Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Fake Alert, and others.


  • This topic is locked This topic is locked
2 replies to this topic

#1 FanofStuff

FanofStuff

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 13 July 2009 - 07:23 PM

Hello, I would first like to thank everyone for the help I am about to receive.

Malwarebytes detects files and it says it will remove it on boot but they remain after the boot up. I will post the malwarebytes log if it helps along with the DDS logs as well.

DDS (Ver_09-06-26.01) - NTFSx86

Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.991.557 [GMT -7:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\Program Files\Airlink+\PVR Plus\TVR\Scheduled.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRAM FILES\FAXTALK COMMUNICATOR\FTCtrl32.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Ares\Ares.exe
C:\PROGRAM FILES\FAXTALK COMMUNICATOR\FAPIEXE.EXE
C:\Program Files\KWorld Multimedia\TV713X Utilities\HMCP3XCtl.exe
C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
C:\Program Files\ArcSoft\TotalMedia 3\TMMonitor.exe
svchost.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\BRMFRSMG.EXE
C:\WINDOWS\system32\regsvr32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Leopoldo Reyes\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.comodo.com/search/
uURLSearchHooks: DefaultSearchHook Class: {c94e154b-1459-4a47-966b-4b843befc7db} - c:\program files\asksearch\bin\DefaultSearch.dll
BHO: 1 (0x1): {02478d38-c3f9-4efb-9b51-7695eca05670} - &Yahoo! Toolbar Helper
BHO: precisead: {031502ac-155a-922d-031c-bcd735a47512} - c:\windows\system32\nsa52.dll
BHO: precisead search enhancer: {040dc938-3620-9395-8810-c742263372c8} - c:\windows\system32\ebrhmlpemih.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - No File
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: {B210A058-AFBA-43E0-8BBE-DD8E8F7B6FC7} - No File
BHO: precisead browser enhancer: {d685ddf2-6463-fd20-4a25-97da85835f20} - c:\windows\system32\sfirpzmipv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: {D0523BB4-21E7-11DD-9AB7-415B56D89593} - No File
EB: Search panel: {1bd3b92c-ee2e-f53d-24ca-4244ab728c8a} - c:\windows\system32\ebrhmlpemih.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [ares] "c:\program files\ares\Ares.exe" -h
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [VTTimer] VTTimer.exe
mRun: [VTTrayp] VTtrayp.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [CorelDRAW Graphics Suite 11b] c:\program files\corel\corel graphics 12\languages\en\programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=060609 serial=dr12wux-0604647-brk lang=EN
mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe
mRun: [IndexSearch] c:\program files\scansoft\paperport\IndexSearch.exe
mRun: [SetDefPrt] c:\program files\brother\brmflp03\BrStDvPt.exe
mRun: [PVR Agent] c:\program files\airlink+\pvr plus\tvr\Scheduled.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [CallControl 4.7] "c:\program files\faxtalk communicator\FTCtrl32.exe" /autoload
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [jhgngtzhzxsib] c:\windows\system32\regsvr32.exe /s "c:\windows\system32\sfirpzmipv.dll"
mRunOnce: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\docume~1\leopol~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\remote~1.lnk - c:\program files\kworld multimedia\tv713x utilities\HMCP3XCtl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\smartui.lnk - c:\program files\scansoft\paperport\smartui\SmartUI.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\tmmoni~1.lnk - c:\program files\arcsoft\totalmedia 3\TMMonitor.exe
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {53F6FCCD-9E22-4d71-86EA-6E43136192AB}
IE: {925DAB62-F9AC-4221-806A-057BFB1014AA}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\leopol~1\applic~1\mozilla\firefox\profiles\1sequpqk.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10587&gct=&gc=1&q=
FF - plugin: c:\documents and settings\leopoldo reyes\application data\mozilla\firefox\profiles\1sequpqk.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: google.toolbar.linkdoctor.enabled - false

