Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Troj.W32.Qhost.ajh + UFO.exe entry in registry


  • This topic is locked This topic is locked
28 replies to this topic

#1 carldu

carldu

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:07:28 PM

Posted 09 August 2009 - 05:27 PM

Referred from here: http://www.bleepingcomputer.com/forums/t/247774/start-button-gone-restore-gone/ ~ OB

OS: windows xp, sp2
Problems on my computer:

Number of functions and services not working:

-restore impossible; message: "restore will not protect your computer restart your computer and launch restore"
-Start button gone from task bar (the task bar is present and functions though) in normal mode. In safe boot mode, it ("start" button & menu) is present and works, however, I cannot seem to activate my firewalls (xp or Avguard), my only safety left is a router.
-No Ctrl+C or V or drag and drop available.
-No "search" available (in explorer, clicking on the "search" button brings the side column, but it remains empty and blue)
-minimize window impossible, windows are closed instead (in normal mode. In safeboot, minimize works)

On the net, tried to use kapersky scanner online, to no avail: first loading of the program fine, then DL of the updates: fine only the first 20% then firefox starts gently lagging to finally reach the fabsolumintastic rate of 1Kb/s where kapersky finally gives up on me (timed out, would you believe that! at 97% of the total files, I call that mean and petty!I was only an hour or two away from finishing my DL, don't they remember what DL was like in the eighties and early nineties? pff!) :thumbup2:
Anyway, the strange thing is that it was only firefox which was lagging like mad (gobbling 50% of my ressources with nothing else running on an amd athlon xp 4200+ and 2 gigs of ram); browsing my computer in the meantime was no problem.
Tried to bypass the problem with IE, couldn't get to the scanner page (Click on "online scanner" button, nothing happens (properties on the page indicates a script error) although the file scanner on the same page works fine. ([Repel paranoia mode=1])

Specifically in the control panel:
- Network and connections page blank
- Xp firewall service cannot be started (no reason given)
- printers page blank
- scanner and cameras page blank
- sound equipment gone
- In admin tools, all services present, however:
In services: the page opens on extended tag, window contents: blue background, no info. Services are listed under the standard tag but cannot be opened
Same problem with events viewer, I get the list, but no popup window with information
As a matter of fact, most popup functions seem dead on the entire computer (i.e. in device manager)

Jotti scan done and CP secure found trojan.W32.Qhost.ajh
Permanent link at:
http://www.virusscan.jotti.org/fr/scanresu...9b92688f299b041

ZHP helper identified a malware called UFO.exe which is lodged in the registry, it's apparently a usb key source infection, here is the path:
HKCU\Software\Microsoft\Windows\Current\Explorer\MountPoint2{821b1196-b72a-11dc-8a08-001}\shell\auto\command-UFO.exe
However, the exe in itself is nowhere to be found.
It comes and goes, I used jv16 powertools 2009 and it cleaned it up temporarily (the thing reappeared the next morning)

So as you may see, I need help (w/ my computer, the rest I can assume, well, maybe...)
Because I have no idea what I should do about this and if I could avoid a format C:, I'd be a very happy camper
BTW, thank you Boopme for your patience, advice and support...It helps...

attached: the DDs.txt and attach.txt

Attached Files


Edited by Orange Blossom, 09 August 2009 - 07:39 PM.

update: Doc Satan and the BPC team Rock!

"They say life is hard, but just imagine if it was limp!"

BC AdBot (Login to Remove)

 


#2 DocSatan

DocSatan

    Bleepin' Wanna-Be


  • Members
  • 2,156 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston, Ma.
  • Local time:08:28 PM

Posted 20 August 2009 - 05:36 PM

Hello carldu and Welcome to BleepingComputer.

I'm DocSatan and I will be helping you with your "Malware" related computer problems. Sorry about the long wait that you have had. The forums are very busy lately. :thumbup2:

The DDS Log that you have posted is old and probably no longer reflects your computer's current condition:

Please perform a New DDS Scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please Note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE

Doc.

#3 carldu

carldu
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:07:28 PM

Posted 20 August 2009 - 11:36 PM

Hi!
Thank YOU for taking the time to answer all these requests...It's amazing to see the number of pages added per day to this specific forum...My topic was what..at something like p35?... Hats off to you BC staff...

