Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Bogged Down Computer Is Driving Me Nuts


  • This topic is locked This topic is locked
8 replies to this topic

#1 mrne

mrne

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:51 AM

Posted 24 September 2008 - 02:09 AM

Hello, It's been awhile since I needed to ask any advice here, which means you guys did so well helping me out the last time I was here. Which sadly was due to the fun loving coolwebsearch POS I somehow got ahold of. But my computer is just really bogging down badly and all the scans and avast protections I'm running aren't catching anything or seeing any oddball infections. I run Avast as an antivirus, run random scans with Spybot S&D, Adaware, and try and monitor application activity through procexp and my network activity through Tcpview. I do only have 19% left on an 80G hd, and was able to defrag about a week ago. I'm hoping it's just that I have so much crap on the computer, and not some nice nuisance infection.
Thank you for your time,
Tad

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:54:27 AM, on 9/24/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\spoolsv.exeC:\windows\system\hpsysdrv.exeC:\HP\KBD\KBD.EXEC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\Program Files\Java\jre1.6.0_07\bin\jusched.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\IE New Window Maximizer\iemaximizer.exeC:\Program Files\AWS\WeatherBug\Weather.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\Windows Media Player\WMPNSCFG.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\Program Files\Webshots\webshots.scrC:\WINDOWS\System32\snmp.exeC:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Alwil Software\Avast4\ashMaiSv.exeC:\Program Files\Alwil Software\Avast4\ashWebSv.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url]R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url]F2 - REG:system.ini: Shell=C:\WINDOWS\Explorer.exeO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocxO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dllO2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dllO3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dllO4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exeO4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXEO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXEO4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exeO4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exeO4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exeO4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [hpbdfawep] C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe 1O4 - HKCU\..\Run: [IE New Window Maximizer] C:\Program Files\IE New Window Maximizer\iemaximizer.exeO4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exeO4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeO4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exeO4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exeO4 - S-1-5-18 Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe (User 'SYSTEM')O4 - .DEFAULT Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe (User 'Default user')O4 - .DEFAULT User Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe (User 'Default user')O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exeO4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: HP Digital Imaging Monitor.lnk.disabledO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO4 - Global Startup: PayPal Plug-In for Outlook Express.lnk.disabledO8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlO8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlO8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.htmlO8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.htmlO8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlO8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlO8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlO8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dllO16 - DPF: {01010200-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Installer) - [url="https://ra.qwest.com/sdccommon/download/tgctlins.cab"]https://ra.qwest.com/sdccommon/download/tgctlins.cab[/url]O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - [url="http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab"]http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab[/url]O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - [url="http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab"]http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab[/url]O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [url="http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab"]http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab[/url]O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - [url="https://naasystem.webex.com/client/T26L/webex/ieatgpc.cab"]https://naasystem.webex.com/client/T26L/webex/ieatgpc.cab[/url]O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - [url="http://by105fd.bay105.hotmail.msn.com/activex/HMAtchmt.ocx"]http://by105fd.bay105.hotmail.msn.com/activex/HMAtchmt.ocx[/url]O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exeO23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe--End of file - 9388 bytes


BC AdBot (Login to Remove)

 


m

#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:05:51 AM

Posted 24 September 2008 - 02:49 PM

Hello mrne,

Welcome to Bleeping Computer :thumbsup:

Let's see what might be going on. :)

Please download Malwarebytes' Anti-Malware from one of these places:
http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.html
http://www.besttechie.net/tools/mbam-setup.exe

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire report in your next reply along with a fresh HijackThis log.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 mrne

mrne
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:51 AM

Posted 26 September 2008 - 05:03 AM

Sorry it took so long, the scan alone took hours. I pulled a full scan though, so go fig :thumbsup:

I wasn't sure about those BHOs, and I think that one entry 016 with Qwest, I had them as a DSL provider for awhile, but I hate DSL, and now I'm on Comcast DSL. Speaking of which, is there a way you would know of that could speed things up?
Thanks,
Tad
Database version _linenums:1203'>Malwarebytes' Anti-Malware 1.28Database version: 1203Windows 5.1.2600 Service Pack 39/24/2008 8:01:31 PMmbam-log-2008-09-24 (20-01-19).txtScan type: Full Scan (C:\|G:\|)Objects scanned: 345692Time elapsed: 5 hour(s), 26 minute(s), 4 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 1Files Infected: 6Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:C:\Documents and Settings\Administrator.Z1\Start Menu\Programs\AlertSpy (Rogue.AlertSpy) -> No action taken.Files Infected:C:\Documents and Settings\Owner\Local Settings\Temp\GLK5.tmp (Rogue.EvidenceEliminator) -> No action taken.C:\Documents and Settings\Administrator.Z1\Start Menu\Programs\AlertSpy\AlertSpy.lnk (Rogue.AlertSpy) -> No action taken.C:\Documents and Settings\Administrator.Z1\Start Menu\Programs\AlertSpy\Uninstall.lnk (Rogue.AlertSpy) -> No action taken.C:\Documents and Settings\Administrator.Z1\Start Menu\Programs\AlertSpy\Website.lnk (Rogue.AlertSpy) -> No action taken.C:\Documents and Settings\Default User\Desktop\AlertSpy.lnk (Rogue.AlertSpy) -> No action taken.C:\WINDOWS\explorer.sav (Heuristics.Reserved.Word.Exploit) -> No action taken.