============= SERVICES / DRIVERS ===============

R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [2009-5-26 11264]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-2-17 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-2-17 55024]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;c:\program files\common files\nero\nero backitup 4\NBService.exe [2008-9-24 935208]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [2009-6-6 670592]
S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [2009-3-3 2944]
S3 brparimg;Brother Multi Function Parallel Image driver;c:\windows\system32\drivers\BrParImg.sys [2009-3-3 3168]
S3 BrParWdm;Brother WDM Parallel Driver;c:\windows\system32\drivers\BrParwdm.sys [2009-3-3 39552]
S3 pmxscan;Visioneer USB Kernel;c:\windows\system32\drivers\usbscan.sys [2009-1-2 15104]
S3 RkPavproc1;RkPavproc1; [x]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-2-17 7408]

=============== Created Last 30 ================

2009-07-13 16:45 58,743 a------- c:\windows\system32\ebrhmlpemih.dll-uninst.exe
2009-07-13 16:45 86,005 a------- c:\windows\system32\ae6ecd5e-e4a5-0912-3384-7bd3329f86d7.exe
2009-07-13 16:45 48,273 a------- c:\windows\system32\dkwjlgwkreqy.exe
2009-07-12 22:19 <DIR> --d----- C:\32788R22FWJFW.1.tmp
2009-07-12 22:18 <DIR> --d----- C:\32788R22FWJFW.0.tmp
2009-07-12 22:03 <DIR> --d----- c:\program files\AskSearch
2009-07-12 22:03 <DIR> --d----- c:\program files\AskBarDis
2009-07-12 22:03 <DIR> --d----- c:\program files\COMODO
2009-07-12 21:59 388,608 a------- c:\windows\system32\CF31021.exe
2009-07-12 21:57 120 a------- c:\windows\CIS_Setup_3.5.57173.439_XP_Vista_x32.INI
2009-07-12 21:24 <DIR> --d----- c:\program files\CCleaner
2009-07-12 21:24 <DIR> --d----- c:\program files\common files\PC Tools
2009-07-12 21:20 388,608 a------- c:\windows\system32\CF23488.exe
2009-07-12 21:16 388,608 a------- c:\windows\system32\CF22348.exe
2009-07-12 15:55 388,608 a------- c:\windows\system32\CF25221.exe
2009-07-12 15:42 388,608 a------- c:\windows\system32\CF22628.exe
2009-07-11 20:17 <DIR> --d----- c:\program files\MSXML 6.0
2009-07-11 14:41 453,632 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-07-11 14:40 2,180,480 -c------ c:\windows\system32\dllcache\ntoskrnl.exe
2009-07-11 14:40 2,136,064 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe
2009-07-11 14:40 2,057,728 -c------ c:\windows\system32\dllcache\ntkrnlpa.exe
2009-07-11 14:40 2,015,744 -c------ c:\windows\system32\dllcache\ntkrpamp.exe
2009-07-11 14:40 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
2009-07-11 09:45 6,144 a--sh--- c:\windows\system32\access.ctl
2009-07-10 21:17 <DIR> --d----- c:\program files\common files\Macrovision Shared
2009-07-10 21:17 45,392 a----r-- c:\windows\system32\AdobePDF.dll
2009-07-10 21:17 22,872 a----r-- c:\windows\system32\AdobePDFUI.dll
2009-07-06 17:00 <DIR> --d----- c:\docume~1\leopol~1\applic~1\WeatherBug
2009-07-06 16:57 <DIR> --d----- c:\program files\Free Offers from Freeze.com
2009-07-04 00:03 523,264 a------- c:\windows\system32\ebrhmlpemih.dll
2009-07-02 07:03 1,330,688 a------- c:\windows\system32\nsj72.dll
2009-07-02 07:03 1,330,688 a------- c:\windows\system32\nsa52.dll
2009-06-30 09:45 <DIR> --d----- c:\program files\Enigma Software Group
2009-06-28 10:48 <DIR> --d----- c:\docume~1\alluse~1\applic~1\DAEMON Tools Pro
2009-06-28 10:46 721,904 a------- c:\windows\system32\drivers\sptd.sys
2009-06-28 10:46 <DIR> --d----- c:\docume~1\leopol~1\applic~1\DAEMON Tools Pro
2009-06-28 10:03 124,688 a------- c:\windows\system32\MSWINSCK.OCX
2009-06-27 18:00 <DIR> --d----- c:\program files\MagicISO
2009-06-19 10:43 59,648 ac------ c:\windows\system32\dllcache\rfcomm.sys
2009-06-19 10:43 17,024 ac------ c:\windows\system32\dllcache\bthenum.sys
2009-06-19 10:43 59,648 a------- c:\windows\system32\drivers\rfcomm.sys
2009-06-19 10:43 17,024 a------- c:\windows\system32\drivers\BthEnum.sys
2009-06-19 10:43 152,576 ac------ c:\windows\system32\dllcache\irftp.exe
2009-06-19 10:43 27,136 ac------ c:\windows\system32\dllcache\irmon.dll
2009-06-19 10:43 8,192 ac------ c:\windows\system32\dllcache\wshirda.dll
2009-06-19 10:43 152,576 a------- c:\windows\system32\irftp.exe
2009-06-19 10:43 27,136 a------- c:\windows\system32\irmon.dll
2009-06-19 10:43 8,192 a------- c:\windows\system32\wshirda.dll