The two files requested are attached below...

Attached Files


update: Doc Satan and the BPC team Rock!

"They say life is hard, but just imagine if it was limp!"

#4 DocSatan

DocSatan

    Bleepin' Wanna-Be


  • Members
  • 2,156 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston, Ma.
  • Local time:08:28 PM

Posted 22 August 2009 - 10:16 AM

Hi carldu,

I'm sorry to inform you that one of the infections on this computer is a Backdoor/IRCBot

Important Note: Backdoor/IRCBot Trojans are very dangerous because they provide a means of accessing a computer system that bypasses security mechanisms. Remote attackers use Backdoor Trojans as part of an exploit to gain unauthorized access to a computer and take control of it without your knowledge. When infected by one of them you should disconnect the computer from the Internet until your system is cleaned. If your computer was used for online banking or has credit card information on it, ALL passwords should be changed immediately, including those used for email, eBay and forums. You should consider them to be compromised. They should be changed by using a different computer and not the infected one. If not, an attacker may get the new passwords and transaction information. Banking and credit card institutions should be notified of the possible security breech.Though the Trojan has been identified and can be killed, because of it's Backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS.We can attempt to clean this machine but we CANNOT guarantee that it will be 100% secure afterwards. Please post a Reply to this Topic informing me of your decision as to whether or not you will be Reformatting.

Doc.

#5 carldu

carldu
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:07:28 PM

Posted 22 August 2009 - 04:04 PM

Hi doc.
Well, my mind is set on a cleanup rather than a format:C, if you don't mind...
A good way to learn as well.
Any way to know how long it's been infected? I mean are my recent problems solely due to this Backdoor ircbot?
Thanx...
update: Doc Satan and the BPC team Rock!

"They say life is hard, but just imagine if it was limp!"

#6 DocSatan

DocSatan

    Bleepin' Wanna-Be


  • Members
  • 2,156 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston, Ma.
  • Local time:08:28 PM

Posted 22 August 2009 - 07:12 PM

Hi carldu,

There isn't a lot of information regarding ufo.exe. One site reports it as being a Backdoor so I had to give you the Reformat option.

Since you've decided not to Reformat, we'll try to clean this computer. Just remember that we CANNOT guarantee the security integrity of this computer because it has been infected with a Backdoor/IRCBot.

So let's start. :thumbup2:

1. We need to disable Spybot S&D's "TeaTimer"
TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.

In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done if you like.
  • Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
  • If prompted with a legal dialog, accept the warning.
  • Click Posted Image and then on "Advanced Mode"
    Posted Image
  • You may be presented with a warning dialog. If so, press Posted Image
  • Click on Posted Image
  • Click on Posted Image
  • Uncheck this checkbox:
    Posted Image
  • Close/Exit Spybot Search and Destroy
2. Please Download ComboFix
Here is a Tutorial on using ComboFix: A guide and tutorial on using ComboFix
  • Save it to your Desktop
  • Do NOT run ComboFix yet
  • Here is an alternative link to download ComboFix, if the above one is not working for you:Link 1
3. Disable Your AntiVirus and AntiSpyware Programs
  • You should be able to Right-Click on the program's icon in the System Tray and get an option to shut-down/disable each program.
  • These programs may interfere with our fix. We will re-enable them when we are done.
4. Double click on ComboFix.exe that you just saved to your Desktop
  • Follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. The Recovery Console will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • It is strongly recommended to have the Recovery Console installed on your machine before doing any malware removal.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

Posted Image

NOTE: If the Microsoft Windows Recovery Console is already installed, you will not receive a prompt from ComboFix regarding the Recovery Console.

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image

  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.
5. Re-enable Your AntiVirus and AntiSpyware Programs That You Disabled in Step 3.

6. What I need in Your Next Reply:
  • ComboFix.txt
Doc.

Edited by DocSatan, 22 August 2009 - 08:13 PM.


