Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virtumonde, Pop-ups


  • This topic is locked This topic is locked
8 replies to this topic

#1 chellseybelle

chellseybelle

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:34 PM

Posted 05 December 2007 - 02:08 PM

I have been through all the preparations, but I am still having the same issues. My system is running slow, and I have continous pop-ups. Here is my Hijack This log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:38:42 PM, on 12/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~2\VPTray.exe
C:\WINDOWS\system32\lxamsp32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Intuit\QuickBooks Pro\QBDBMgrN.exe
C:\PROGRAM FILES\DELL\DELL LASER MFP 1815\PSU\Scan2Pc.exe
C:\Program Files\DELL\Dell Laser MFP 1815\PaperPort\pptd40nt.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\LexmarkX63\AcBtnMgr_X63.exe
C:\Program Files\LexmarkX63\ACMonitor_X63.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [lxamsp32.exe] lxamsp32.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickBooksDB] C:\Program Files\Intuit\QuickBooks Pro\QBDBMgrN.exe -n QB_TTIWKS2_16 -qs -gd ALL -gk all -gp 4096 -gu all -ch 64M -c 32M -x tcpip(BroadcastListener=NO;port=10160) -ti 0 -ec simple -ct- -qi -qw -oe DBStartup.log -tl 120 -u -y
O4 - HKLM\..\Run: [MFP1815_S2P] C:\PROGRAM FILES\DELL\DELL LASER MFP 1815\PSU\Scan2Pc.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\DELL\Dell Laser MFP 1815\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\DELL\Dell Laser MFP 1815\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [74e4a438] rundll32.exe "C:\WINDOWS\system32\qkildxdh.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Global Startup: AcBtnMgr_X63.exe.lnk = C:\Program Files\LexmarkX63\AcBtnMgr_X63.exe
O4 - Global Startup: ACMonitor_X63.exe.lnk = C:\Program Files\LexmarkX63\ACMonitor_X63.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &Search - ?p=ZKxdm009YYUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {85BA505F-FD01-4A91-836C-F7D502E89C9A} (Image Uploader Control) - http://www.evite.com/html/imageUpload/ImageUploader4.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://ts.houstonortho.com/msrdp.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = TTIHOUSTON.COM
O17 - HKLM\Software\..\Telephony: DomainName = TTIHOUSTON.COM
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = TTIHOUSTON.COM
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = TTIHOUSTON.COM
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\Online Services\rterteqogi.html

--
End of file - 10399 bytes

BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:09:34 PM

Posted 05 December 2007 - 11:36 PM

Hello chellseybelle,

Welcome to Bleeping Computer :thumbsup:

I notice that you have Spybot's TeaTimer running. While this is normally a wonderful tool to protect against hijackers, it can also interfere with the fixes. So please disable TeaTimer by doing the following:
1) Run Spybot-S&D
2) Go to the Mode menu, and make sure "Advanced Mode" is selected
3) On the left hand side, choose Tools -> Resident
4) Uncheck "Resident TeaTimer" and OK any prompts

You can reenable TeaTimer once your system is clean.

Go to start -> control panel -> Display properties -> Desktop -> Customize Desktop... -> Web tab, then uncheck and delete everything you find in there (except for "My current home page"),

Also remove the checkmark from the the Lock Desktop Items box if it is checked.
Apply.
Apply and Exit Display properties.

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 chellseybelle

chellseybelle
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:34 PM

Posted 06 December 2007 - 11:49 AM

Thank you so much for your help. I did what you suggested, and I have pasted the logs below:

ComboFix log:

ComboFix 07-12-05.2 - Michelleb 2007-12-06 10:24:41.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.203 [GMT -6:00]
Running from: C:\Documents and Settings\michelleb\My Documents\downloads\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
C:\Documents and Settings\michelleb\Application Data\MCROSO~1.NET
C:\Documents and Settings\michelleb\Application Data\MCROSO~1.NET\M?crosoft.NET\
C:\Documents and Settings\michelleb\Application Data\YMANTE~1
C:\Documents and Settings\michelleb\Desktop\Live Safety Center.lnk
C:\Documents and Settings\michelleb\Desktop\Online Security Guide.lnk
C:\Documents and Settings\michelleb\Favorites\Online Security Guide.lnk
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\temp\tn3
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\core.sys
C:\WINDOWS\system32\drivers\fad.sys
C:\WINDOWS\system32\fewnfjxh.dll
C:\WINDOWS\SYSTEM32\hdxdlikq.ini
C:\WINDOWS\system32\lrhcmypc.dll
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\qkildxdh.dll
C:\WINDOWS\system32\sdrymtib.dll
C:\WINDOWS\SYSTEM32\srutv.ini
C:\WINDOWS\SYSTEM32\srutv.ini2
C:\WINDOWS\system32\urqroon.dll
C:\WINDOWS\system32\vturs.dll
C:\WINDOWS\system32\wapiicomsv.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_CORE
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_NETWORK_MONITOR
-------\core


((((((((((((((((((((((((( Files Created from 2007-11-06 to 2007-12-06 )))))))))))))))))))))))))))))))
.