==================== Find3M ====================

2009-07-13 13:36 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 13:36 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-12 22:03 249,592 a------- c:\windows\system32\cssdll32.dll
2009-06-04 16:47 22,780 a------- c:\windows\system32\emptyregdb.dat
2009-06-02 10:47 0 a------- c:\windows\system32\drivers\lgdgp.sys
2009-05-20 10:08 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-07 08:44 344,064 a------- c:\windows\system32\localspl.dll
2009-05-05 01:04 480,256 a------- c:\windows\system32\sfirpzmipv.dll
2009-05-01 14:03 129,784 -------- c:\windows\system32\pxafs.dll
2009-05-01 14:03 120,056 -------- c:\windows\system32\pxcpyi64.exe
2009-05-01 14:03 118,520 -------- c:\windows\system32\pxinsi64.exe
2009-05-01 14:02 90,112 a------- c:\windows\system32\dpl100.dll
2009-05-01 14:02 823,296 a------- c:\windows\system32\divx_xx0c.dll
2009-05-01 14:02 823,296 a------- c:\windows\system32\divx_xx07.dll
2009-05-01 14:02 815,104 a------- c:\windows\system32\divx_xx0a.dll
2009-05-01 14:02 811,008 a------- c:\windows\system32\divx_xx16.dll
2009-05-01 14:02 802,816 a------- c:\windows\system32\divx_xx11.dll
2009-05-01 14:02 685,056 a------- c:\windows\system32\DivX.dll
2009-04-28 21:52 659,456 a------- c:\windows\system32\wininet.dll
2009-04-28 21:52 81,920 a------- c:\windows\system32\ieencode.dll
2009-04-17 02:58 1,846,656 a------- c:\windows\system32\win32k.sys
2009-04-15 08:11 584,192 a------- c:\windows\system32\rpcrt4.dll
2009-02-17 08:58 172 a------- c:\program files\elesfzx.txt
2008-06-16 11:06 63,839,744 a------- c:\program files\common files\TaxWise Workstation.msi
2009-01-27 16:17 16,384 ac-sh--- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat
2009-01-27 16:17 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009012720090128\index.dat

============= FINISH: 17:03:17.50 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-06-26.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 6/4/2009 4:55:58 PM
System Uptime: 7/13/2009 1:39:42 PM (4 hours ago)

Motherboard: ECS | | P4M800PRO-M
Processor: Intel« Pentium« D CPU 3.40GHz | CPU 1 | 3393/200mhz
Processor: Intel« Pentium« D CPU 3.40GHz | CPU 1 | 3393/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 373 GiB total, 313.113 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek RTL8139 Family PCI Fast Ethernet NIC
Device ID: PCI\VEN_1186&DEV_1300&SUBSYS_13011186&REV_10\3&267A616A&0&50
Manufacturer: Realtek
Name: Realtek RTL8139 Family PCI Fast Ethernet NIC
PNP Device ID: PCI\VEN_1186&DEV_1300&SUBSYS_13011186&REV_10\3&267A616A&0&50
Service: rtl8139

