Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virtumonde...i Think..


  • This topic is locked This topic is locked
8 replies to this topic

#1 saje43

saje43

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:29 PM

Posted 02 June 2008 - 04:31 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:19:19 PM, on 6/2/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\explorer.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Webshots\webshots.scr
C:\Program Files\Safari\Safari.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Config\csrss.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\nnNdecYQ.dll,#1
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UpdateSys] WindowsUpdateService.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Jonathon\AppData\Local\Temp\nNEvUoNh.dll,#1
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [646e917f] rundll32.exe "C:\Users\Jonathon\AppData\Local\Temp\mrhnpyhe.dll",b
O4 - HKCU\..\Run: [BM675da2e3] Rundll32.exe "C:\Users\Jonathon\AppData\Local\Temp\kymuuxmb.dll",s
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Jonathon\AppData\Local\Temp\efcBQgHA.dll,c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

--
End of file - 6763 bytes


----------

Any explanation of this at all would help, I'm new to Hijack this, and I have Ad-Aware and Spybot. When I run Ad-Aware it finds nothing, but Spybot always finds Virtumonde. Also, my computer is just really slow, and I do get pop ups. The Vondofix and Other vertimonde remover does not work. Any help would be greatly appreciated in figuring out my problem, thanks!

BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:05:29 PM

Posted 04 June 2008 - 02:38 PM

Hello saje43,

Welcome to Bleeping Computer :thumbsup:

I notice that you have Spybot's TeaTimer running. While this is normally a wonderful tool to protect against hijackers, it can also interfere with the fixes. So please disable TeaTimer by doing the following:
1) Run Spybot-S&D
2) Go to the Mode menu, and make sure "Advanced Mode" is selected
3) On the left hand side, choose Tools -> Resident
4) Uncheck "Resident TeaTimer" and OK any prompts

You can reenable TeaTimer once your system is clean.

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 saje43

saje43
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:29 PM

Posted 07 June 2008 - 06:40 PM

ComboFix 08-06-07.1 - Jonathon 2008-06-07 18:14:53.1 - NTFSx86
Running from: C:\Users\Jonathon\Desktop\ComboFix.exe
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\Jonathon\AppData\Local\Microsoft\Windows\Temporary Internet Files\CSC2.5U-EN-812-F.sbr.sgn
C:\Windows\system32\nnNdecYQ.dll

.
((((((((((((((((((((((((( Files Created from 2008-05-07 to 2008-06-07 )))))))))))))))))))))))))))))))
.