#7 carldu

carldu
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:07:28 PM

Posted 23 August 2009 - 02:01 AM

Thank you for your quick answer Doc...
[Ihavereadthedisclaimer&acceptthetermsoftheagreement=true] ;-)

So, ran combofix without a glitch, only one surprise: it erased a file named "msconfig" in system 32!!! :thumbup2: [sweatybrow&swallowhardmode=on] lol
I only renamed the file combofix.txt instead of log.txt (doubt it matters, but, anyhow)

I haven't dared touch anything really, so tell me when I should get rid of the mule and vuze..
.txt attached
Thanks...

Edit: there was a glitch after all. I had a look at the log and the first line reads: this machine does not have the recovery console installed!
Problem is, combofix didn't mention anything it went straight into scanning mode, so I figured it was installed and let it run. I wanted to check if I hadn't missed the window and opened combofix a second time and it ran directly a scan (I left it run, figuring it might be worst to stop it)

I guess it is a tad late now [msconfig deleted!], but should I get the recovery console manually anyway?
Corresponding combofix 2nd text attached...

Attached Files


Edited by carldu, 23 August 2009 - 04:23 AM.

update: Doc Satan and the BPC team Rock!

"They say life is hard, but just imagine if it was limp!"

#8 DocSatan

DocSatan

    Bleepin' Wanna-Be


  • Members
  • 2,156 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston, Ma.
  • Local time:08:28 PM

Posted 25 August 2009 - 06:37 PM

Hey carldu,

Sorry for my delay in getting back to you. I haven't forgotten about you and am putting a Fix together as I write this.

I will be posting a Fix shortly.

Doc.

#9 carldu

carldu
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:07:28 PM

Posted 26 August 2009 - 12:46 AM

No worries, I understand...Thanks for the heads up, though...Lol
update: Doc Satan and the BPC team Rock!

"They say life is hard, but just imagine if it was limp!"

#10 DocSatan

DocSatan

    Bleepin' Wanna-Be


  • Members
  • 2,156 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston, Ma.
  • Local time:08:28 PM

Posted 26 August 2009 - 04:03 PM

Hey carldu,

So sorry for making you wait so long. For some reason, this particular Fix is causing me some organizational problems. Thanks to my Coach, we got it sorted. :thumbup2:


1. Peer to Peer Program Caution
  • Before we get started on fixing your computer, I'd like to caution you about the use of Peer2Peer programs. In your case:
    • Emule
    • Azureus
    • Gigatribe
  • Although the actual P2P program may not contain malicious programs, the files that you are downloading and sharing within the P2P community may have. It is very easy for someone to attach some BadGuys onto a legitimate file that you may be downloading without your knowledge, thereby infecting your machine.
  • The decision to keep the P2P program or uninstall it is up to you. Here is some information regarding P2P programs:
  • If you are going to keep the P2P programs, please refrain from using them while we are working together. Also, if your Active Download folders have anything in them, please delete them.
  • You can uninstsall these programs through Add/Remove Programs:
    • Start --> Control Panel --> Add or Remove Programs
    • Click on one of the programs, then click on uninstall or remove
    • Do the same for each program.
2. Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
  • Hold down the Shift key when inserting the drive until Windows detects it to keep autorun.inf from executing if it is present.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.

Note: As part of its routine, Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that was plugged in when you ran it. Do not delete this folder...it will help protect your drives from future infection by keeping the autorun file from being installed on the root drive and running other malicious files.


3. Run this RegFix
  • Open a notepad (Start > Run and type in Notepad). Make sure the wordwrap under Format menu is not selected.
  • Copy and paste the text in code box below into it:
    REGEDIT4
    
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000000
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "SFCDisable"=dword:00000000
  • Save the file to the Desktop as regfix.reg
  • Make sure the Save as type field says All files.
  • Locate regfix.reg on the desktop and double-click on it and confirm.
  • A window pops up asking if you are sure to add the file to the registry. Click Yes.
  • You get another window popup saying that regfix.reg successfully added to the registry.
4. We need to get the Recovery Console installed before we can continue. Please follow the instructions below:
    • With malware infections being as they are today, it's strongly recommended to have the Windows Recovery Console pre-installed on your machine before doing any malware removal.
    • The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
    • Go to Microsoft's website => http://support.microsoft.com/kb/310994
    • Select the download that's appropriate for your Operating System
      Posted Image
    • Download the file & save it as it's originally named.
    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
      Posted Image
    • Drag the setup package onto ComboFix.exe and drop it.
    • Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.
      Posted Image
    • At the next prompt, click 'Yes' to run the full ComboFix scan.
    • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt in your next reply.
5. What I need in your next reply:
  • ComboFix.txt