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Bluetooth Device (RFCOMM Protocol TDI)
Device ID: ROOT\NET\0000
Manufacturer: Microsoft
Name: Bluetooth Device (RFCOMM Protocol TDI)
PNP Device ID: ROOT\NET\0000
Service: RFCOMM

==== System Restore Points ===================

RP1: 6/4/2009 5:01:30 PM - System Checkpoint
RP2: 6/4/2009 5:13:44 PM - Installed ErrorFix
RP3: 6/4/2009 5:33:27 PM - Removed ErrorFix
RP4: 6/5/2009 1:38:43 PM - Removed FaxTalk Communicator SE 4.7.
RP5: 6/5/2009 4:00:26 PM - Installed FaxTalk Communicator SE 4.7.
RP6: 6/5/2009 4:17:29 PM - Installed FaxTalk Communicator SE 4.7.
RP7: 6/5/2009 4:26:41 PM - Installed FaxTalk Communicator SE 4.7.
RP8: 6/5/2009 7:04:17 PM - Configured TotalMedia
RP9: 6/5/2009 7:05:27 PM - Configured TotalMedia
RP10: 6/5/2009 7:07:46 PM - Installed TotalMedia
RP11: 6/5/2009 7:09:24 PM - Installed TotalMedia
RP12: 6/5/2009 7:12:36 PM - Configured TotalMedia
RP13: 6/5/2009 9:22:40 PM - Installed Windows Media Player 11
RP14: 6/5/2009 9:24:40 PM - Installed Windows XP MSCompPackV1.
RP15: 6/5/2009 9:26:24 PM - Installed Windows XP KB926239.
RP16: 6/6/2009 9:22:00 AM - Configured TotalMedia
RP17: 6/6/2009 10:16:09 AM - Installed Windows Installer Clean Up
RP18: 6/6/2009 10:26:01 AM - Installed Adobe Acrobat 7.0 Professional
RP19: 6/6/2009 10:31:17 AM - Removed TotalMedia
RP20: 6/6/2009 10:46:24 AM - Installed TotalMedia
RP21: 6/6/2009 2:27:36 PM - Removed Adobe Acrobat 7.0 Professional
RP22: 6/6/2009 2:33:57 PM - Removed Refunds Today 2007 Classic
RP23: 6/6/2009 3:11:51 PM - Installed Refunds Today 2007 Classic
RP24: 6/6/2009 3:27:25 PM - Installed Adobe Acrobat 7.0 Professional
RP25: 6/7/2009 9:12:16 AM - Removed FaxTalk Communicator SE 4.7.
RP26: 6/7/2009 9:25:41 AM - Installed FaxTalk Communicator SE 4.7.
RP27: 6/8/2009 11:16:06 AM - System Checkpoint
RP28: 6/8/2009 7:19:54 PM - Removed Nero 7 Demo
RP29: 6/8/2009 7:28:23 PM - Installed Windows Installer KB893803v2.
RP30: 6/8/2009 9:12:57 PM - Removed Windows Installer Clean Up
RP31: 6/8/2009 9:15:47 PM - Installed Windows Installer Clean Up
RP32: 6/9/2009 2:11:25 PM - Installed ImagXpress
RP33: 6/9/2009 2:11:40 PM - Installed DirectX
RP34: 6/9/2009 2:13:03 PM - Installed neroxml
RP35: 6/9/2009 2:13:11 PM - Installed Advertising Center
RP36: 6/9/2009 2:13:29 PM - Installed NeroBurningROM
RP37: 6/9/2009 2:15:23 PM - Installed Nero CoverDesigner
RP38: 6/9/2009 2:16:36 PM - Installed NeroExpress
RP39: 6/9/2009 2:18:47 PM - Installed Nero PhotoSnap
RP40: 6/9/2009 2:20:43 PM - Installed Nero Recode
RP41: 6/9/2009 2:21:34 PM - Installed Nero ShowTime