2007-12-05 15:12 . 2007-12-05 15:12 <DIR> d-------- C:\Program Files\iPod
2007-12-05 15:11 . 2007-12-05 15:13 <DIR> d-------- C:\Program Files\iTunes
2007-12-04 12:48 . 2007-12-04 13:31 281 --a------ C:\WINDOWS\wininit.ini
2007-12-04 12:06 . 2007-12-04 12:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-04 11:14 . 2007-12-04 11:14 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-04 10:43 . 2007-12-04 14:29 <DIR> d-------- C:\VundoFix Backups
2007-12-04 09:56 . 2007-12-04 09:56 801,974 --ahs---- C:\WINDOWS\SYSTEM32\xdpmjdsc.ini
2007-12-03 09:59 . 2007-12-03 11:13 792,589 --ahs---- C:\WINDOWS\SYSTEM32\svprlchm.ini
2007-11-30 11:26 . 2007-11-30 11:27 <DIR> d-------- C:\Program Files\Windows Defender
2007-11-30 10:43 . 2007-11-30 10:43 <DIR> d-------- C:\Documents and Settings\michelleb\Application Data\Lavasoft
2007-11-30 10:36 . 2007-11-30 10:36 <DIR> d-------- C:\WINDOWS\SYSTEM32\mm6
2007-11-30 10:36 . 2007-12-03 11:01 <DIR> d-------- C:\WINDOWS\SYSTEM32\hv2
2007-11-30 10:36 . 2007-11-30 11:49 <DIR> d-------- C:\WINDOWS\SYSTEM32\ft21
2007-11-30 10:36 . 2007-11-30 20:59 <DIR> d-------- C:\WINDOWS\SYSTEM32\dr1
2007-11-30 10:36 . 2007-12-03 11:01 <DIR> d-------- C:\WINDOWS\SYSTEM32\daSgo01
2007-11-30 10:36 . 2007-11-30 20:55 <DIR> d--hs---- C:\WINDOWS\QWRtaW5pc3RyYXRvciBBZG1pbmlzdHJhdG9y
2007-11-30 10:36 . 2007-11-30 10:36 <DIR> d-------- C:\TEMP\bkR11
2007-11-14 23:43 . 2007-11-14 23:43 65,536 --a------ C:\WINDOWS\SYSTEM32\QuickTimeVR.qtx
2007-11-14 23:43 . 2007-11-14 23:43 49,152 --a------ C:\WINDOWS\SYSTEM32\QuickTime.qts

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-05 21:07 --------- d-----w C:\Program Files\QuickTime
2007-12-05 18:35 --------- d-----w C:\Program Files\Symantec AntiVirus
2007-11-30 17:26 --------- d-----w C:\Program Files\Microsoft AntiSpyware
2007-11-27 18:04 --------- d-----w C:\Program Files\Picasa2
2007-10-10 14:58 --------- d-----w C:\Documents and Settings\michelleb\Application Data\Leadertech
2006-11-28 17:42 218,306,392 ----a-w C:\Documents and Settings\Michelle\MOA7024Express.exe
2006-04-19 12:44 50,688 ----a-w C:\Documents and Settings\accting.TTIHOUSTON.000\Application Data\GDIPFONTCACHEV1.DAT
2005-06-29 16:50 48,864 ----a-w C:\Documents and Settings\efalk\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{01E0B708-9F5D-43A7-B921-8773D32F7A68}]
C:\WINDOWS\system32\vtstq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b109a63a-d9bc-482a-86ee-e9017a90798d}]
C:\WINDOWS\system32\qakqkqt.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2006-11-30 21:49]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-14 08:07]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-19 07:59]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-19 07:59]
"Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [2004-08-04 01:56]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-02-29 16:44]
"vptray"="C:\PROGRA~1\SYMANT~2\VPTray.exe" [2004-03-12 15:18]
"lxamsp32.exe"="lxamsp32.exe" [2001-10-21 18:12 C:\WINDOWS\SYSTEM32\LXAMSP32.EXE]
"PrinTray"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe" [2001-10-21 15:54]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12]
"QuickBooksDB"="C:\Program Files\Intuit\QuickBooks Pro\QBDBMgrN.exe" [2005-10-20 09:54]
"MFP1815_S2P"="C:\PROGRAM FILES\DELL\DELL LASER MFP 1815\PSU\Scan2Pc.exe" [2006-12-22 02:44]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 09:22]
"PaperPort PTD"="C:\Program Files\DELL\Dell Laser MFP 1815\PaperPort\pptd40nt.exe" [2006-02-20 14:37]
"IndexSearch"="C:\Program Files\DELL\Dell Laser MFP 1815\PaperPort\IndexSearch.exe" [2006-02-20 14:38]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 10:09]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-11-14 23:43]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-09-27 19:17]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
AcBtnMgr_X63.exe.lnk - C:\Program Files\LexmarkX63\AcBtnMgr_X63.exe [2001-06-06 14:03:10]
ACMonitor_X63.exe.lnk - C:\Program Files\LexmarkX63\ACMonitor_X63.exe [2001-06-06 14:02:28]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-12 00:49:24]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-06-21 21:56:14]
KODAK Software Updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-02-13 13:12:08]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2006-11-21 20:54:10]