2008-06-07 17:32 . 2008-06-07 17:32 716,272 --a------ C:\Windows\System32\drivers\sptd.sys
2008-06-05 00:27 . 2008-06-05 00:49 149,306,880 --a------ C:\none.avi
2008-06-05 00:20 . 2008-06-05 00:20 <DIR> d-------- C:\Program Files\Red Kawa
2008-06-04 22:36 . 2008-06-05 00:02 634,891,776 --a------ C:\Dane Cook 1.avi
2008-06-04 22:34 . 2008-06-04 22:35 <DIR> d-------- C:\Program Files\Free DVD Ripper
2008-06-04 22:34 . 2002-07-17 15:20 84,832 --a------ C:\Windows\System32\drivers\ASPI32.SYS
2008-06-04 22:34 . 2002-07-17 15:23 45,056 --a------ C:\Windows\System32\WNASPI32.DLL
2008-06-04 22:00 . 2008-06-04 22:00 <DIR> d-------- C:\Users\Jonathon\AppData\Roaming\Sony
2008-06-04 22:00 . 2008-06-04 22:00 <DIR> d-------- C:\Users\All Users\Sony
2008-06-04 22:00 . 2008-06-04 22:00 <DIR> d-------- C:\ProgramData\Sony
2008-06-04 21:57 . 2008-06-04 21:57 <DIR> d-------- C:\Program Files\Sony
2008-06-04 21:54 . 2008-06-04 21:54 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-06-04 21:50 . 2008-06-04 21:50 <DIR> d-------- C:\Program Files\Sony Setup
2008-06-04 03:07 . 2008-06-04 03:07 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-06-03 18:08 . 2008-06-03 18:14 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-06-03 18:07 . 2008-06-03 18:15 <DIR> d-------- C:\Program Files\Windows Live
2008-06-03 18:06 . 2008-06-03 18:06 <DIR> d-------- C:\Users\All Users\WLInstaller
2008-06-03 18:06 . 2008-06-03 18:06 <DIR> d-------- C:\ProgramData\WLInstaller
2008-06-02 16:18 . 2008-06-02 16:18 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-02 15:20 . 2008-06-02 15:20 0 --a------ C:\Windows\System32\SBRC.dat
2008-06-02 15:20 . 2008-06-02 15:20 0 --a------ C:\Windows\System32\SBFC.dat
2008-06-02 13:44 . 2008-06-02 13:44 <DIR> d-------- C:\VundoFix Backups
2008-06-02 13:03 . 2008-06-02 13:03 <DIR> d-------- C:\Users\Jonathon\AppData\Roaming\Sunbelt Software
2008-06-02 13:03 . 2008-06-02 13:03 <DIR> d-------- C:\Users\All Users\Sunbelt Software
2008-06-02 13:03 . 2008-06-02 13:03 <DIR> d-------- C:\ProgramData\Sunbelt Software
2008-06-02 12:58 . 2008-06-02 12:58 <DIR> d-------- C:\Program Files\Sunbelt Software
2008-06-01 12:34 . 2008-06-01 12:37 <DIR> d-------- C:\Users\All Users\Adobe
2008-06-01 12:32 . 2008-06-01 12:34 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-05-31 20:07 . 2008-05-31 20:11 <DIR> d-------- C:\Program Files\MagicDisc
2008-05-31 20:07 . 2008-05-27 12:11 96,896 --a------ C:\Windows\System32\drivers\mcdbus.sys
2008-05-31 16:19 . 2008-05-31 16:19 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-05-31 15:52 . 2008-05-31 15:52 <DIR> d-------- C:\PerfLogs
2008-05-31 10:39 . 2008-01-19 02:35 4,875,776 --a------ C:\Windows\System32\NlsData0009.dll
2008-05-31 10:38 . 2008-01-19 02:35 9,847,296 --a------ C:\Windows\System32\NlsData000a.dll
2008-05-31 10:37 . 2008-01-19 02:35 3,072,000 --a------ C:\Windows\System32\networkmap.dll
2008-05-31 10:36 . 2008-01-19 02:32 5,714,432 --a------ C:\Windows\System32\logon.scr
2008-05-31 10:35 . 2008-01-19 02:34 6,103,040 --a------ C:\Windows\System32\chtbrkr.dll
2008-05-31 10:34 . 2008-01-19 01:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL
2008-05-31 10:33 . 2008-01-19 02:36 357,888 --a------ C:\Windows\System32\wbemcomn.dll
2008-05-31 10:32 . 2008-01-19 02:36 704,512 --a------ C:\Windows\System32\SmiEngine.dll
2008-05-31 10:32 . 2008-01-19 02:34 305,152 --a------ C:\Windows\System32\msdelta.dll
2008-05-31 10:32 . 2008-01-19 02:34 258,560 --a------ C:\Windows\System32\dpx.dll
2008-05-31 10:32 . 2008-01-19 02:34 246,784 --a------ C:\Windows\System32\drvstore.dll
2008-05-31 10:32 . 2008-01-19 02:36 218,624 --a------ C:\Windows\System32\wdscore.dll
2008-05-31 10:32 . 2008-01-19 02:36 139,264 --a------ C:\Windows\System32\SmiInstaller.dll
2008-05-31 10:32 . 2008-01-19 02:33 130,560 --a------ C:\Windows\System32\PkgMgr.exe
2008-05-31 10:32 . 2008-01-19 02:35 35,328 --a------ C:\Windows\System32\mspatcha.dll