RP42: 6/9/2009 2:22:33 PM - Installed SoundTrax
RP43: 6/9/2009 2:23:31 PM - Installed Nero StartSmart
RP44: 6/9/2009 2:25:03 PM - Installed Nero Vision
RP45: 6/9/2009 2:26:32 PM - Installed Nero WaveEditor
RP46: 6/9/2009 2:27:22 PM - Installed Nero DriveSpeed
RP47: 6/9/2009 2:27:57 PM - Installed Nero InfoTool
RP48: 6/9/2009 2:28:33 PM - Installed Nero Rescue Agent
RP49: 6/9/2009 2:29:07 PM - Installed Nero BurnRights
RP50: 6/9/2009 2:29:42 PM - Installed Nero Disc Copy Gadget
RP51: 6/9/2009 2:30:33 PM - Installed Nero DiscSpeed
RP52: 6/9/2009 2:31:00 PM - Installed Menu Templates - Starter Kit
RP53: 6/9/2009 2:31:17 PM - Installed Nero ControlCenter
RP54: 6/9/2009 2:31:42 PM - Installed Movie Templates - Starter Kit
RP55: 6/9/2009 2:31:53 PM - Installed DolbyFiles
RP56: 6/9/2009 2:32:08 PM - Installed Nero Live
RP57: 6/9/2009 2:32:47 PM - Installed InCD Help
RP58: 6/9/2009 2:33:19 PM - Installed Nero BurningROM
RP59: 6/9/2009 2:33:55 PM - Installed Nero CoverDesigner Help
RP60: 6/9/2009 2:34:31 PM - Installed Nero Express
RP61: 6/9/2009 2:35:07 PM - Installed Nero PhotoSnap Help
RP62: 6/9/2009 2:35:44 PM - Installed Nero Recode Help
RP63: 6/9/2009 2:36:18 PM - Installed Nero ShowTime
RP64: 6/9/2009 2:36:56 PM - Installed "Nero SoundTrax Help
RP65: 6/9/2009 2:37:30 PM - Installed Nero StartSmart Help
RP66: 6/9/2009 2:38:20 PM - Installed Nero Vision
RP67: 6/9/2009 2:39:13 PM - Installed Nero WaveEditor Help
RP68: 6/9/2009 2:39:47 PM - Installed Nero DriveSpeed
RP69: 6/9/2009 2:40:20 PM - Installed Nero InfoTool
RP70: 6/9/2009 2:40:54 PM - Installed Nero RescueAgent Help
RP71: 6/9/2009 2:41:30 PM - Installed Nero BurnRights
RP72: 6/9/2009 2:42:03 PM - Installed Nero Disc Copy Gadget Help
RP73: 6/9/2009 2:42:37 PM - Installed Nero DiscSpeed
RP74: 6/9/2009 2:43:10 PM - Installed Nero ControlCenter
RP75: 6/9/2009 2:43:42 PM - Installed Nero Live Help
RP76: 6/9/2009 2:44:07 PM - Installed Nero Installer
RP77: 6/9/2009 5:56:32 PM - Installed Windows XP WIC.
RP78: 6/9/2009 5:57:02 PM - Installed %1 %2.
RP79: 6/9/2009 5:58:36 PM - Printer Driver Microsoft XPS Document Writer Installed
RP80: 6/10/2009 1:08:13 PM - Installed Windows Media Player 11
RP81: 6/10/2009 1:17:45 PM - Installed Windows XP MSCompPackV1.
RP82: 6/10/2009 1:21:12 PM - Installed Windows XP KB926239.
RP83: 6/10/2009 1:26:23 PM - Installed Windows Media Player 11
RP84: 6/10/2009 1:29:55 PM - Installed Windows XP MSCompPackV1.
RP85: 6/10/2009 1:33:38 PM - Installed Windows XP KB926239.
RP86: 6/11/2009 8:42:12 AM - Installed Windows Media Player 11
RP87: 6/11/2009 8:43:57 AM - Installed Windows XP MSCompPackV1.