R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ
R3 revolution4;revolution4;C:\WINDOWS\system32\DRIVERS\t2r4mini.sys
S2 SSPORT;SSPORT;\??\C:\WINDOWS\system32\Drivers\SSPORT.sys
S3 SQLWriter;SQL Server VSS Writer;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"

.
Contents of the 'Scheduled Tasks' folder
"2007-11-27 00:36:08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
"2007-12-06 16:40:45 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-06 10:38:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-12-06 10:42:13 - machine was rebooted
.
--- E O F ---


HijackThis log:

ComboFix 07-12-05.2 - Michelleb 2007-12-06 10:24:41.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.203 [GMT -6:00]
Running from: C:\Documents and Settings\michelleb\My Documents\downloads\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
C:\Documents and Settings\michelleb\Application Data\MCROSO~1.NET
C:\Documents and Settings\michelleb\Application Data\MCROSO~1.NET\M?crosoft.NET\
C:\Documents and Settings\michelleb\Application Data\YMANTE~1
C:\Documents and Settings\michelleb\Desktop\Live Safety Center.lnk
C:\Documents and Settings\michelleb\Desktop\Online Security Guide.lnk
C:\Documents and Settings\michelleb\Favorites\Online Security Guide.lnk
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\temp\tn3
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\core.sys
C:\WINDOWS\system32\drivers\fad.sys
C:\WINDOWS\system32\fewnfjxh.dll
C:\WINDOWS\SYSTEM32\hdxdlikq.ini
C:\WINDOWS\system32\lrhcmypc.dll
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\qkildxdh.dll
C:\WINDOWS\system32\sdrymtib.dll
C:\WINDOWS\SYSTEM32\srutv.ini
C:\WINDOWS\SYSTEM32\srutv.ini2
C:\WINDOWS\system32\urqroon.dll
C:\WINDOWS\system32\vturs.dll
C:\WINDOWS\system32\wapiicomsv.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_CORE
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_NETWORK_MONITOR
-------\core


((((((((((((((((((((((((( Files Created from 2007-11-06 to 2007-12-06 )))))))))))))))))))))))))))))))
.

