013-09-20 14:23:18   71048   ----a-w-   C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-20 14:23:18   692616   ----a-w-   C:\Windows\SysWow64\FlashPlayerApp.exe
2013-08-30 07:48:10   72016   ----a-w-   C:\Windows\System32\drivers\aswRdr2.sys
2013-08-30 07:48:10   65336   ----a-w-   C:\Windows\System32\drivers\aswRvrt.sys
2013-08-30 07:48:10   204880   ----a-w-   C:\Windows\System32\drivers\aswVmm.sys
2013-08-30 07:48:10   1030952   ----a-w-   C:\Windows\System32\drivers\aswSnx.sys
2013-08-30 07:48:09   80816   ----a-w-   C:\Windows\System32\drivers\aswMonFlt.sys
2013-08-30 07:47:40   41664   ----a-w-   C:\Windows\avastSS.scr
2013-08-10 05:22:18   2241024   ----a-w-   C:\Windows\System32\wininet.dll
2013-08-10 05:20:59   3959296   ----a-w-   C:\Windows\System32\jscript9.dll
2013-08-10 05:20:55   67072   ----a-w-   C:\Windows\System32\iesetup.dll
2013-08-10 05:20:55   136704   ----a-w-   C:\Windows\System32\iesysprep.dll
2013-08-10 03:59:10   1767936   ----a-w-   C:\Windows\SysWow64\wininet.dll
2013-08-10 03:58:09   2876928   ----a-w-   C:\Windows\SysWow64\jscript9.dll
2013-08-10 03:58:06   61440   ----a-w-   C:\Windows\SysWow64\iesetup.dll
2013-08-10 03:58:06   109056   ----a-w-   C:\Windows\SysWow64\iesysprep.dll
2013-08-10 03:17:38   2706432   ----a-w-   C:\Windows\System32\mshtml.tlb
2013-08-10 03:07:50   2706432   ----a-w-   C:\Windows\SysWow64\mshtml.tlb
2013-08-10 02:27:59   89600   ----a-w-   C:\Windows\System32\RegisterIEPKEYs.exe
2013-08-10 02:17:19   71680   ----a-w-   C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-08-02 02:23:53   5550528   ----a-w-   C:\Windows\System32\ntoskrnl.exe
2013-08-02 02:15:44   1732032   ----a-w-   C:\Windows\System32\ntdll.dll
2013-08-02 02:15:03   362496   ----a-w-   C:\Windows\System32\wow64win.dll
2013-08-02 02:15:03   243712   ----a-w-   C:\Windows\System32\wow64.dll
2013-08-02 02:15:03   13312   ----a-w-   C:\Windows\System32\wow64cpu.dll
2013-08-02 02:14:57   215040   ----a-w-   C:\Windows\System32\winsrv.dll
2013-08-02 02:14:11   16384   ----a-w-   C:\Windows\System32\ntvdm64.dll
2013-08-02 02:13:34   424448   ----a-w-   C:\Windows\System32\KernelBase.dll
2013-08-02 01:59:30   3968960   ----a-w-   C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-02 01:59:30   3913664   ----a-w-   C:\Windows\SysWow64\ntoskrnl.exe
2013-08-02 01:51:23   1292192   ----a-w-   C:\Windows\SysWow64\ntdll.dll
2013-08-02 01:50:42   5120   ----a-w-   C:\Windows\SysWow64\wow32.dll
2013-08-02 01:50:42   274944   ----a-w-   C:\Windows\SysWow64\KernelBase.dll
2013-08-02 01:09:17   338432   ----a-w-   C:\Windows\System32\conhost.exe
2013-08-02 00:59:09   112640   ----a-w-   C:\Windows\System32\smss.exe
2013-08-02 00:45:37   25600   ----a-w-   C:\Windows\SysWow64\setup16.exe
2013-08-02 00:45:36   14336   ----a-w-   C:\Windows\SysWow64\ntvdm64.dll
2013-08-02 00:45:35   7680   ----a-w-   C:\Windows\SysWow64\instnm.exe
2013-08-02 00:45:34   2048   ----a-w-   C:\Windows\SysWow64\user.exe
2013-08-02 00:43:05   6144   ---ha-w-   C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43:05   4608   ---ha-w-   C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43:05   3584   ---ha-w-   C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43:05   3072   ---ha-w-   C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2013-07-25 09:25:54   1888768   ----a-w-   C:\Windows\System32\WMVDECOD.DLL
2013-07-25 08:57:27   1620992   ----a-w-   C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58:42   2048   ----a-w-   C:\Windows\System32\tzres.dll
2013-07-19 01:41:01   2048   ----a-w-   C:\Windows\SysWow64\tzres.dll
2013-07-09 05:52:52   224256   ----a-w-   C:\Windows\System32\wintrust.dll
2013-07-09 05:51:16   1217024   ----a-w-   C:\Windows\System32\rpcrt4.dll
2013-07-09 05:46:20   184320   ----a-w-   C:\Windows\System32\cryptsvc.dll
2013-07-09 05:46:20   1472512   ----a-w-   C:\Windows\System32\crypt32.dll
2013-07-09 05:46:20   139776   ----a-w-   C:\Windows\System32\cryptnet.dll
2013-07-09 04:52:33   663552   ----a-w-   C:\Windows\SysWow64\rpcrt4.dll
2013-07-09 04:52:10   175104   ----a-w-   C:\Windows\SysWow64\wintrust.dll
2013-07-09 04:46:31   140288   ----a-w-   C:\Windows\SysWow64\cryptsvc.dll
2013-07-09 04:46:31   1166848   ----a-w-   C:\Windows\SysWow64\crypt32.dll
2013-07-09 04:46:31   103936   ----a-w-   C:\Windows\SysWow64\cryptnet.dll
2013-07-06 06:03:53   1910208   ----a-w-   C:\Windows\System32\drivers\tcpip.sys
.
============= FINISH: 21:01:06.16 ===============
Logged
MrCharlie
Moderator
Hero Member
*****
Offline Offline