Logfile of Trend Micro HijackThis v2.0.2Scan saved at 3:37:12 AM, on 9/26/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\spoolsv.exeC:\windows\system\hpsysdrv.exeC:\HP\KBD\KBD.EXEC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\Program Files\Java\jre1.6.0_07\bin\jusched.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\IE New Window Maximizer\iemaximizer.exeC:\Program Files\AWS\WeatherBug\Weather.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\Windows Media Player\WMPNSCFG.exeC:\Program Files\Webshots\webshots.scrC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\WINDOWS\System32\snmp.exeC:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Alwil Software\Avast4\ashMaiSv.exeC:\Program Files\Alwil Software\Avast4\ashWebSv.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exeC:\Program Files\Windows Live\Messenger\msnmsgr.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url]R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url]F2 - REG:system.ini: Shell=C:\WINDOWS\Explorer.exeO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocxO2 - BHO: (no name) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - (no file)O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dllO2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dllO3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dllO4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exeO4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXEO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXEO4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exeO4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exeO4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exeO4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [hpbdfawep] C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe 1O4 - HKCU\..\Run: [IE New Window Maximizer] C:\Program Files\IE New Window Maximizer\iemaximizer.exeO4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exeO4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeO4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exeO4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exeO4 - S-1-5-18 Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe (User 'SYSTEM')O4 - .DEFAULT Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe (User 'Default user')O4 - .DEFAULT User Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe (User 'Default user')O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exeO4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: HP Digital Imaging Monitor.lnk.disabledO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO4 - Global Startup: PayPal Plug-In for Outlook Express.lnk.disabledO8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlO8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlO8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.htmlO8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.htmlO8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlO8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlO8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlO8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dllO16 - DPF: {01010200-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Installer) - [url="https://ra.qwest.com/sdccommon/download/tgctlins.cab"]https://ra.qwest.com/sdccommon/download/tgctlins.cab[/url]O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - [url="http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab"]http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab[/url]O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - [url="http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab"]http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab[/url]O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [url="http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab"]http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab[/url]O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - [url="https://naasystem.webex.com/client/T26L/webex/ieatgpc.cab"]https://naasystem.webex.com/client/T26L/webex/ieatgpc.cab[/url]O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - [url="http://by105fd.bay105.hotmail.msn.com/activex/HMAtchmt.ocx"]http://by105fd.bay105.hotmail.msn.com/activex/HMAtchmt.ocx[/url]O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exeO23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe--End of file - 9662 bytes


#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:05:51 AM

Posted 26 September 2008 - 12:46 PM

Hello,

We'll get to the speeding up part in a bit, promise. :thumbsup: Did you let MBAM clean all it found? It says no action taken out to the side, so if you didn't please let it go through and clean this time. :)

I need for you to go offline completely and disable ALL your protective programs after you download ComboFix, but before you run it. Sometimes those programs interfere with it, and we don't want that! :)


This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 mrne

mrne
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:51 AM

Posted 26 September 2008 - 09:29 PM

Here's all three logs, but when I started the combofix scan, it finished, and then it restarted the computer. I had exited teatimer protection long before this, but when the computer came back on, it let it start, and not avast. It also wound up trying to delete avast global startup registry entries. I tried to just alt F4 out of the warning windows so hoping to bypass the attemt to ignore, allow, etc. Hopefully I didn't do the wrogn thing with that :thumbsup:

Database version _linenums:1203'>Malwarebytes' Anti-Malware 1.28Database version: 1203Windows 5.1.2600 Service Pack 39/26/2008 8:15:12 PMmbam-log-2008-09-26 (20-15-12).txtScan type: Quick ScanObjects scanned: 55801Time elapsed: 9 minute(s), 59 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)