2007-12-05 15:12 . 2007-12-05 15:12 <DIR> d-------- C:\Program Files\iPod
2007-12-05 15:11 . 2007-12-05 15:13 <DIR> d-------- C:\Program Files\iTunes
2007-12-04 12:48 . 2007-12-04 13:31 281 --a------ C:\WINDOWS\wininit.ini
2007-12-04 12:06 . 2007-12-04 12:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-04 11:14 . 2007-12-04 11:14 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-04 10:43 . 2007-12-04 14:29 <DIR> d-------- C:\VundoFix Backups
2007-12-04 09:56 . 2007-12-04 09:56 801,974 --ahs---- C:\WINDOWS\SYSTEM32\xdpmjdsc.ini
2007-12-03 09:59 . 2007-12-03 11:13 792,589 --ahs---- C:\WINDOWS\SYSTEM32\svprlchm.ini
2007-11-30 11:26 . 2007-11-30 11:27 <DIR> d-------- C:\Program Files\Windows Defender
2007-11-30 10:43 . 2007-11-30 10:43 <DIR> d-------- C:\Documents and Settings\michelleb\Application Data\Lavasoft
2007-11-30 10:36 . 2007-11-30 10:36 <DIR> d-------- C:\WINDOWS\SYSTEM32\mm6
2007-11-30 10:36 . 2007-12-03 11:01 <DIR> d-------- C:\WINDOWS\SYSTEM32\hv2
2007-11-30 10:36 . 2007-11-30 11:49 <DIR> d-------- C:\WINDOWS\SYSTEM32\ft21
2007-11-30 10:36 . 2007-11-30 20:59 <DIR> d-------- C:\WINDOWS\SYSTEM32\dr1
2007-11-30 10:36 . 2007-12-03 11:01 <DIR> d-------- C:\WINDOWS\SYSTEM32\daSgo01
2007-11-30 10:36 . 2007-11-30 20:55 <DIR> d--hs---- C:\WINDOWS\QWRtaW5pc3RyYXRvciBBZG1pbmlzdHJhdG9y
2007-11-30 10:36 . 2007-11-30 10:36 <DIR> d-------- C:\TEMP\bkR11
2007-11-14 23:43 . 2007-11-14 23:43 65,536 --a------ C:\WINDOWS\SYSTEM32\QuickTimeVR.qtx
2007-11-14 23:43 . 2007-11-14 23:43 49,152 --a------ C:\WINDOWS\SYSTEM32\QuickTime.qts

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-05 21:07 --------- d-----w C:\Program Files\QuickTime
2007-12-05 18:35 --------- d-----w C:\Program Files\Symantec AntiVirus
2007-11-30 17:26 --------- d-----w C:\Program Files\Microsoft AntiSpyware
2007-11-27 18:04 --------- d-----w C:\Program Files\Picasa2
2007-10-10 14:58 --------- d-----w C:\Documents and Settings\michelleb\Application Data\Leadertech
2006-11-28 17:42 218,306,392 ----a-w C:\Documents and Settings\Michelle\MOA7024Express.exe
2006-04-19 12:44 50,688 ----a-w C:\Documents and Settings\accting.TTIHOUSTON.000\Application Data\GDIPFONTCACHEV1.DAT
2005-06-29 16:50 48,864 ----a-w C:\Documents and Settings\efalk\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{01E0B708-9F5D-43A7-B921-8773D32F7A68}]
C:\WINDOWS\system32\vtstq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b109a63a-d9bc-482a-86ee-e9017a90798d}]
C:\WINDOWS\system32\qakqkqt.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2006-11-30 21:49]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-14 08:07]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-19 07:59]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-19 07:59]
"Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [2004-08-04 01:56]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-02-29 16:44]
"vptray"="C:\PROGRA~1\SYMANT~2\VPTray.exe" [2004-03-12 15:18]
"lxamsp32.exe"="lxamsp32.exe" [2001-10-21 18:12 C:\WINDOWS\SYSTEM32\LXAMSP32.EXE]
"PrinTray"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe" [2001-10-21 15:54]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12]
"QuickBooksDB"="C:\Program Files\Intuit\QuickBooks Pro\QBDBMgrN.exe" [2005-10-20 09:54]
"MFP1815_S2P"="C:\PROGRAM FILES\DELL\DELL LASER MFP 1815\PSU\Scan2Pc.exe" [2006-12-22 02:44]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 09:22]
"PaperPort PTD"="C:\Program Files\DELL\Dell Laser MFP 1815\PaperPort\pptd40nt.exe" [2006-02-20 14:37]
"IndexSearch"="C:\Program Files\DELL\Dell Laser MFP 1815\PaperPort\IndexSearch.exe" [2006-02-20 14:38]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 10:09]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-11-14 23:43]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-09-27 19:17]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
AcBtnMgr_X63.exe.lnk - C:\Program Files\LexmarkX63\AcBtnMgr_X63.exe [2001-06-06 14:03:10]
ACMonitor_X63.exe.lnk - C:\Program Files\LexmarkX63\ACMonitor_X63.exe [2001-06-06 14:02:28]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-12 00:49:24]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-06-21 21:56:14]
KODAK Software Updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-02-13 13:12:08]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2006-11-21 20:54:10]

R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ
R3 revolution4;revolution4;C:\WINDOWS\system32\DRIVERS\t2r4mini.sys
S2 SSPORT;SSPORT;\??\C:\WINDOWS\system32\Drivers\SSPORT.sys
S3 SQLWriter;SQL Server VSS Writer;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"

.
Contents of the 'Scheduled Tasks' folder
"2007-11-27 00:36:08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
"2007-12-06 16:40:45 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-06 10:38:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-12-06 10:42:13 - machine was rebooted
.
--- E O F ---

#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:09:34 PM

Posted 06 December 2007 - 12:00 PM

Hi,

Thanks for the ComboFix report, but you posted it twice, rather than a HijackThis log. Could I see that, please? How is it running now?