#11 carldu

carldu
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:07:28 PM

Posted 26 August 2009 - 05:50 PM

Hi Doc,

sorry, no combofix.txt yet:

I ran the flash disinfector without glitches
But:
A little $%@ (read "obfuscator" of course) is that I can't paste and copy or drag and drop....
So I copied the code by "hand" (sextuple-checked for typos) but at first, the .reg file wouldn't work (I got an error message saying there was an access error...So I opened regedit to see if I still had access to it, and noticed "software" was in all caps in there, so I changed that to all caps in your code (first line) and it worked, though I don't think it changed anything, the dword values were the same for these entries.. )

I have downloaded the xp boot program but obviously can't drop it on combofix...should I install it separately???...
(Unluckily, I don't have a "open with..." option on this file, and combofix does not appear in the destination tab if I try to "extract the file into..."option)

Ah, and while trying to figure out a way round this problem, I noticed that in combofix >properties, in the general tab, there is a button "unblock" present after a mention that the program comes from another computer and may be blocked to protect this computer. Would clicking on it help?

Thank you for your time and patience on this... I really appreciate it..

Edited by carldu, 26 August 2009 - 05:59 PM.

update: Doc Satan and the BPC team Rock!

"They say life is hard, but just imagine if it was limp!"

#12 DocSatan

DocSatan

    Bleepin' Wanna-Be


  • Members
  • 2,156 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston, Ma.
  • Local time:08:28 PM

Posted 27 August 2009 - 05:01 PM

Hi carldu,

This is becoming a very complicated and interesting Fix. :thumbup2:

1. We need to get the Recovery Console installed before we can start making changes, so let's try this:
  • Press the Windows key + R to bring up the run box.
    • Alternatively open Task Manager by pressing the Ctrl, Alt, and Delete keys, at the same time.
    • In the menu at the top of the dialog box, click File>New Task (Run...).
  • Copy and paste, or type, the following Bold text in the run box and click OK:
    • If you have downloaded XP home sp2 (English Version):
      • combofix "%userprofile%\Bureau\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe"
      • If you have downloaded the XP home sp2 (French Version):
        • combofix "%userprofile%\Bureau\WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe"
    • If you have downloaded XP Pro sp2 (English Version):
      • combofix "%userprofile%\Bureau\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe"
      • If you have downloaded XP Pro sp2 (French Version):combofix "%userprofile%\Bureau\WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe"
  • If the Recovery Console is successfully installed, you should be prompted by ComboFix to perform a scan. Please click Yes to allow ComboFix to scan your computer.
  • This should produce a combofix.txt, please include that log in a reply to this topic.

NOTE:

  • Both the files (ComboFix and The Recovery Console File) should be on desktop.
  • There is a space after combofix
  • The language and the version of the downloaded BootDisk is important. So please check the name of the BootDisk on the desktop. It should be the same as the one you type in the run box. If you type the wrong name you get an error.
  • You can try Ctrl+C to copy and Ctrl+V to paste. Tell me if you can do it.

2. Please try to complete a single Microsoft Windows Update.
  • Using Internet Explorer, go to Microsoft Windows Update Page:
  • Click on Custom.
  • Try to install One update only.
  • Let me know if you were able to install an update or not.
  • If you were not able to install an update, please tell me the Error Message that you received.
3. Please download the following tool on your desktop.4. We Need to check for Rootkits with RootRepeal
  • Download RootRepeal from the following location and save it to your desktop.
  • Extract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).
  • Open Posted Image on your desktop.
  • Click the Posted Image tab.
  • Click the Posted Image button.
  • Check all seven boxes: Posted Image
  • Push Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.
5. What I need in your next Reply:
  • Were you able to Complete a Windows Update? If not, what was the Error Message that you got?
  • combofix.txt
  • querysvc Report (From step 3)
  • RootRepeal Report
  • Any other problems happening?
Doc.

#13 carldu

carldu
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:07:28 PM

Posted 28 August 2009 - 08:01 AM

Oooookaay.... So, things are starting to get a bit clearer (in a very chaotic way...)