2008-05-31 10:00 . 2008-05-31 14:49 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-05-31 10:00 . 2008-05-31 14:49 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-05-31 10:00 . 2008-05-31 10:01 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-31 09:19 . 2008-05-31 09:22 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-05-31 09:19 . 2008-05-31 09:22 <DIR> d-------- C:\ProgramData\Lavasoft
2008-05-31 09:19 . 2008-05-31 09:19 <DIR> d-------- C:\Program Files\Lavasoft
2008-05-31 09:17 . 2008-05-31 09:17 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-30 20:02 . 2008-06-05 23:22 196,874 --a------ C:\Windows\img401-jpeg.zip
2008-05-30 20:01 . 2008-05-30 20:02 196,742 --a------ C:\Windows\System32\ejcelj.exe
2008-05-30 13:44 . 2008-05-30 13:44 0 --a------ C:\Windows\ativpsrm.bin
2008-05-30 09:52 . 2008-05-31 21:33 <DIR> d-------- C:\Program Files\EA GAMES
2008-05-30 09:52 . 2004-08-17 21:14 442,368 -ra------ C:\Windows\System32\vp6vfw.dll
2008-05-30 02:59 . 2008-05-30 02:59 <DIR> d-------- C:\Users\Jonathon\WoW-BurningCrusade-enUS-Full-Installer
2008-05-29 22:08 . 2008-05-29 22:10 <DIR> d-------- C:\Program Files\Safari
2008-05-29 22:05 . 2008-05-29 22:05 <DIR> d-------- C:\Program Files\Apple Software Update
2008-05-29 18:58 . 2008-05-29 18:58 <DIR> d-------- C:\Users\Jonathon\Microsoft Office 2007 Professional Plus + Key Generator
2008-05-29 18:49 . 2008-05-29 18:49 <DIR> d-------- C:\Program Files\Microsoft Works
2008-05-29 18:46 . 2008-05-29 18:46 <DIR> d-------- C:\Windows\PCHEALTH
2008-05-29 18:46 . 2008-05-29 18:46 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-05-29 18:42 . 2008-06-04 03:12 <DIR> d-------- C:\Users\All Users\Microsoft Help
2008-05-29 18:42 . 2008-06-04 03:12 <DIR> d-------- C:\ProgramData\Microsoft Help
2008-05-29 18:40 . 2008-05-29 18:40 <DIR> dr-h----- C:\MSOCache
2008-05-29 15:54 . 2008-05-29 18:59 <DIR> d-a------ C:\Users\All Users\TEMP
2008-05-29 15:54 . 2008-05-29 18:59 <DIR> d-a------ C:\ProgramData\TEMP
2008-05-29 15:54 . 2008-05-29 18:59 124,688 --a------ C:\Windows\System32\MSWINSCK.OCX
2008-05-29 15:44 . 2008-05-30 20:02 196,742 -r--s---- C:\Windows\WindowsUpdateService.exe
2008-05-29 15:44 . 2008-05-30 14:58 139,520 --a------ C:\Windows\img104908.zip
2008-05-29 15:38 . 2008-06-07 17:13 <DIR> d-------- C:\Program Files\World of Warcraft
2008-05-29 00:26 . 2008-05-29 00:26 <DIR> d-------- C:\Users\Jonathon\AppData\Roaming\Webshots
2008-05-29 00:26 . 2008-05-29 00:26 <DIR> d-------- C:\Program Files\Webshots
2008-05-29 00:01 . 2008-05-29 00:01 <DIR> d-------- C:\Users\Jonathon\WoW-2.0.0-enUS-Installer
2008-05-28 23:54 . 2008-05-29 15:51 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-05-28 23:50 . 2008-05-28 23:50 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-05-28 23:50 . 2008-05-28 23:50 1,695,744 --a------ C:\Windows\System32\gameux.dll
2008-05-28 23:19 . 2008-05-28 20:25 <DIR> d-------- C:\Windows\Panther
2008-05-28 23:18 . 2008-05-28 23:18 <DIR> d-------- C:\Windows\System32\OEM
2008-05-28 23:18 . 2008-05-31 16:08 <DIR> d--hs---- C:\Boot
2008-05-28 23:18 . 2008-01-19 02:45 333,203 -rahs---- C:\bootmgr
2008-05-28 23:18 . 2008-05-28 23:18 8,192 -ra-s---- C:\BOOTSECT.BAK
2008-05-28 23:18 . 2007-02-21 14:56 36 -rah----- C:\Windows\DELL_VERSION
2008-05-28 22:51 . 2008-05-28 22:51 <DIR> dr------- C:\Windows\System32\config\systemprofile\Music
2008-05-28 22:21 . 2008-05-28 20:56 <DIR> d-------- C:\Windows\Debug
2008-05-28 21:49 . 2008-05-28 21:49 <DIR> d-------- C:\Program Files\WinAce
2008-05-28 21:40 . 2008-05-29 22:11 <DIR> d-------- C:\Users\Jonathon\AppData\Roaming\Apple Computer
2008-05-28 21:38 . 2008-05-28 21:39 <DIR> d-------- C:\Program Files\iTunes
2008-05-28 21:38 . 2008-05-28 21:38 <DIR> d-------- C:\Program Files\iPod
2008-05-28 21:36 . 2008-06-07 17:36 15,931 --a------ C:\Windows\System32\Config.MPF
2008-05-28 21:34 . 2008-05-28 21:34 <DIR> d-------- C:\Program Files\Bonjour
2008-05-28 21:32 . 2006-03-03 11:07 143,360 --a------ C:\Windows\System32\dunzip32.dll
2008-05-28 21:31 . 2008-05-28 21:38 <DIR> d-------- C:\Users\All Users\Apple Computer