RP88: 6/11/2009 8:45:27 AM - Installed Windows XP KB926239.
RP89: 6/12/2009 11:10:24 AM - System Checkpoint
RP90: 6/13/2009 6:05:24 PM - System Checkpoint
RP91: 6/15/2009 10:52:13 AM - System Checkpoint
RP92: 6/16/2009 12:07:29 PM - System Checkpoint
RP93: 6/16/2009 4:40:15 PM - Printer Driver Adobe PDF Converter Installed
RP94: 6/17/2009 5:00:49 PM - System Checkpoint
RP95: 6/18/2009 7:51:05 PM - System Checkpoint
RP96: 6/19/2009 11:03:50 AM - Configured Platform
RP97: 6/20/2009 5:40:40 PM - System Checkpoint
RP98: 6/22/2009 4:17:14 PM - System Checkpoint
RP99: 6/24/2009 6:59:02 PM - Removed Adobe Acrobat 7.0 Professional
RP100: 6/26/2009 1:26:01 PM - System Checkpoint
RP101: 6/26/2009 6:45:56 PM - Installed Adobe Reader 7.0
RP102: 6/28/2009 10:46:54 AM - SPTD setup V1.58
RP103: 6/28/2009 8:52:09 PM - Removed Adobe Reader 7.0
RP104: 6/28/2009 8:52:36 PM - Installed Adobe Reader 9 - Espa˝ol.
RP105: 6/28/2009 9:05:16 PM - Removed Adobe Reader 9 - Espa˝ol.
RP106: 6/29/2009 8:57:43 PM - Installed Adobe Acrobat 7.0 Professional
RP107: 7/1/2009 9:09:59 AM - System Checkpoint
RP108: 7/1/2009 11:46:35 AM - Printer Driver Adobe PDF Converter Installed
RP109: 7/1/2009 12:08:35 PM - Printer Driver Adobe PDF Converter Installed
RP110: 7/1/2009 12:17:21 PM - Printer Driver Adobe PDF Converter Installed
RP111: 7/2/2009 2:13:37 PM - System Checkpoint
RP112: 7/3/2009 3:49:19 PM - System Checkpoint
RP113: 7/6/2009 10:50:43 AM - System Checkpoint
RP114: 7/6/2009 5:42:06 PM - Removed WeatherBug
RP115: 7/8/2009 8:21:14 AM - System Checkpoint
RP116: 7/8/2009 2:25:57 PM - Removed Adobe Acrobat 7.0 Professional
RP117: 7/8/2009 4:25:34 PM - Installed Adobe Acrobat 9 Pro - English, Franšais, Deutsch.
RP118: 7/9/2009 5:11:37 PM - System Checkpoint
RP119: 7/10/2009 11:36:55 AM - Removed Adobe Acrobat 9 Pro - English, Franšais, Deutsch.
RP120: 7/10/2009 12:12:56 PM - Installed Adobe Acrobat 9 Pro Extended - English, Franšais, Deutsch.
RP121: 7/10/2009 2:49:59 PM - Removed Adobe Acrobat 9 Pro Extended - English, Franšais, Deutsch.
RP122: 7/10/2009 4:33:44 PM - Installed Adobe Acrobat 9 Pro Extended - English, Franšais, Deutsch.
RP123: 7/10/2009 8:28:09 PM - Removed Adobe Acrobat 9 Pro Extended - English, Franšais, Deutsch.
RP124: 7/10/2009 9:10:59 PM - Installed Adobe Acrobat 9 Pro - English, Franšais, Deutsch.
RP125: 7/11/2009 9:13:47 AM - Removed Crystal Reports Basic Runtime for Visual Studio 2008
RP126: 7/11/2009 8:09:41 PM - Software Distribution Service 3.0
RP127: 7/12/2009 8:09:17 PM - Installed AdwareBot
RP128: 7/12/2009 8:16:03 PM - Removed AdwareBot
RP129: 7/12/2009 9:25:55 PM - Restore Operation