ComboFix 08-09-26.01 - Owner 2008-09-26 17:55:07.1 - NTFSx86Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.137 [GMT -6:00]Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe * Created a new restore point<strong class='bbc'>WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!</strong>.(((((((((((((((((((((((((((((((((((((((   Other Deletions   ))))))))))))))))))))))))))))))))))))))))))))))))).C:\DOCUME~1\Owner\LOCALS~1\Temp\tmp2.tmpC:\Documents and Settings\Owner\Cookies\owner@2o7[2].txtC:\Documents and Settings\Owner\Cookies\owner@a.heretv[1].txtC:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[3].txtC:\Documents and Settings\Owner\Cookies\owner@ads.pointroll[1].txtC:\Documents and Settings\Owner\Cookies\owner@ads.revsci[2].txtC:\Documents and Settings\Owner\Cookies\owner@edge.ru4[1].txtC:\Documents and Settings\Owner\Cookies\owner@insightexpressai[1].txtC:\Documents and Settings\Owner\Cookies\owner@main.ebayrtm[1].txtC:\Documents and Settings\Owner\Cookies\owner@revsci[1].txtC:\Documents and Settings\Owner\Cookies\owner@specificclick[1].txtC:\Documents and Settings\Owner\Cookies\owner@trafficmp[1].txtC:\Documents and Settings\Owner\Cookies\owner@turn[1].txtC:\Documents and Settings\Owner\Cookies\owner@web.nautilusinc[2].txtC:\Documents and Settings\Owner\Favorites\Games.urlC:\m.exeC:\ntldr.exeC:\ObjectsFound.logC:\ObjectsRemoved.logC:\p.exeC:\q.exeC:\WINDOWS\Downloaded Program Files\setup.infC:\WINDOWS\system\oeminfo.iniC:\WINDOWS\system\system.exeC:\WINDOWS\system32\dao350.dllC:\WINDOWS\system32\drivers\npf.sysC:\WINDOWS\system32\mdm.exeC:\WINDOWS\system32\MSINET.ocaC:\WINDOWS\system32\Packet.dllC:\WINDOWS\system32\pthreadVC.dllC:\WINDOWS\system32\systemC:\WINDOWS\system32\system\mcafeepf.dllC:\WINDOWS\system32\WanPacket.dllC:\WINDOWS\system32\wpcap.dllC:\WINDOWS\temp\perflib_perfdata_1cc.dat.(((((((((((((((((((((((((((((((((((((((   Drivers/Services   ))))))))))))))))))))))))))))))))))))))))))))))))).-------\Legacy_NPF-------\Service_NPF(((((((((((((((((((((((((   Files Created from 2008-08-27 to 2008-09-27  ))))))))))))))))))))))))))))))).2008-09-24 15:17 . 2008-09-24 22:14	<DIR>	d--------	C:\Program Files\uTorrent2008-09-24 15:17 . 2008-09-25 00:45	<DIR>	d--------	C:\Documents and Settings\Owner\Application Data\uTorrent2008-09-24 14:00 . 2008-09-24 20:05	<DIR>	d--------	C:\Program Files\Malwarebytes' Anti-Malware2008-09-24 14:00 . 2008-09-24 14:00	<DIR>	d--------	C:\Documents and Settings\Owner\Application Data\Malwarebytes2008-09-24 14:00 . 2008-09-24 14:00	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Malwarebytes2008-09-24 14:00 . 2008-09-10 00:04	38,528	--a------	C:\WINDOWS\SYSTEM32\drivers\mbamswissarmy.sys2008-09-24 14:00 . 2008-09-10 00:03	17,200	--a------	C:\WINDOWS\SYSTEM32\drivers\mbam.sys2008-09-24 00:54 . 2008-09-24 00:54	<DIR>	d--------	C:\Program Files\Trend Micro2008-09-18 10:43 . 2008-09-18 10:43	<DIR>	d--------	C:\Program Files\InterMute2008-09-06 23:59 . 2008-09-07 00:04	229	--a------	C:\WINDOWS\aebconfig.ini2008-09-04 04:00 . 2008-09-04 04:08	<DIR>	d--------	C:\Program Files\Windows Live2008-09-04 04:00 . 2008-09-04 04:03	<DIR>	d--hsc---	C:\Program Files\Common Files\WindowsLiveInstaller2008-09-04 03:59 . 2008-09-04 03:59	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\WLInstaller2008-08-31 22:03 . 2008-09-01 01:02	<DIR>	d-a------	C:\Documents and Settings\All Users\Application Data\TEMP2008-08-31 21:06 . 2008-08-31 21:06	<DIR>	d--------	C:\WINDOWS\SYSTEM32\scripting2008-08-31 21:06 . 2008-08-31 21:06	<DIR>	d--------	C:\WINDOWS\SYSTEM32\en2008-08-31 21:06 . 2008-08-31 21:06	<DIR>	d--------	C:\WINDOWS\l2schemas2008-08-31 20:14 . 2008-04-13 18:12	712,704	---------	C:\WINDOWS\SYSTEM32\windowscodecs.dll2008-08-31 20:14 . 2008-04-13 18:12	346,112	---------	C:\WINDOWS\SYSTEM32\windowscodecsext.dll2008-08-31 20:14 . 2008-04-13 18:12	290,304	---------	C:\WINDOWS\SYSTEM32\rhttpaa.dll2008-08-31 20:14 . 2008-04-13 18:12	276,992	---------	C:\WINDOWS\SYSTEM32\wmphoto.dll2008-08-31 20:14 . 2008-04-13 18:12	69,120	---------	C:\WINDOWS\SYSTEM32\wlanapi.dll2008-08-31 20:14 . 2008-04-13 18:12	61,952	---------	C:\WINDOWS\SYSTEM32\rasqec.dll2008-08-31 20:14 . 2008-04-13 18:12	53,248	---------	C:\WINDOWS\SYSTEM32\tsgqec.dll2008-08-31 20:14 . 2008-04-13 18:12	50,688	---------	C:\WINDOWS\SYSTEM32\tspkg.dll2008-08-31 20:14 . 2008-04-13 18:12	32,768	---------	C:\WINDOWS\SYSTEM32\setupn.exe2008-08-31 20:14 . 2008-04-13 12:40	10,240	---------	C:\WINDOWS\SYSTEM32\drivers\sffp_mmc.sys2008-08-31 20:12 . 2008-04-13 18:11	397,312	---------	C:\WINDOWS\SYSTEM32\mmcex.dll2008-08-31 20:12 . 