2008-05-28 21:31 . 2008-05-28 21:38 <DIR> d-------- C:\ProgramData\Apple Computer
2008-05-28 21:31 . 2008-05-28 21:33 <DIR> d-------- C:\Program Files\QuickTime
2008-05-28 21:27 . 2008-05-28 21:27 <DIR> d-------- C:\Users\All Users\Apple
2008-05-28 21:27 . 2008-05-28 21:27 <DIR> d-------- C:\ProgramData\Apple
2008-05-28 21:27 . 2008-05-28 21:27 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-05-28 21:27 . 2007-07-21 09:08 201,288 --a------ C:\Windows\System32\drivers\mfehidk.sys
2008-05-28 21:27 . 2007-07-13 09:21 125,728 --a------ C:\Windows\System32\drivers\Mpfp.sys
2008-05-28 21:27 . 2007-07-24 07:40 79,304 --a------ C:\Windows\System32\drivers\mfeavfk.sys
2008-05-28 21:27 . 2007-07-21 09:08 40,488 --a------ C:\Windows\System32\drivers\mfesmfk.sys
2008-05-28 21:27 . 2007-07-21 09:08 35,240 --a------ C:\Windows\System32\drivers\mfebopk.sys
2008-05-28 21:27 . 2007-07-24 12:02 33,800 --a------ C:\Windows\System32\drivers\mferkdk.sys
2008-05-28 21:26 . 2008-05-28 21:26 <DIR> d-------- C:\Program Files\McAfee.com
2008-05-28 21:26 . 2008-05-28 21:27 <DIR> d-------- C:\Program Files\Common Files\McAfee
2008-05-28 21:25 . 2008-06-07 17:35 <DIR> d-------- C:\Program Files\McAfee
2008-05-28 21:24 . 2008-05-28 21:37 <DIR> d-------- C:\Users\All Users\McAfee
2008-05-28 21:24 . 2008-05-28 21:37 <DIR> d-------- C:\ProgramData\McAfee
2008-05-28 21:23 . 2008-05-28 21:23 <DIR> d-------- C:\Program Files\MagicISO
2008-05-28 21:18 . 2008-05-28 21:18 0 --a------ C:\Windows\nsreg.dat
2008-05-28 21:15 . 2008-05-28 21:15 1,820 --a------ C:\Windows\System32\rasctrnm.h
2008-05-28 21:06 . 2008-05-28 21:45 <DIR> d-------- C:\Program Files\BitLord
2008-05-28 21:06 . 2008-01-19 02:34 15,872 --a------ C:\Windows\System32\hcrstco.dll
2008-05-28 21:06 . 2006-11-02 04:46 8,704 --a------ C:\Windows\System32\hccoin.dll
2008-05-28 21:04 . 2008-05-28 21:04 988,216 --a------ C:\Windows\System32\winload.exe
2008-05-28 21:04 . 2008-05-28 21:04 927,288 --a------ C:\Windows\System32\winresume.exe
2008-05-28 21:04 . 2008-05-28 21:04 615,992 --a------ C:\Windows\System32\ci.dll
2008-05-28 21:04 . 2008-05-28 21:04 378,368 --a------ C:\Windows\System32\srcore.dll
2008-05-28 21:04 . 2008-05-28 21:04 318,464 --a------ C:\Windows\System32\rstrui.exe
2008-05-28 21:04 . 2008-05-28 21:04 46,592 --a------ C:\Windows\System32\setbcdlocale.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-31 21:07 174 --sha-w C:\Program Files\desktop.ini
2008-05-31 20:55 --------- d-----w C:\Program Files\Windows Sidebar
2008-05-31 20:55 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-05-31 20:55 --------- d-----w C:\Program Files\Windows Mail
2008-05-31 20:55 --------- d-----w C:\Program Files\Windows Journal
2008-05-31 20:55 --------- d-----w C:\Program Files\Windows Defender
2008-05-31 20:55 --------- d-----w C:\Program Files\Windows Collaboration
2008-05-31 20:55 --------- d-----w C:\Program Files\Windows Calendar
2008-04-29 16:20 15,648 ----a-w C:\Windows\system32\drivers\NSDriver.sys
2008-04-29 16:19 15,648 ----a-w C:\Windows\system32\drivers\Awrtrd.sys
2008-04-29 16:19 12,960 ----a-w C:\Windows\system32\drivers\Awrtpd.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 02:33 1233920]
"MSServer"="C:\Users\Jonathon\AppData\Local\Temp\xxYrpnlm.dll" [ ]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"BM675da2e3"="C:\Users\Jonathon\AppData\Local\Temp\eyqrlcul.dll" [ ]
"646e917f"="C:\Users\Jonathon\AppData\Local\Temp\cyiicpsa.dll" [2008-06-07 17:45 92160]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"cmds"="C:\Users\Jonathon\AppData\Local\Temp\efcBQgHA.dll" [2008-06-02 03:12 373248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-19 02:38 1008184]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33 582992]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"UpdateSys"="WindowsUpdateService.exe" [2008-05-30 20:02 196742 C:\Windows\WindowsUpdateService.exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"@"="" []
"SBCSTray"="C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe" [2007-12-21 15:30 698864]