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 chellseybelle

chellseybelle
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:34 PM

Posted 06 December 2007 - 12:03 PM

Sorry about that! The pc seems to be running much more quickley...Thanks! Here is the Hijack this log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:43, on 2007-12-06
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~2\VPTray.exe
C:\WINDOWS\system32\lxamsp32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Intuit\QuickBooks Pro\QBDBMgrN.exe
C:\PROGRAM FILES\DELL\DELL LASER MFP 1815\PSU\Scan2Pc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\DELL\Dell Laser MFP 1815\PaperPort\pptd40nt.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\LexmarkX63\AcBtnMgr_X63.exe
C:\Program Files\LexmarkX63\ACMonitor_X63.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {01E0B708-9F5D-43A7-B921-8773D32F7A68} - C:\WINDOWS\system32\vtstq.dll (file missing)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {b109a63a-d9bc-482a-86ee-e9017a90798d} - C:\WINDOWS\system32\qakqkqt.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [lxamsp32.exe] lxamsp32.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickBooksDB] C:\Program Files\Intuit\QuickBooks Pro\QBDBMgrN.exe -n QB_TTIWKS2_16 -qs -gd ALL -gk all -gp 4096 -gu all -ch 64M -c 32M -x tcpip(BroadcastListener=NO;port=10160) -ti 0 -ec simple -ct- -qi -qw -oe DBStartup.log -tl 120 -u -y
O4 - HKLM\..\Run: [MFP1815_S2P] C:\PROGRAM FILES\DELL\DELL LASER MFP 1815\PSU\Scan2Pc.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\DELL\Dell Laser MFP 1815\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\DELL\Dell Laser MFP 1815\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Global Startup: AcBtnMgr_X63.exe.lnk = C:\Program Files\LexmarkX63\AcBtnMgr_X63.exe
O4 - Global Startup: ACMonitor_X63.exe.lnk = C:\Program Files\LexmarkX63\ACMonitor_X63.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &Search - ?p=ZKxdm009YYUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {85BA505F-FD01-4A91-836C-F7D502E89C9A} (Image Uploader Control) - http://www.evite.com/html/imageUpload/ImageUploader4.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://ts.houstonortho.com/msrdp.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = TTIHOUSTON.COM
O17 - HKLM\Software\..\Telephony: DomainName = TTIHOUSTON.COM
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = TTIHOUSTON.COM
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = TTIHOUSTON.COM
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 10647 bytes

#6 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:09:34 PM

Posted 06 December 2007 - 12:20 PM

Hello,

Thank you, and good to know it's better. :thumbsup:

Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:

O2 - BHO: (no name) - {01E0B708-9F5D-43A7-B921-8773D32F7A68} - C:\WINDOWS\system32\vtstq.dll (file missing)
O2 - BHO: (no name) - {b109a63a-d9bc-482a-86ee-e9017a90798d} - C:\WINDOWS\system32\qakqkqt.dll (file missing)


Close all browsers and other windows except for HijackThis!, and click "Fix checked".

Please delete ComboFix and its accompanying folder C:\Qoobox. Empty your Recycle bin and reboot your computer.

Please go Here to run Panda's ActiveScan. (You must use IE for this one). http://www.pandasoftware.com/products/activescan.htm
Once you are on the Panda site click the Scan your PC button

A new window will open...click the Check Now button.
Enter your State/Providence
Enter your E-mail address and click send.
Select either Home user or Company.

Click the big Scan Now button

* If it wants to install an ActiveX component allow it
* It will start downloading the files it requires for the scan (Note: It may take a few minutes)

When the download is complete, click on My Computer to start the scan.

When the scan completes, if anything malicious is detected, click the See Report button, then Save report and save it to a convenient location (activescan.txt to desktop).