2008-04-13 18:11	184,320	---------	C:\WINDOWS\SYSTEM32\microsoft.managementconsole.dll2008-08-31 20:12 . 2008-04-13 18:11	106,496	---------	C:\WINDOWS\SYSTEM32\mmcfxcommon.dll2008-08-31 20:12 . 2008-04-13 18:11	61,440	---------	C:\WINDOWS\SYSTEM32\kmsvc.dll2008-08-31 20:12 . 2008-04-13 18:11	37,376	---------	C:\WINDOWS\SYSTEM32\l2gpstore.dll2008-08-31 20:12 . 2008-04-13 18:12	33,792	---------	C:\WINDOWS\SYSTEM32\mmcperf.exe2008-08-31 20:12 . 2008-04-13 18:09	6,144	---------	C:\WINDOWS\SYSTEM32\kbdpash.dll2008-08-31 20:12 . 2008-04-13 18:09	6,144	---------	C:\WINDOWS\SYSTEM32\kbdnepr.dll2008-08-31 20:12 . 2008-04-13 18:09	6,144	---------	C:\WINDOWS\SYSTEM32\kbdiultn.dll2008-08-31 20:12 . 2008-04-13 18:09	6,144	---------	C:\WINDOWS\SYSTEM32\kbdbhc.dll2008-08-31 20:12 . 2007-09-17 02:48	1,261	---------	C:\WINDOWS\SYSTEM32\pid.inf2008-08-31 20:10 . 2008-04-13 18:11	233,472	---------	C:\WINDOWS\SYSTEM32\azroles.dll2008-08-31 20:10 . 2008-04-13 18:11	48,640	---------	C:\WINDOWS\SYSTEM32\dhcpqec.dll2008-08-31 20:10 . 2007-04-02 12:26	19,456	--a------	C:\WINDOWS\SYSTEM32\dllcache\agt040d.dll2008-08-31 20:10 . 2007-04-02 12:25	19,456	--a------	C:\WINDOWS\SYSTEM32\dllcache\agt0401.dll2008-08-31 20:10 . 2008-04-13 18:11	12,800	---------	C:\WINDOWS\SYSTEM32\credssp.dll2008-08-31 20:10 . 2008-04-13 18:11	7,168	---------	C:\WINDOWS\SYSTEM32\bitsprx4.dll2008-08-31 20:09 . 2008-04-13 18:11	136,192	---------	C:\WINDOWS\SYSTEM32\aaclient.dll2008-08-27 00:13 . 2008-08-01 10:31	393,216	---------	C:\WINDOWS\SYSTEM32\fpres632.dll2008-08-27 00:13 . 2008-08-01 10:29	372,736	---------	C:\WINDOWS\SYSTEM32\fpmon6.dll.((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-09-26 05:58	---------	d-----w	C:\Documents and Settings\Owner\Application Data\WeatherBug2008-09-25 02:32	---------	d-----w	C:\Program Files\StartUp Organizer2008-09-21 01:30	---------	d-----w	C:\Program Files\PC-Doctor for Windows XP2008-09-18 15:05	---------	d-----w	C:\Program Files\QuickTime2008-09-07 05:59	---------	d-----w	C:\Program Files\Activ E-Book 4.222008-09-03 22:47	---------	d-----w	C:\Program Files\MSN Messenger2008-09-01 03:35	---------	d--h--w	C:\Program Files\InstallShield Installation Information2008-09-01 03:35	---------	d-----w	C:\Program Files\USB-IDE Bridge Driver2008-09-01 03:10	77,824	----a-w	C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\bin\WinVerifyTrust.dll2008-09-01 03:10	731,136	----a-w	C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\bin\motdeusr.zip2008-09-01 03:10	49,152	----a-w	C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\bin\PCHI18N.dll2008-09-01 03:10	420,432	----a-w	C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\bin\pchplugin.zip2008-09-01 03:10	155,648	----a-w	C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\bin\PCHButton.exe2008-09-01 03:10	126,976	----a-w	C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\bin\ContentUpdater.exe2008-09-01 03:10	122,880	----a-w	C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\bin\SearchCtrl.dll2008-09-01 03:10	106,496	----a-w	C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\bin\PluginCtrl.dll2008-08-26 23:47	---------	d-----w	C:\Documents and Settings\Owner\Application Data\webex2008-08-26 23:46	---------	d-----w	C:\Program Files\WebEx2008-08-21 16:34	56,912	----a-w	C:\Documents and Settings\Owner\g2mdlhlpx.exe2008-08-21 16:34	---------	d-----w	C:\Program Files\Citrix2008-08-21 05:03	---------	d-----w	C:\Program Files\Microsoft Visual Studio 82008-08-21 05:03	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Microsoft Help2008-08-21 03:23	---------	d-----w	C:\Program Files\HP2008-08-19 19:53	---------	d-----w	C:\Documents and Settings\All Users\Application Data\HPSSUPPLY2008-08-19 19:52	---------	d--h--w	C:\Program Files\Avago-HP2008-08-10 18:03	---------	d-----w	C:\Program Files\Sun2008-08-10 18:03	---------	d-----w	C:\Program Files\Java2008-08-06 17:43	---------	d-----w	C:\Program Files\DivX2008-07-25 08:36	524,288	----a-w	C:\WINDOWS\SYSTEM32\DivXsm.exe2008-07-23 16:50	3,596,288	----a-w	C:\WINDOWS\SYSTEM32\qt-dx331.dll2008-07-23 16:50	129,784	------w	C:\WINDOWS\SYSTEM32\pxafs.dll2008-07-23 16:50	120,056	------w	C:\WINDOWS\SYSTEM32\pxcpyi64.exe2008-07-23 16:50	118,520	------w	C:\WINDOWS\SYSTEM32\pxinsi64.exe2008-07-23 16:48	200,704	----a-w	C:\WINDOWS\SYSTEM32\ssldivx.dll2008-07-23 16:48	1,044,480	----a-w	C:\WINDOWS\SYSTEM32\libdivx.dll2008-07-23 16:46	12,288	----a-w	C:\WINDOWS\SYSTEM32\DivXWMPExtType.dll2008-07-19 04:10	94,920	----a-w	C:\WINDOWS\SYSTEM32\cdm.dll2008-07-19 04:10	53,448	----a-w	C:\WINDOWS\SYSTEM32\wuauclt.exe2008-07-19 04:10	45,768	----a-w	