C:\Users\Jonathon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe [2008-05-31 20:07:40 547840]
Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [2008-05-29 00:26:37 157008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="Explorer.exe C:\\WINDOWS\\Config\\csrss.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{10ED2667-7408-47A1-B76E-E09AF755F38A}C:\\program files\\bitlord\\bitlord.exe"= UDP:C:\program files\bitlord\bitlord.exe:BitLord
"UDP Query User{0C63258C-817A-4261-A2F3-739F725526A9}C:\\program files\\bitlord\\bitlord.exe"= TCP:C:\program files\bitlord\bitlord.exe:BitLord
"{2ED3B9F4-C46D-44CA-B410-502879C092FD}"= Profile=Private|Profile=Public|C:\Program Files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{7F430C71-B27E-4947-A8FD-E0E653AB9B6B}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{B2D4F274-6A98-46BF-9D84-C47074B8FBE6}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{32CC5090-D95C-47C8-ACEE-D76A27DEFC96}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{0F55AB96-C0D3-452E-BBBB-E401EC015DAB}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{EA428D0C-9F80-41D7-938E-10EAE421F5B7}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{2E60E16E-8F02-4C79-9D9D-E31B98C92DC6}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{B6D95AE8-00D6-4AE2-BCAD-284F2AF4FBA7}"= UDP:C:\Program Files\Sony\Media Manager for PSP 2.5\MediaManager.exe:Media Manager for PSP 2.5
"{591E45A4-E783-4F07-9C88-4BA47B9B64AD}"= TCP:C:\Program Files\Sony\Media Manager for PSP 2.5\MediaManager.exe:Media Manager for PSP 2.5