Gender: Male
Date Registered:June 06, 2004, 05:50:23 PM
Posts: 6662


Coby


WWW
« Reply #4 on: September 25, 2013, 08:21:42 PM »

Please download and run  RogueKiller 32 Bit to your desktop.

RogueKiller 64 Bit <---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.
For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.


Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.
(please don't put logs in code or quotes and use the default font)

MrC
Logged

My help is always free here but if you would like to show your appreciation, it will be much appreciated.
Thanks MrC
K_Sweet
Jr. Member
**
Offline Offline

Date Registered:August 22, 2012, 11:35:37 AM
Posts: 93


« Reply #5 on: September 25, 2013, 08:41:46 PM »

um, I have no idea how to code, quote or change font, so no worries there. I downloaded, then closed all programs and ran - roguekiller 32 bit - didn't need to do anything with start or run as admin it just let me run it. Closed it out and then found the log on the desk top, selected all, copied, wrote this note and now I am pasting in the report. :_)

RogueKiller V8.6.12 [Sep 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Karol [Admin rights]
Mode : Scan -- Date : 09/25/2013 21:29:49
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 5 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 1 ¤¤¤
[V2][SUSP PATH] DSite : C:\Users\Karol\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE - /Check [-] -> FOUND

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standard disk drives) - ST350041 8AS SCSI Disk Device +++++
--- User ---
[MBR] b1369f8604837f284334d0048029c587
[BSP] 84707ddce34d0a7cfebb2bcc3a46fa0d : Acer MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 14336 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 29362176 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 29566976 | Size: 462502 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[0]_S_09252013_212949.txt >>




 
Logged
MrCharlie
Moderator
Hero Member
*****
Offline Offline

Gender: Male
Date Registered:June 06, 2004, 05:50:23 PM
Posts: 6662


Coby


WWW
« Reply #6 on: September 25, 2013, 08:49:16 PM »

OK..lets run some scans:

Download Malwarebytes Anti-Rootkit from HERE
  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt
~~~~~~~~~~~~~~~~~~~~~~~

Note:
If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:
Internet access
Windows Update
Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot. It's located in the Plugins folder which is in the MBAR folder.

Just run fixdamage.exe.

Verify that they are now functioning normally.


MrC

Logged

My help is always free here but if you would like to show your appreciation, it will be much appreciated.
Thanks MrC
K_Sweet
Jr. Member
**
Offline Offline

Date Registered:August 22, 2012, 11:35:37 AM
Posts: 93


« Reply #7 on: September 25, 2013, 09:24:54 PM »

Scan finished: no malware found.

Mbar log:
Malwarebytes Anti-Rootkit BETA 1.07.0.1005
www.malwarebytes.org

Database version: v2013.09.25.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16686
Karol :: KAROL-PC [administrator]

9/25/2013 9:59:24 PM
mbar-log-2013-09-25 (21-59-24).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 264695
Time elapsed: 19 minute(s), 40 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
----------------------------------------

system log:
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1005

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16686

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.199000 GHz
Memory total: 2951987200, free: 1249882112

Downloaded database version: v2013.09.25.09
Downloaded database version: v2013.09.23.01
=======================================
Initializing...
------------ Kernel report ------------
     09/25/2013 21:59:17
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\DRIVERS\nvstor64.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\System32\Drivers\aswVmm.sys
\SystemRoot\System32\Drivers\aswRvrt.sys
\SystemRoot\system32\drivers\cdrom.sys
\SystemRoot\System32\Drivers\aswSnx.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\Drivers\aswKbd.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\Drivers\aswTdi.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\Drivers\aswrdr2.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\System32\Drivers\aswSP.SYS
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\Drivers\nvBridge.kmd
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\udfs.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_nvstor64.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\aswMonFlt.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\System32\Drivers\aswFsBlk.SYS
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\SystemRoot\system32\DRIVERS\usbscan.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\psapi.dll
\Windows\System32\iertutil.dll
\Windows\System32\imm32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\ws2_32.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk6\DR11
Upper Device Object: 0xfffffa8005b76500
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\000000c1\
Lower Device Object: 0xfffffa800483f060
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk5\DR5
Upper Device Object: 0xfffffa8004167790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000066\
Lower Device Object: 0xfffffa8004398b60
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR4
Upper Device Object: 0xfffffa80043c1060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000065\
Lower Device Object: 0xfffffa80041e8b60
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR3
Upper Device Object: 0xfffffa80043e4790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000064\
Lower Device Object: 0xfffffa80041f6b60
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xfffffa80043cf790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000063\
Lower Device Object: 0xfffffa80041feb60
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8002aaf790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000062\
Lower Device Object: 0xfffffa80041fdb60
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa80031c1480
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000059\
Lower Device Object: 0xfffffa8002f909c0
Lower Device Driver Name: \Driver\nvstor64\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa80031c1480, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80031c2040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80031c1480, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8002f907a0, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8002f909c0, DeviceName: \Device\00000059\, DriverName: \Driver\nvstor64\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 7A2517C0

Partition information:

    Partition 0 type is Other (0x27)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 29360128

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 29362176  Numsec = 204800
    Partition is not bootable

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 29566976  Numsec = 947204096

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xfffffa8002aaf790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8004252910, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8002aaf790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80041fdb60, DeviceName: \Device\00000062\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xfffffa80043cf790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8004251b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80043cf790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80041feb60, DeviceName: \Device\00000063\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xfffffa80043e4790, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8004253b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80043e4790, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80041f6b60, DeviceName: \Device\00000064\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xfffffa80043c1060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8004255b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80043c1060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80041e8b60, DeviceName: \Device\00000065\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 5, DevicePointer: 0xfffffa8004167790, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8004256b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8004167790, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8004398b60, DeviceName: \Device\00000066\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 6, DevicePointer: 0xfffffa8005b76500, DeviceName: \Device\Harddisk6\DR11\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8004898b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8005b76500, DeviceName: \Device\Harddisk6\DR11\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800483f060, DeviceName: \Device\000000c1\, DriverName: \Driver\USBSTOR\