C:\WINDOWS\SYSTEM32\wups2.dll2008-07-19 04:10	36,552	----a-w	C:\WINDOWS\SYSTEM32\wups.dll2008-07-19 04:09	563,912	----a-w	C:\WINDOWS\SYSTEM32\wuapi.dll2008-07-19 04:09	325,832	----a-w	C:\WINDOWS\SYSTEM32\wucltui.dll2008-07-19 04:09	205,000	----a-w	C:\WINDOWS\SYSTEM32\wuweb.dll2008-07-19 04:09	1,811,656	----a-w	C:\WINDOWS\SYSTEM32\wuaueng.dll2008-07-19 04:07	270,880	----a-w	C:\WINDOWS\SYSTEM32\mucltui.dll2008-07-19 04:07	210,976	----a-w	C:\WINDOWS\SYSTEM32\muweb.dll2008-07-07 20:26	253,952	----a-w	C:\WINDOWS\SYSTEM32\es.dll2007-11-15 00:55	32,384	----a-w	C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT2007-04-25 20:11	3	----a-w	C:\Program Files\sFile64sys.ico2006-05-22 22:29	3,546	----a-w	C:\Program Files\uninstal.log2005-12-06 01:28	916,806	------w	C:\Program Files\Dec2005_MDX1_x86.cab2005-12-06 01:28	86,925	------w	C:\Program Files\Oct2005_xinput_x64.cab2005-12-06 01:28	46,247	------w	C:\Program Files\Oct2005_xinput_x86.cab2005-12-06 01:28	41,888	------w	C:\Program Files\dxdllreg_x86.cab2005-12-06 01:28	3,673,932	------w	C:\Program Files\Dec2005_MDX1_x86_Archive.cab2005-12-06 01:28	1,358,864	------w	C:\Program Files\Dec2005_d3dx9_28_x64.cab2005-12-06 01:27	1,080,344	------w	C:\Program Files\Dec2005_d3dx9_28_x86.cab2004-11-17 06:39	0	--sh--r	C:\Program Files\q330994.exe2004-11-17 06:39	0	--sh--r	C:\WINDOWS\cvchost.exe2004-11-17 06:39	0	--sh--r	C:\WINDOWS\msstasks.exe2004-11-17 06:39	0	--sh--r	C:\WINDOWS\mssys.com2004-11-17 06:39	0	--sh--r	C:\WINDOWS\mstaskss.exe2004-11-17 06:39	0	--sh--r	C:\WINDOWS\msxmidi.exe2004-11-17 06:39	0	--sh--r	C:\WINDOWS\nem216.dll2004-11-17 06:39	0	--sh--r	C:\WINDOWS\ntldr.exe2005-06-17 19:12	137	--sha-r	C:\WINDOWS\Regbak.dat2004-11-17 06:39	0	--sh--r	C:\WINDOWS\rocky.exe2004-11-17 06:39	0	--sh--r	C:\WINDOWS\seksdialer.exe2001-07-22 02:45	94,784	--sh--w	C:\WINDOWS\twain.dll2008-04-14 00:12	50,688	--sh--w	C:\WINDOWS\twain_32.dll2004-11-17 06:39	0	--sh--r	C:\WINDOWS\SYSTEM\wmscrop.exe2004-11-17 06:39	0	--sh--r	C:\WINDOWS\SYSTEM32\d2kpax.dll2004-11-17 06:39	0	--sh--r	C:\WINDOWS\SYSTEM32\d2kpax.exe2004-11-17 06:39	0	--sh--r	C:\WINDOWS\SYSTEM32\jac.dll2004-08-05 06:19	0	--sha-w	C:\WINDOWS\SYSTEM32\javalw.exe2004-11-17 06:39	0	--sh--r	C:\WINDOWS\SYSTEM32\mcc.exe2008-04-14 00:11	1,028,096	--sha-w	C:\WINDOWS\SYSTEM32\mfc42.dll2005-09-15 22:23	745	--sha-w	C:\WINDOWS\SYSTEM32\mmf(10)(2).sys2004-08-28 09:46	745	--sha-w	C:\WINDOWS\SYSTEM32\mmf(2)(2).sys2005-09-14 03:07	745	--sha-w	C:\WINDOWS\SYSTEM32\mmf(2)(3).sys2005-09-19 00:09	745	--sha-w	C:\WINDOWS\SYSTEM32\mmf(2)(4).sys2005-09-18 15:00	745	--sha-w	C:\WINDOWS\SYSTEM32\mmf(2)(5).sys2005-12-20 19:08	745	--sha-w	C:\WINDOWS\SYSTEM32\mmf(2).sys2004-08-28 07:15	745	--sha-w	C:\WINDOWS\SYSTEM32\mmf(3)(2).sys2005-09-17 19:17	745	--sha-w	C:\WINDOWS\SYSTEM32\mmf(3)(3).sys2004-08-28 07:03	745	--sha-w	C:\WINDOWS\SYSTEM32\mmf(4)(2).sys2005-09-17 09:22	745	--sha-w	C:\WINDOWS\SYSTEM32\mmf(4)(3).sys2004-08-28 06:26	745	--sha-w	C:\WINDOWS\SYSTEM32\mmf(5)(2).sys2005-09-17 04:44	745	--sha-w	C:\WINDOWS\SYSTEM32\mmf(5)(3).sys2004-08-28 06:10	745	--sha-w	C:\WINDOWS\SYSTEM32\mmf(6)(2).sys2005-09-18 15:00	745	--sha-w	C:\WINDOWS\SYSTEM32\mmf(6)(3).sys2005-09-14 16:15	745	--sha-w	C:\WINDOWS\SYSTEM32\mmf(7)(2).sys2005-09-15 03:19	745	--sha-w	C:\WINDOWS\SYSTEM32\mmf(8)(2).sys2005-09-15 16:21	745	--sha-w	C:\WINDOWS\SYSTEM32\mmf(9)(2).sys2006-07-20 21:43	761	--sha-w	C:\WINDOWS\SYSTEM32\mmf.sys2008-04-14 00:12	57,344	--sha-w	C:\WINDOWS\SYSTEM32\msvcirt.dll2008-04-14 00:12	413,696	--sha-w	C:\WINDOWS\SYSTEM32\msvcp60.dll2008-04-14 00:12	343,040	--sha-w	C:\WINDOWS\SYSTEM32\msvcrt.dll2004-11-17 06:39	0	--sh--r	C:\WINDOWS\SYSTEM32\msxslab.dll2008-04-14 00:12	11,776	--sh--w	C:\WINDOWS\SYSTEM32\regsvr32.exe2005-03-01 06:15	16,496	--sha-w	C:\WINDOWS\SYSTEM32\config\systemprofile\Application Data\Microsoft\Windows NT\DiskQuota\NTDiskQuotaSidCache.dat.(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"IE New Window Maximizer"="C:\Program Files\IE New Window Maximizer\iemaximizer.exe" [2005-02-08 356352]"Microsoft Works Update Detection"="C:\Program Files\Microsoft Works\WkDetect.exe" [2000-08-15 28739]"Weather"="C:\Program Files\AWS\WeatherBug\Weather.exe" [2006-01-06 1343488]"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-28 68856]"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 2097488]"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]"KBD"="C:\HP\KBD\KBD.EXE" [2001-07-06 61440]"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2001-06-15 212992]"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2001-08-07 143360]"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2001-08-07 