==== Installed Programs ======================

"Nero SoundTrax Help
AAC Decoder
Adobe Acrobat 9 Pro - English, Franšais, Deutsch
Adobe Flash Player 10 Plugin
Advertising Center
Agere Systems Usb 2.0 Soft Modem
ArcSoft TotalMedia 3
Ares 2.1.1
Ask Toolbar
AutoUpdate
Brother MFL-Pro Suite
Contextual Tool Precisead
CorelDRAW Graphics Suite 12
Critical Update for Windows Media Player 11 (KB959772)
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
DolbyFiles
ExpressZIP v4.0
FaxTalk Communicator SE 4.7
H.264 Decoder
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
ImagXpress
Java™ 6 Update 13
KWorld TV713X BDA Driver
KWorld TV713X Utilities
Malwarebytes' Anti-Malware
MCE Software Encoder 1.1
Menu Templates - Starter Kit
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2005 Redistributable
Microsoft WSE 2.0 SP3 Runtime
MKV Splitter
Movie Templates - Starter Kit
Mozilla Firefox (3.0.11)
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
Nero 9
Nero BurningROM
Nero BurnRights
Nero ControlCenter
Nero CoverDesigner
Nero CoverDesigner Help
Nero Disc Copy Gadget
Nero Disc Copy Gadget Help
Nero DiscSpeed
Nero DriveSpeed
Nero Express
Nero InfoTool
Nero Installer
Nero Live
Nero Live Help
Nero PhotoSnap
Nero PhotoSnap Help
Nero Recode
Nero Recode Help
Nero Rescue Agent
Nero RescueAgent Help
Nero ShowTime
Nero StartSmart
Nero StartSmart Help
Nero Vision
Nero WaveEditor
Nero WaveEditor Help
NeroBurningROM
NeroExpress
neroxml
PaperPort 8.0 SE
Platform
Point 6.1a
PVR Plus
Realtek AC'97 Audio
Refunds Today 2007 Classic
RON Too1 Precisead
Search Assistant Precisead
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
SoundTrax
SUPERAntiSpyware Free Edition
Tax Prep 2008 WorkStation
Tax Prep Software 2008
TaxWise 2007
TaxWise 2007 WorkStation
TaxWise Workstation
Update for Windows XP (KB925720)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VC80CRTRedist - 8.0.50727.762
VIA Platform Device Manager
VIA Rhine-Family Fast-Ethernet Adapter
WebFldrs XP
Windows Communication Foundation
Windows Genuine Advantage Notifications (KB905474)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Installer Clean Up
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows Workflow Foundation
XML Paper Specification Shared Components Pack 1.0

==== Event Viewer Messages From Past Week ========

7/12/2009 9:25:46 PM, error: Service Control Manager [7023] - The Automatic Updates service terminated with the following error: The specified module could not be found.
7/12/2009 9:12:39 PM, error: Service Control Manager [7000] - The COMODO Internet Security Helper Service service failed to start due to the following error: The system cannot find the path specified.
7/12/2009 9:06:01 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
7/12/2009 9:05:41 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
7/12/2009 3:54:10 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
7/12/2009 3:46:00 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect.
7/12/2009 12:19:15 AM, error: Dhcp [1002] - The IP address lease 192.168.1.104 for the Network Card with network address 0019210727A0 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
7/12/2009 10:01:58 PM, error: Service Control Manager [7000] - The cmdAgent service failed to start due to the following error: The system cannot find the path specified.
7/11/2009 9:31:29 AM, error: Dhcp [1002] - The IP address lease 192.168.1.101 for the Network Card with network address 0019210727A0 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
7/11/2009 9:08:20 AM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. .
7/11/2009 9:08:20 AM, error: SideBySide [59] - Generate Activation Context failed for C:\Documents and Settings\Leopoldo Reyes\Application Data\Mozilla\Firefox\Profiles\1sequpqk.default\extensions\{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}\components\FFAlert.dll. Reference error message: The operation completed successfully. .
7/11/2009 9:08:20 AM, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system.
7/11/2009 8:40:47 AM, error: Dhcp [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 0019210727A0 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
7/11/2009 8:20:48 AM, error: PlugPlayManager [12] - The device 'Brother DCP-8020' (MF\LPTENUM#BrotherDCP-8020\6&21197219&0&LPT1.4#Child0003) disappeared from the system without first being prepared for removal.
7/11/2009 8:20:48 AM, error: PlugPlayManager [12] - The device 'Brother DCP-8020' (MF\LPTENUM#BrotherDCP-8020\6&21197219&0&LPT1.4#Child0002) disappeared from the system without first being prepared for removal.
7/11/2009 8:20:48 AM, error: PlugPlayManager [12] - The device 'Brother DCP-8020' (LPTENUM\BrotherDCP-8020\5&1cf8cf45&0&LPT1.4) disappeared from the system without first being prepared for removal.
7/11/2009 3:16:31 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD cmdGuard cmdHlp Fips intelppm IPSec MRxSmb NetBIOS NetBT PCIIde RasAcd Rdbss SASDIFSV SASKUTIL Tcpip ViaIde
7/11/2009 11:34:32 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD cmdGuard cmdHlp Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL Tcpip
7/11/2009 11:34:32 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
7/11/2009 11:34:32 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/11/2009 11:34:32 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/11/2009 11:34:32 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
7/11/2009 11:33:34 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
7/11/2009 1:03:41 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: PCIIde ViaIde
7/11/2009 1:02:39 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/10/2009 3:50:16 PM, error: Dhcp [1002] - The IP address lease 192.168.1.103 for the Network Card with network address 0019210727A0 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