------------ End ----------
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_1_29362176_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removal finished
------------------------------------

I am novice - not sure how to make sure about windows update or windows firewall . I can try the links you included once I post this as directed. THanks!
Logged
K_Sweet
Jr. Member
**
Offline Offline

Date Registered:August 22, 2012, 11:35:37 AM
Posts: 93


« Reply #8 on: September 25, 2013, 09:27:32 PM »

OK what was blue and I thought were links weren't. so I don't understand about internet access windows update or windows firewall.

Do I just run fixdamage.exe?

it's past my bed time and I will check back in the AM and execute any further instructions at that time, thank you so much for your time!!! So appreciated!!
Logged
MrCharlie
Moderator
Hero Member
*****
Offline Offline

Gender: Male
Date Registered:June 06, 2004, 05:50:23 PM
Posts: 6662


Coby


WWW
« Reply #9 on: September 25, 2013, 09:36:35 PM »

No, you don't have to run fixdamage.exe.

---------------------------

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop
 
Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------
If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Logged

My help is always free here but if you would like to show your appreciation, it will be much appreciated.
Thanks MrC
K_Sweet
Jr. Member
**
Offline Offline

Date Registered:August 22, 2012, 11:35:37 AM
Posts: 93


« Reply #10 on: September 26, 2013, 07:33:01 AM »

I can disable avast! but don't seem to find what I need to disable MBAM. I have the free version and I tell it when to run so that might be why? It's "disabled" until I enable it?

I went to http://www.bleepingcomputer.com/combofix/how-to-use-combofix but after 10minutes or more it still doesn't load.

What's next?
Logged
K_Sweet
Jr. Member
**
Offline Offline

Date Registered:August 22, 2012, 11:35:37 AM
Posts: 93


« Reply #11 on: September 26, 2013, 08:34:27 AM »

some how I went right there this time.  yippee  am proceeding with your instructions now thanks!
Logged
K_Sweet
Jr. Member
**
Offline Offline

Date Registered:August 22, 2012, 11:35:37 AM
Posts: 93


« Reply #12 on: September 26, 2013, 08:39:36 AM »

The link you gave goes to a site for combofix but when i use the button there to down load combofix I get nothing, the url bar says:
http://www.bleepingcomputer.com/download/combofix/
 
but the
notice below says "waiting on bleepstatic.com"
And the page never loads.

Between this try and the first one I went away to drop my son at school, upon my return a browser tab I had not opened was open and it was on some site for fixing computers but the url was something totally different. I realize we haven't "Fixed" anything yet but wanted to share the new development.

awaiting instructions for where to actually get combofix because I think something is blocking me from accessing it.
I really appreciate your help.
-K_Sweet
Logged
K_Sweet
Jr. Member
**
Offline Offline

Date Registered:August 22, 2012, 11:35:37 AM
Posts: 93


« Reply #13 on: September 26, 2013, 03:14:04 PM »

 Sad  I tried again to get combofix, ended up with

 http://softvanity.com/fileopenerpro?subid=&subid2=bleepingcomputer.com%2Fdownload&source=google_fileopenerpro-display-us-bleeping-728x90-31558361713&adprovider=google_softvanity.com&gclid=CLy3iM_u6bkCFenm7AodW2wArA
 
and a file called Setup (1).exe 

seemed to be another MBAM rootkit scan like we did before but NOT "combofix"

I'm clicking on the link you provided http:www.bleepingcomputer.com/combofix/how-to-use-combofix
Have avast! disabled and I think MBAM is only on when I run the scan since i have the free version.

I guess I should just wait patiently! :-)
Logged
K_Sweet
Jr. Member
**
Offline Offline

Date Registered:August 22, 2012, 11:35:37 AM
Posts: 93


« Reply #14 on: September 26, 2013, 05:02:53 PM »

 Cry Cry
 
ok - want to update you on a "new development" shortly after my last post the computer said it had finished in stalling something - like file opener pro or such, I started having issues with Shockwave Flash - decided to go ahead and reboot, upon opening up my browser (Chrome) I now have odd icons on tabs, and a toolbar I have never seen before. I see something about White smoke.

I am an independent contractor who works almost exclusively online - so I am on the computer a lot  several  of my contracts involves using Facebook - and do not like when my landscape changes abruptly without reason/notice.

I swear I am trying to follow your directions to the letter and not trying to compound the matter. I feel like an   shootist idiot  shootist shooting int he dark here. I know you'll help when you can and that is so appreciated! Just wanted you to know it's gotten messier in case that makes a difference in what you will recommend next. Computer is very slow, and stalling out. :-(  I'll keep watch for you.
Logged
Pages: [1] 2 3   Go Up
  Print  
 
Jump to:  


Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2013, Simple Machines Valid XHTML 1.0! Valid CSS!