90112]"PS2"="C:\WINDOWS\system32\ps2.exe" [2001-07-03 81920]"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 267048]"hpbdfawep"="C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe" [2007-04-25 954368]C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [2005-03-12 45056]C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [2005-03-12 45056]C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2005-11-02 25214]Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-06-01 113664]Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 29696]HP Digital Imaging Monitor.lnk.disabled [2005-09-30 1819]Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]PayPal Plug-In for Outlook Express.lnk.disabled [2004-06-30 673][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]"Messenger"=2 (0x2)[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="C:\\Program Files\\Messenger\\msmsgs.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Maxis\\SimCity 3000 Unlimited\\Apps\\Updater\\UPDATER.EXE"="C:\\WINDOWS\\SYSTEM32\\fxsclnt.exe"="C:\\Program Files\\Microsoft Broadband Networking\\MSBNUtil.exe"="C:\\Program Files\\Microsoft Broadband Networking\\MSBNTray.exe"="C:\\Program Files\\Microsoft Broadband Networking\\MSBNCfg.exe"="C:\\Program Files\\Microsoft Broadband Networking\\MSBNUpdate.exe"="C:\\Sierra\\Empire Earth\\Empire Earth.exe"="C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\WINDOWS\\SYSTEM32\\spool\\drivers\\w32x86\\3\\HP1006MC.EXE"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"3724:TCP"= 3724:TCP:Blizzard Downloader"6112:TCP"= 6112:TCP:Blizzard Downloader"18083:UDP"= 18083:UDP:LimewireR1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]S3 CoachUsb;Coach Digital Camera on USB;C:\WINDOWS\system32\DRIVERS\CoachUsb.sys [2004-01-22 46944]S3 jswmidin;jswmidin;C:\DOCUME~1\Owner\LOCALS~1\Temp\jswmidin.sys [ ]S3 MN710-51;Microsoft® Wireless USB 2.0 Adapter;C:\WINDOWS\system32\DRIVERS\MN710-51.sys [2004-01-07 339520]S3 PCDRDRV;Pcdr Helper Driver;C:\WINDOWS\system32\drivers\PCDRDRV.sys [ ][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c4ae40be-e64c-11db-8457-00e0183770f3}]\Shell\AutoRun\command - G:\Autorun.exe /run\Shell\Shell00\Command - G:\Autorun.exe /run\Shell\Shell01\Command - G:\Autorun.exe /action\Shell\Shell02\Command - G:\Autorun.exe /uninstall.Contents of the 'Scheduled Tasks' folder.- - - - ORPHANS REMOVED - - - -Notify-dimsntfy - (no file)Notify-WgaLogon - (no file).------- Supplementary Scan -------.R0 -: HKCU-Main,Start Page = about:blankR0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8O8 -: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlO8 -: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlO8 -: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.htmlO8 -: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.htmlO8 -: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlO8 -: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlO8 -: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlO8 -: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlO8 -: E&xport to Microsoft ExcelO16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cabC:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osdO16 -: {01010200-5E80-11D8-9E86-0007E96C65AE} - hxxps://ra.qwest.com/sdccommon/download/tgctlins.cabC:\WINDOWS\Downloaded Program Files\tgctlins.infC:\WINDOWS\Downloaded Program Files\tgctlins.dll..------- File Associations -------..**************************************************************************catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url]Rootkit scan 2008-09-26 18:19:11Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes ... scanning hidden autostart entries ...scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PSSdk21]"ImagePath"="\??\C:\WINDOWS\system32\Drivers\HNPsSdk.drv".------------------------ Other Running Processes ------------------------.C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exeC:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\HP1006MC.EXEC:\WINDOWS\SYSTEM32\snmp.exeC:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exeC:\WINDOWS\SYSTEM32\fxssvc.exeC:\Program Files\Webshots\Webshots.scrC:\Program Files\Alwil Software\Avast4\ashMaiSv.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Program Files\Alwil Software\Avast4\ashWebSv.exe.**************************************************************************.Completion time: 2008-09-26 18:45:45 - machine was rebootedComboFix-quarantined-files.txt  2008-09-27 00:45:31Pre-Run: 19,715,596,288 bytes freePost-Run: 20,458,680,320 bytes free339	--- E O F ---	2008-09-10 03:26:51


Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:17:38 PM, on 9/26/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\windows\system\hpsysdrv.exeC:\HP\KBD\KBD.EXEC:\Program Files\Java\jre1.6.0_07\bin\jusched.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\IE New Window Maximizer\iemaximizer.exeC:\Program Files\AWS\WeatherBug\Weather.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\Windows Media Player\WMPNSCFG.exeC:\WINDOWS\System32\snmp.exeC:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\fxssvc.exeC:\Program Files\Webshots\webshots.scrC:\Program Files\Alwil Software\Avast4\ashMaiSv.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Alwil Software\Avast4\ashWebSv.exeC:\WINDOWS\explorer.exeC:\WINDOWS\system32\notepad.exeC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exeC:\Program Files\Windows Live\Messenger\msnmsgr.exeC:\WINDOWS\system32\NOTEPAD.EXEC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url]R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url]O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocxO2 - BHO: (no name) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - (no file)O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dllO2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dllO3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dllO4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exeO4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXEO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXEO4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exeO4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exeO4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exeO4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [hpbdfawep] C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe 1O4 - HKCU\..\Run: [IE New Window Maximizer] C:\Program Files\IE New Window Maximizer\iemaximizer.exeO4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exeO4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeO4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exeO4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exeO4 - S-1-5-18 Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe (User 'SYSTEM')O4 - .DEFAULT Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe (User 'Default user')O4 - .DEFAULT User Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe (User 'Default user')O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exeO4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: HP Digital Imaging Monitor.lnk.disabledO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO4 - Global Startup: PayPal Plug-In for Outlook Express.lnk.disabledO8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlO8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlO8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.htmlO8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.htmlO8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlO8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlO8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlO8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dllO16 - DPF: {01010200-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Installer) - [url="https://ra.qwest.com/sdccommon/download/tgctlins.cab"]https://ra.qwest.com/sdccommon/download/tgctlins.cab[/url]O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - [url="http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab"]http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab[/url]O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - [url="http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab"]http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab[/url]O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [url="http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab"]http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab[/url]O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - [url="https://naasystem.webex.com/client/T26L/webex/ieatgpc.cab"]https://naasystem.webex.com/client/T26L/webex/ieatgpc.cab[/url]O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - [url="http://by105fd.bay105.hotmail.msn.com/activex/HMAtchmt.ocx"]http://by105fd.bay105.hotmail.msn.com/activex/HMAtchmt.ocx[/url]O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exeO23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe--End of file - 9648 bytes