==== End Of File ===========================

Malwarebytes' Anti-Malware 1.39
Database version: 2424
Windows 5.1.2600 Service Pack 2

7/13/2009 5:23:02 PM
mbam-log-2009-07-13 (17-23-02).txt

Scan type: Quick Scan
Objects scanned: 111559
Time elapsed: 3 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 11
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Program Files\Mozilla Firefox\components\66e26001-4474-57d8-24c9-21773e324f24.dll (Adware.Yoog) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Delete on reboot.
HKEY_CLASSES_ROOT\Typelib\{40196867-19f8-7157-c097-ecaff653c9ad} (Trojan.FakeAlert) -> Delete on reboot.
HKEY_CLASSES_ROOT\xml.xml (Trojan.FakeAlert) -> Delete on reboot.
HKEY_CLASSES_ROOT\xml.xml.1 (Trojan.FakeAlert) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{e7f475ba-2949-0f82-7de6-5d10f3b1a9fb} (Adware.AdRotator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{031502ac-155a-922d-031c-bcd735a47512} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{031502ac-155a-922d-031c-bcd735a47512} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{040dc938-3620-9395-8810-c742263372c8} (Adware.AdRotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{040dc938-3620-9395-8810-c742263372c8} (Adware.AdRotator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d685ddf2-6463-fd20-4a25-97da85835f20} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d685ddf2-6463-fd20-4a25-97da85835f20} (Adware.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jhgngtzhzxsib (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\program files\mozilla firefox\components\66e26001-4474-57d8-24c9-21773e324f24.dll (Adware.Yoog) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\components\66e26001-4474-57d8-24c9-21773e324f24.dll- (Adware.Yoog) -> Delete on reboot.
c:\WINDOWS\system32\ebrhmlpemih.dll-uninst.exe (Adware.AdRotator) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nsa52.dll (Adware.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ebrhmlpemih.dll (Adware.AdRotator) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sfirpzmipv.dll (Adware.BHO) -> Delete on reboot.


Thank you all again.

Edited by FanofStuff, 13 July 2009 - 07:24 PM.


BC AdBot (Login to Remove)

 


m

#2 FanofStuff

FanofStuff
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 14 July 2009 - 05:58 PM

The malwarebytes scan posted above did not remove infection

Hello FanofStuff,

We ask that once you have posted your log and are waiting, please DO NOT "bump" your thread or make further replies until it has been responded to by a member of the HJT Team. The reason we ask this or do not respond to your requests is because that would remove you from the active queue that Techs and Staff have access to. The malware staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response, there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

That is why I have made an edit to your last post, instead of a reply. Please do not multiple post here, as that only pushes you further down the queue and causes confusion to the staff.

Please be patient. It may take a while to get a response but your log will be reviewed and answered as soon as possible.

Thank you for understanding.

Regards,

The weatherman
(Moderator)

Edited by The weatherman, 14 July 2009 - 06:26 PM.


#3 Guest_The weatherman_*

Guest_The weatherman_*

  • Guests
  • OFFLINE
  •  

Posted 17 July 2009 - 04:30 PM

Take care FanofStuff, :thumbup2:

Topic closed at members request.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users