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R3 Alpham1;Ideazon ZBoard USB Human Interface Device;C:\Windows\system32\DRIVERS\Alpham1.sys [2007-07-23 07:56]
R3 Alpham2;Ideazon ZBoard MM USB Human Interface Device;C:\Windows\system32\DRIVERS\Alpham2.sys [2007-03-20 09:49]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-09-29 03:13]
S3 ASPI;Advanced SCSI Programming Interface Driver;C:\Windows\System32\DRIVERS\ASPI32.sys [2002-07-17 15:20]
S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-09-29 03:13]

*Newly Created Service* - CATCHME
*Newly Created Service* - SBAPIFS
*Newly Created Service* - SPTD
.
Contents of the 'Scheduled Tasks' folder
"2008-05-29 03:35:50 C:\Windows\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2008-06-01 06:20:21 C:\Windows\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2008-06-07 16:07:11 C:\Windows\Tasks\User_Feed_Synchronization-{02F084CA-C447-44F7-A34D-4192C8C0C489}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
Completion time: 2008-06-07 18:33:16
ComboFix-quarantined-files.txt 2008-06-07 23:32:38

Pre-Run: 65,776,791,552 bytes free
Post-Run: 65,538,867,200 bytes free

235 --- E O F --- 2008-06-04 08:12:11




And the Hijack this log. Thanks a lot Teacup for helping, looking forward to your response. :D


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:19:19 PM, on 6/2/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\explorer.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Webshots\webshots.scr
C:\Program Files\Safari\Safari.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Config\csrss.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\nnNdecYQ.dll,#1
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UpdateSys] WindowsUpdateService.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Jonathon\AppData\Local\Temp\nNEvUoNh.dll,#1
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [646e917f] rundll32.exe "C:\Users\Jonathon\AppData\Local\Temp\mrhnpyhe.dll",b
O4 - HKCU\..\Run: [BM675da2e3] Rundll32.exe "C:\Users\Jonathon\AppData\Local\Temp\kymuuxmb.dll",s
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Jonathon\AppData\Local\Temp\efcBQgHA.dll,c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

--
End of file - 6763 bytes

Edited by saje43, 07 June 2008 - 06:41 PM.


#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:05:29 PM

Posted 07 June 2008 - 07:38 PM

Hello,

Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Config\csrss.exe
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\nnNdecYQ.dll,#1
O4 - HKLM\..\Run: [UpdateSys] WindowsUpdateService.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Jonathon\AppData\Local\Temp\nNEvUoNh.dll,#1
O4 - HKCU\..\Run: [646e917f] rundll32.exe "C:\Users\Jonathon\AppData\Local\Temp\mrhnpyhe.dll",b
O4 - HKCU\..\Run: [BM675da2e3] Rundll32.exe "C:\Users\Jonathon\AppData\Local\Temp\kymuuxmb.dll",s
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Jonathon\AppData\Local\Temp\efcBQgHA.dll,c


Close all browsers and other windows except for HijackThis!, and click "Fix checked".

Please download Malwarebytes' Anti-Malware from one of these places:
http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.html
http://www.besttechie.net/tools/mbam-setup.exe

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire report in your next reply along with a fresh HijackThis log.


Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

How is it running please? :thumbsup:

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 saje43

saje43
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:29 PM

Posted 08 June 2008 - 09:27 AM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:19:19 PM, on 6/2/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\explorer.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Webshots\webshots.scr
C:\Program Files\Safari\Safari.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Config\csrss.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\nnNdecYQ.dll,#1
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UpdateSys] WindowsUpdateService.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Jonathon\AppData\Local\Temp\nNEvUoNh.dll,#1
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [646e917f] rundll32.exe "C:\Users\Jonathon\AppData\Local\Temp\mrhnpyhe.dll",b
O4 - HKCU\..\Run: [BM675da2e3] Rundll32.exe "C:\Users\Jonathon\AppData\Local\Temp\kymuuxmb.dll",s
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Jonathon\AppData\Local\Temp\efcBQgHA.dll,c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

--
End of file - 6763 bytes




And the Mbytes....

]Malwarebytes' Anti-Malware 1.15
Database version: 840

9:10:15 AM 6/8/2008
mbam-log-6-8-2008 (09-10-15).txt

Scan type: Quick Scan
Objects scanned: 35181
Time elapsed: 4 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Typelib\{f9fa603d-697c-4900-a950-e54f08324a24} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\nmwegbsf.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)





So, it seems to have done the trick, my computer does seem to be running smoother, and it's not getting caught up on the opening page, where I used to have manually start the explorer task. Will post again if something pops up again. One more question however, I downloaded this program a while back, named Counterspy, and I'm not sure if it is a good or bad program. I've tried to remove and uninstall but I can't seem to do it, it's still there. Any feedback? Thanks again, Tea. :D

#6 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:05:29 PM

Posted 08 June 2008 - 09:32 PM

Hello,

Glad it's running well, but you posted a very old HijackThis log. Can I see a new one please? Counterspy is a good one, but if you want to get rid of it and can't via Add/Remove Programs let me know. :thumbsup:

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#7 saje43

saje43
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:29 PM

Posted 12 June 2008 - 10:28 AM

Sorry it took me awhile to get this, been real busy. Here it is. And thanks again. Still running well.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:27:10 AM, on 6/12/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Webshots\webshots.scr
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Safari\Safari.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: McAfee Application Installer Cleanup (0299281213273746) (0299281213273746mcinstcleanup) - McAfee, Inc. - C:\Windows\TEMP\029928~1.EXE
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 6295 bytes

#8 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:05:29 PM

Posted 12 June 2008 - 06:35 PM

Hello,

Thanks, and everything looks good. :thumbsup: Please delete ComboFix and its accompanying folder C:\Qoobox. Empty your Recycle bin and reboot your computer.

Reenable Tea Timer!
Open Spybot
Click on Tools in bottom left hand corner.
Click on Resident.
Check Resident "TeaTimer" box.
Click on Allow change ONLY to popup box with:Entry: SpybotSD Teatimer
Click on Mode, select Default mode
Close Spybot
[/list]If there are no further problems:

Below I have included a number of recommendations on how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously! These few simple steps can stave off the vast majority of spyware problems.

Regularly go to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows, including the latest version of Internet Explorer. This can patch many of the security holes through which attackers can gain access to your computer. You should also turn on the Windows automatic update feature.

It is very important to maintain your Firewall.
A tutorial on understanding and using firewalls may be found here.

In order to protect yourself against spyware, you should consider installing and running the following free programs:

SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

IE/Spyad:
It places over 5000 malicious websites and domains in your IE's restricted zone.
IE/Spyad

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

* Avoid illegal sites, because that's where most malware is present.
* Don't click on links inside popups.
* Don't click on links in spam messages claiming to offer anti-spyware software; because most of these so called removers ARE spyware.
* Download free software only from sites you know and trust. A lot of free software can bundle other software, including spyware.

Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
http://www.mozilla.org/products/firefox/

Please make sure to run your antivirus software regularly, and to keep it up-to-date.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#9 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:05:29 PM

Posted 28 June 2008 - 11:07 AM

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users