1. recovery console installed successfully! Ha! Nice trick pulled with the user profile prompt...Hats off to you!
So, combofix28_08.txt attached...

2. windows update, getting hairier: your link, or any linkfor that matter, including typing directly the microsoft update site adress leads me directly to a "thank you for downloading updates from our site" with instructions to set the automatic update for windows in control panel (-turns out to be totally ineffective[ :sigh: ]!)! Same page appears (with no DL available) in either IE (version 6) or firefox. Bypassed it by browsing in the windows xp pages where I found an isolated xp security fix update (KB96137.vz), downloaded W/o problems.
The error message that popped up was "the install program could not check the integrity of the file update.inf. Check that cryptographyic service is running on this computer".
I tried with another update which produced a log (KB915865.log, attached) which indicates a good deal of errors, with the code errors. I opened msconfig and realized I had 64 services stopped vs. 17 running only, which explains all the problems I have with various services & co. Cryptography is of course stopped.

3. Ran Querysvc.exe
sUBs.txt attached, confirms a certain number of services stopped.

4.Rootkit repeal: when prompted to scan, starts initializing, then stops responding and the whole system freezes. I tried in safeboot mode as well, to no avail...

Reporting live from this computer, back to you, anchor...Err, Doc... ;-)
Thanx
Carldu

Attached Files


Edited by carldu, 28 August 2009 - 08:02 AM.

update: Doc Satan and the BPC team Rock!

"They say life is hard, but just imagine if it was limp!"

#14 DocSatan

DocSatan

    Bleepin' Wanna-Be


  • Members
  • 2,156 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston, Ma.
  • Local time:08:28 PM

Posted 29 August 2009 - 04:10 AM

Hi carldu,

recovery console installed successfully! Ha! Nice trick pulled with the user profile prompt...Hats off to you!

  • Good Job getting that done. We really needed that before moving forward. :thumbup2:
  • Hats off to my coach (farbar). :)
1. Were you able to use Ctrl+C to Copy and Ctrl+V to Paste?

2. Please run Notepad (start > All Programs > Accessories > Notepad not Wordpad) and copy and paste the text in the code box
into a new file:

@echo off
>log.txt (
sc config RpcSs start= auto
sc config CryptSvc start= auto
sc config Alerter start= auto
sc config WebClient start= auto
sc config WZCSVC start= auto
sc config SSDPSRV start= demand
sc config upnphost start= demand
)
start log.txt
de %0
  • Go to the File menu at the top of the Notepad and select Save as.
  • Select save in: desktop
  • Fill in File name:enable.bat
  • Save as type: All file types (*.*)
  • Click save.
  • Close the Notepad.
  • Locate and double-click enable.bat on the desktop. A log file opens. Please post the content into your reply.
  • A copy of log.txt will be created on the desktop. You can attach that if you cannot copy and paste.
3. Please Restart Your Computer

4. Please run QuerySvc again.

5. What I need in your next reply:
  • log.txt or the contents of enable.bat
  • Answer to my Question above
  • Results from QuerySvc
Doc.

#15 carldu

carldu
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:07:28 PM

Posted 29 August 2009 - 06:28 AM

:thumbup2: :) :)
1. Now I can ctrl+C and V!!! I couldn't until I ran the enable.bat ! (What a relief! It was a bit nerve racking to type in code lines...lol, and sorry about forgetting to post an answer on that point)

My start button is back! It all looks good (but I'm still wary of good looks!)... It looks like all the normal services are back and running or runable (restore is back, updates showed no error messages..But I didn't install or run anything so as not to change anything to my situation w/o your approval first...) Bless msdos and you guys! Now I guess we'll be able to home in on the *@ that is spying on me...

2. All the sc config prompts were successful "[SC] ChangeServiceConfig SUCCESS" appears 7 times in the log, no other message..

3. sUBs08_29.txt attached

Btw, now that I can copy and paste, do you prefer attachments or pasted txt? Personally, I find attachments make the topic more readable...
With a 1000 thanks already,
Carldu..

Attached Files


Edited by carldu, 29 August 2009 - 07:25 AM.

update: Doc Satan and the BPC team Rock!

"They say life is hard, but just imagine if it was limp!"




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users