#6 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:05:51 AM

Posted 27 September 2008 - 07:42 PM

Hello,

You did all right. :thumbsup: ComboFix and Avast! aren't very fond of each other, but as you can tell by the number of bad things deleted by ComboFix that we had to run it. It's looking good. :) How is it running now please?

Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: (no name) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE


Close all browsers and other windows except for HijackThis!, and click "Fix checked".

Reboot your computer.

Regards,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#7 mrne

mrne
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:51 AM

Posted 29 September 2008 - 10:33 AM

Hi again,
Got those things fixed, but the BHO (no file)s came back. Looks like the rest left and stayed gone, but what are those BHOs? I haven't gotten to learn much on Windows XPs method of saving things, but are those like supposed to be real or bogus IE7 profiles or something? Here's the HJT log after reboot:

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:24:16 AM, on 9/29/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\spoolsv.exeC:\windows\system\hpsysdrv.exeC:\HP\KBD\KBD.EXEC:\Program Files\Java\jre1.6.0_07\bin\jusched.exeC:\Program Files\iTunes\iTunesHelper.exeC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\Program Files\IE New Window Maximizer\iemaximizer.exeC:\Program Files\AWS\WeatherBug\Weather.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\Windows Media Player\WMPNSCFG.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\Program Files\Webshots\webshots.scrC:\WINDOWS\System32\snmp.exeC:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Alwil Software\Avast4\ashMaiSv.exeC:\Program Files\Alwil Software\Avast4\ashWebSv.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url]R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url]O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocxO2 - BHO: (no name) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - (no file)O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dllO2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dllO3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dllO4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exeO4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXEO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXEO4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exeO4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exeO4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exeO4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [hpbdfawep] C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe 1O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKCU\..\Run: [IE New Window Maximizer] C:\Program Files\IE New Window Maximizer\iemaximizer.exeO4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exeO4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeO4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exeO4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exeO4 - S-1-5-18 Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe (User 'SYSTEM')O4 - .DEFAULT Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe (User 'Default user')O4 - .DEFAULT User Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe (User 'Default user')O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exeO4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: HP Digital Imaging Monitor.lnk.disabledO4 - Global Startup: PayPal Plug-In for Outlook Express.lnk.disabledO8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlO8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlO8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.htmlO8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.htmlO8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlO8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlO8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlO8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dllO16 - DPF: {01010200-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Installer) - [url="https://ra.qwest.com/sdccommon/download/tgctlins.cab"]https://ra.qwest.com/sdccommon/download/tgctlins.cab[/url]O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - [url="http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab"]http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab[/url]O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - [url="http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab"]http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab[/url]O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [url="http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab"]http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab[/url]O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - [url="https://naasystem.webex.com/client/T26L/webex/ieatgpc.cab"]https://naasystem.webex.com/client/T26L/webex/ieatgpc.cab[/url]O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - [url="http://by105fd.bay105.hotmail.msn.com/activex/HMAtchmt.ocx"]http://by105fd.bay105.hotmail.msn.com/activex/HMAtchmt.ocx[/url]O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exeO23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe--End of file - 9256 bytes

Looks like I have just wat too much damn stuff trying to start with windows that I shouldn't, huh? lol :thumbsup:

#8 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:05:51 AM

Posted 29 September 2008 - 01:53 PM

Hello,

Okay.....first.....BHOs are Browser Helper Objects. The ones we're trying to get rid of are orphans, and legit ones at that. One is for Skype, one is for Spybot, and the others is for Windows Live. So they aren't even remotely a problem or a threat....just clutter. :thumbsup:

You really have very little that can be eliminated in the way of startups. Either you've already done it....though I don't see that you've used msconfig in your log.....or you just don't have a lot on your computer that likes to phone home. :) We already eliminated the big hog, MS Office. ;)

Your log looks good, other than those clutter lines. Everything running all right? If they bother you, try booting into safe mode and follow the same directions as before with HijackThis. :)

Let me know how you come out.

Regards,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#9 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:05:51 AM

Posted 10 October 2008 - 02:24 AM

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users