Post the contents of the ActiveScan report, please, and a new HijackThis log.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#7 chellseybelle

chellseybelle
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:34 PM

Posted 06 December 2007 - 02:21 PM

OK. I deleted those two entries in HijackThis, as well as the program and folder. I have also run Activescan. Thanks :thumbsup: Here are the results:


Incident Status Location

Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\accting.TTIHOUSTON\Cookies\accting@247realmedia[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\accting.TTIHOUSTON\Cookies\accting@ad.yieldmanager[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\accting.TTIHOUSTON\Cookies\accting@adrevolver[2].txt
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\accting.TTIHOUSTON\Cookies\accting@ads.addynamix[1].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\accting.TTIHOUSTON\Cookies\accting@ads.pointroll[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\accting.TTIHOUSTON\Cookies\accting@advertising[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\accting.TTIHOUSTON\Cookies\accting@atdmt[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\accting.TTIHOUSTON\Cookies\accting@atwola[1].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\accting.TTIHOUSTON\Cookies\accting@bluestreak[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\accting.TTIHOUSTON\Cookies\accting@bs.serving-sys[1].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\accting.TTIHOUSTON\Cookies\accting@casalemedia[1].txt
Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\accting.TTIHOUSTON\Cookies\accting@citi.bridgetrack[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\accting.TTIHOUSTON\Cookies\accting@doubleclick[2].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\accting.TTIHOUSTON\Cookies\accting@ehg-dig.hitbox[2].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\accting.TTIHOUSTON\Cookies\accting@fastclick[2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\accting.TTIHOUSTON\Cookies\accting@go[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\accting.TTIHOUSTON\Cookies\accting@media.adrevolver[3].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\accting.TTIHOUSTON\Cookies\accting@mediaplex[2].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\accting.TTIHOUSTON\Cookies\accting@overture[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\accting.TTIHOUSTON\Cookies\accting@questionmarket[2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\accting.TTIHOUSTON\Cookies\accting@realmedia[2].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\accting.TTIHOUSTON\Cookies\accting@server.iad.liveperson[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\accting.TTIHOUSTON\Cookies\accting@serving-sys[1].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\accting.TTIHOUSTON\Cookies\accting@statse.webtrendslive[2].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\accting.TTIHOUSTON\Cookies\accting@tradedoubler[1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\accting.TTIHOUSTON\Cookies\accting@trafficmp[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\accting.TTIHOUSTON\Cookies\accting@tribalfusion[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\accting.TTIHOUSTON\Cookies\accting@zedo[1].txt
Spyware:Cookie/7search Not disinfected C:\Documents and Settings\accting.TTIHOUSTON.000\Cookies\accting@7search[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\accting.TTIHOUSTON.000\Cookies\accting@ad.yieldmanager[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\accting.TTIHOUSTON.000\Cookies\accting@adrevolver[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\accting.TTIHOUSTON.000\Cookies\accting@adrevolver[3].txt
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\accting.TTIHOUSTON.000\Cookies\accting@ads.addynamix[2].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\accting.TTIHOUSTON.000\Cookies\accting@ads.pointroll[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\accting.TTIHOUSTON.000\Cookies\accting@advertising[1].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\accting.TTIHOUSTON.000\Cookies\accting@apmebf[2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\accting.TTIHOUSTON.000\Cookies\accting@as-us.falkag[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\accting.TTIHOUSTON.000\Cookies\accting@atdmt[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\accting.TTIHOUSTON.000\Cookies\accting@atwola[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\accting.TTIHOUSTON.000\Cookies\accting@belnk[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\accting.TTIHOUSTON.000\Cookies\accting@bs.serving-sys[2].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\accting.TTIHOUSTON.000\Cookies\accting@burstnet[1].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\accting.TTIHOUSTON.000\Cookies\accting@casalemedia[2].txt
Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\accting.TTIHOUSTON.000\Cookies\accting@citi.bridgetrack[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\accting.TTIHOUSTON.000\Cookies\accting@com[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\accting.TTIHOUSTON.000\Cookies\accting@dist.belnk[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\accting.TTIHOUSTON.000\Cookies\accting@doubleclick[2].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\accting.TTIHOUSTON.000\Cookies\accting@ehg-dig.hitbox[2].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\accting.TTIHOUSTON.000\Cookies\accting@ehg.hitbox[2].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\accting.TTIHOUSTON.000\Cookies\accting@fastclick[2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\accting.TTIHOUSTON.000\Cookies\accting@go[1].txt
Spyware:Cookie/Linksynergy Not disinfected C:\Documents and Settings\accting.TTIHOUSTON.000\Cookies\accting@linksynergy[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\accting.TTIHOUSTON.000\Cookies\accting@mediaplex[2].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\accting.TTIHOUSTON.000\Cookies\accting@overture[2].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\accting.TTIHOUSTON.000\Cookies\accting@perf.overture[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\accting.TTIHOUSTON.000\Cookies\accting@questionmarket[2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\accting.TTIHOUSTON.000\Cookies\accting@realmedia[2].txt
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\accting.TTIHOUSTON.000\Cookies\accting@revenue[2].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\accting.TTIHOUSTON.000\Cookies\accting@searchportal.information[1].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\accting.TTIHOUSTON.000\Cookies\accting@server.iad.liveperson[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\accting.TTIHOUSTON.000\Cookies\accting@serving-sys[2].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\accting.TTIHOUSTON.000\Cookies\accting@statcounter[1].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\accting.TTIHOUSTON.000\Cookies\accting@statse.webtrendslive[1].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\accting.TTIHOUSTON.000\Cookies\accting@target[2].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\accting.TTIHOUSTON.000\Cookies\accting@trafficmp[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\accting.TTIHOUSTON.000\Cookies\accting@tribalfusion[1].txt
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\accting.TTIHOUSTON.000\Cookies\accting@valueclick[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\accting.TTIHOUSTON.000\Cookies\accting@zedo[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\efalk\Cookies\efalk@adrevolver[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\efalk\Cookies\efalk@adrevolver[2].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\efalk\Cookies\efalk@ads.pointroll[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\efalk\Cookies\efalk@advertising[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\efalk\Cookies\efalk@atdmt[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\efalk\Cookies\efalk@ath.belnk[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\efalk\Cookies\efalk@atwola[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\efalk\Cookies\efalk@belnk[1].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\efalk\Cookies\efalk@bluestreak[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\efalk\Cookies\efalk@dist.belnk[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\efalk\Cookies\efalk@doubleclick[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\efalk\Cookies\efalk@mediaplex[2].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\efalk\Cookies\efalk@overture[2].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\efalk\Cookies\efalk@perf.overture[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\efalk\Cookies\efalk@questionmarket[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\efalk\Cookies\efalk@servedby.advertising[2].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\efalk\Cookies\efalk@server.iad.liveperson[2].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\efalk\Cookies\efalk@z1.adserver[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\efalk\Cookies\efalk@zedo[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\kate\Cookies\kate@advertising[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\kate\Cookies\kate@atdmt[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\kate\Cookies\kate@ath.belnk[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\kate\Cookies\kate@belnk[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\kate\Cookies\kate@dist.belnk[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\kate\Cookies\kate@doubleclick[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\kate\Cookies\kate@ehg-dig.hitbox[2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\kate\Cookies\kate@go[1].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\kate\Cookies\kate@maxserving[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\kate\Cookies\kate@servedby.advertising[2].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\kate\Cookies\kate@trafficmp[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\michelleb\Application Data\Mozilla\Firefox\Profiles\7w1r1bj4.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\michelleb\Cookies\michelleb@advertising[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\michelleb\Cookies\michelleb@atwola[2].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\michelleb\Cookies\michelleb@azjmp[2].txt
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\michelleb\Cookies\michelleb@did-it[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\michelleb\Cookies\michelleb@doubleclick[1].txt
Spyware:Cookie/Enhance Not disinfected C:\Documents and Settings\michelleb\Cookies\michelleb@enhance[2].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\michelleb\Cookies\michelleb@gostats[1].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\michelleb\Cookies\michelleb@go[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\michelleb\Cookies\michelleb@mediaplex[1].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\michelleb\Cookies\michelleb@target[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\michelleb\Cookies\michelleb@tribalfusion[1].txt
Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\michelleb\Cookies\michelleb@web.tickle[1].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\michelleb\Cookies\michelleb@www.burstbeacon[1].txt
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\michelleb\Cookies\michelleb@www.myaffiliateprogram[1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\michelleb\Cookies\michelleb@www5.addfreestats[1].txt
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\michelleb\Cookies\michelleb@yadro[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\rhagen\Cookies\rhagen@advertising[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\rhagen\Cookies\rhagen@atdmt[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\rhagen\Cookies\rhagen@doubleclick[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\rhagen\Cookies\rhagen@servedby.advertising[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\rhagen\Cookies\rmcnamara@atdmt[2].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\rhagen\Cookies\rmcnamara@maxserving[2].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\sbarron\Cookies\sbarron@ads.pointroll[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\sbarron\Cookies\sbarron@advertising[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\sbarron\Cookies\sbarron@atdmt[2].txt
Spyware:Cookie/CentrPort Not disinfected C:\Documents and Settings\sbarron\Cookies\sbarron@centrport[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\sbarron\Cookies\sbarron@doubleclick[2].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\sbarron\Cookies\sbarron@ehg-dig.hitbox[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\sbarron\Cookies\sbarron@ehg.hitbox[2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\sbarron\Cookies\sbarron@go[2].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\sbarron\Cookies\sbarron@maxserving[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\sbarron\Cookies\sbarron@mediaplex[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\sbarron\Cookies\sbarron@questionmarket[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\sbarron\Cookies\sbarron@servedby.advertising[1].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\sbarron\Cookies\sbarron@z1.adserver[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\sbarron\Cookies\sbarron@zedo[2].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\temp\Cookies\temp@ads.pointroll[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\temp\Cookies\temp@atdmt[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\temp\Cookies\temp@doubleclick[1].txt
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\RECYCLER\S-1-5-21-3024059123-1160589905-311211766-1180\Dc1.exe[nircmd.exe]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\RECYCLER\S-1-5-21-3024059123-1160589905-311211766-1180\Dc1.exe[nircmd.cfexe]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\NirCmd.exe

HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:11, on 2007-12-06
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~2\VPTray.exe
C:\WINDOWS\system32\lxamsp32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Intuit\QuickBooks Pro\QBDBMgrN.exe
C:\PROGRAM FILES\DELL\DELL LASER MFP 1815\PSU\Scan2Pc.exe
C:\Program Files\DELL\Dell Laser MFP 1815\PaperPort\pptd40nt.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\LexmarkX63\AcBtnMgr_X63.exe
C:\Program Files\LexmarkX63\ACMonitor_X63.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [lxamsp32.exe] lxamsp32.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickBooksDB] C:\Program Files\Intuit\QuickBooks Pro\QBDBMgrN.exe -n QB_TTIWKS2_16 -qs -gd ALL -gk all -gp 4096 -gu all -ch 64M -c 32M -x tcpip(BroadcastListener=NO;port=10160) -ti 0 -ec simple -ct- -qi -qw -oe DBStartup.log -tl 120 -u -y
O4 - HKLM\..\Run: [MFP1815_S2P] C:\PROGRAM FILES\DELL\DELL LASER MFP 1815\PSU\Scan2Pc.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\DELL\Dell Laser MFP 1815\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\DELL\Dell Laser MFP 1815\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Global Startup: AcBtnMgr_X63.exe.lnk = C:\Program Files\LexmarkX63\AcBtnMgr_X63.exe
O4 - Global Startup: ACMonitor_X63.exe.lnk = C:\Program Files\LexmarkX63\ACMonitor_X63.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &Search - ?p=ZKxdm009YYUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {85BA505F-FD01-4A91-836C-F7D502E89C9A} (Image Uploader Control) - http://www.evite.com/html/imageUpload/ImageUploader4.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://ts.houstonortho.com/msrdp.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = TTIHOUSTON.COM
O17 - HKLM\Software\..\Telephony: DomainName = TTIHOUSTON.COM
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = TTIHOUSTON.COM
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = TTIHOUSTON.COM
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 10584 bytes

#8 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:09:34 PM

Posted 06 December 2007 - 02:40 PM

Looks good. :thumbsup: How is it running?

Please delete ComboFix and its accompanying folder C:\Qoobox. Empty your Recycle bin and reboot your computer.

If there are no problems :

Below I have included a number of recommendations on how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously! These few simple steps can stave off the vast majority of spyware problems.

Regularly go to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows, including the latest version of Internet Explorer. This can patch many of the security holes through which attackers can gain access to your computer. You should also turn on the Windows automatic update feature.

You should definitely maintain a firewall. Some good free firewalls are Kerio, or Outpost. I use Comodo on my own system and really like it. http://comodo.com
A tutorial on understanding and using firewalls may be found here.

In order to protect yourself against spyware, you should consider installing and running the following free programs:

SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

IE/Spyad:
It places over 5000 malicious websites and domains in your IE's restricted zone.
IE/Spyad

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

* Avoid illegal sites, because that's where most malware is present.
* Don't click on links inside popups.
* Don't click on links in spam messages claiming to offer anti-spyware software; because most of these so called removers ARE spyware.
* Download free software only from sites you know and trust. A lot of free software can bundle other software, including spyware.

Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
http://www.mozilla.org/products/firefox/

Please make sure to run your antivirus software regularly, and to keep it up-to-date.

Take care!
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#9 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:09:34 PM

Posted 08 December 2007 - 12:53 PM

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users