Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Conflicker-like virus sends unsolicited web traffic; otherwise invisible


  • This topic is locked This topic is locked
2 replies to this topic

#1 CHCH

CHCH

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:08:15 AM

Posted 12 October 2009 - 12:08 PM

I've scanned my Inspiron E1505 running XP Pro laptop with E-Trust Antivirus, windows Live One Care, Windows Defender, and Windoes Malicious Software Removal Tool. All say I'm virus free, but my ISP (Qwest) says that I have conflicker. I can also monitor my webtraffic using my router's web activity log, and I see that this particular machine is sending lots of http requests to random sites that I am not visiting!

I noticed that my DNSAPI.dll file was also corrupted a few days ago, which as I understand is a symptom of Conflicker. Other than this, the computer appears to be functioning as normal. This makes the apparent presence of a virus all that much more confusing!

Any help would be much apppreciated!
-Chris

DDS (Ver_09-10-12.01) - NTFSx86
Run by christopher at 10:39:06.71 on Mon 10/12/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1354 [GMT -6:00]

AV: Norton Internet Security 2006 *On-access scanning enabled* (Outdated)

{E10A9785-9598-4754-B552-92431C1C35F8}
AV: eTrust ITM *On-access scanning enabled* (Updated)

{33EA71EA-56CF-40B5-A06B-BD3A27397C44}
AV: Windows Live OneCare *On-access scanning enabled* (Updated)

{427ADFC3-B354-4A51-BE34-A9D4218E45C4}
FW: Norton Internet Worm Protection *disabled*

{990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
FW: Windows Live OneCare Firewall *enabled*

{A3899D22-27E6-4A7E-AE4E-2C106646DAAB}
FW: Norton Internet Security 2006 *disabled*

{7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\CU VPN\cvpnd.exe
C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
C:\Program Files\CA\eTrustITM\InoRpc.exe
C:\Program Files\CA\eTrustITM\InoRT.exe
C:\Program Files\CA\eTrustITM\InoTask.exe
C:\Program Files\IP Traffic Monitor\ITM.exe
C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\Program Files\Dell AIO Printer 948\memcard.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\christopher\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://google.com/
uSearch Bar =
uDefault_Page_URL =

www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6070118
uInternet Connection Wizard,ShellNext =

hxxp://webact.symantec.com/webact-redirect.jsp?PCODE=AU&SO={F073BDC9-0D67-4ff0-879E

-27241C843828}&VER=2&actreq=%2F6367706%2FBEZLE0%2FGTP2C8E58YH%2b%2F8KLY0DX9BgWiuif%

2bEL53154NI6SJI7F818EAB96887KKql25151664470AEAA1BBC2Tw8nAF9z2WLo3HXFOoiur8CiWMT1P2c

uf4W1kmELtY7q6%2bbf8iLRxJ6DjlCud6FjmMogcjToOZFNQa%2FGLmBKguWC6%2bJAe4uifwRMDZNoHli4

8DQMFuZqlzQJ5Naad%2F%2FpjTxg5SCOCqBgYNDQWhrHlga7qYi5mcDtqdCzd2JjUPYhDXH%3d&plang=sy

m:EN&oslang=iso:ENG&oslocale=iso:USA
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} -

c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} -

c:\windows\system32\dla\tfswshx.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program

files\java\jre1.5.0_06\bin\ssv.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program

files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program

files\google\google gears\internet explorer\0.1.50.0\gears.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program

files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program

files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [SetDefaultMIDI] MIDIDef.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\Quickset.exe
mRun: [MemoryCardManager] "c:\program files\dell aio printer 948\memcard.exe"
mRun: [Dell AIO Printer 948 Fax Server] "c:\program files\dell aio printer

948\fm3032.exe" /s
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [RegistryMechanic]
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk -

c:\program files\mcafee security scan\1.0.150\SSScheduler.exe
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat

7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat

7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat

7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat

7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat

7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat

7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat

7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat

7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network

Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}

- c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08}

- c:\program files\google\google gears\internet explorer\0.1.50.0\gears.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

- c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -

hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.

cab?1255297092406
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -

hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} -

hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -

c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -

c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb}

- c:\progra~1\wifd1f~1\MpShHook.dll

================= FIREFOX ===================

FF - ProfilePath -

c:\docume~1\christ~1\applic~1\mozilla\firefox\profiles\mu0kpa49.default\
FF - plugin: c:\documents and settings\christopher\application data\move

networks\plugins\npqmp071503000010.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll

============= SERVICES / DRIVERS ===============

R2 io.sys;IO.DLL Driver;c:\windows\system32\drivers\io.sys [2007-11-7 5152]
R2 ITM;IP Traffic Monitor History Service;c:\program files\ip traffic

monitor\ITM.exe [2009-10-11 81920]
R2 OcHealthMon;Windows Live OneCare Health Monitor;c:\program files\microsoft

windows onecare live\OcHealthMon.exe [2009-7-9 26104]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6

34064]
R3 PortDRv;PST Port I/O Driver;c:\windows\system32\drivers\PortDRv.sys [2007-3-20

7168]
R3 SRBoxDRv;PST Serial Response Box Driver;c:\windows\system32\drivers\SRBoxDRv.sys

[2007-3-20 11776]
S3 etusbf;Magic Touch USB 2000/XP driver;c:\windows\system32\drivers\etusbf.sys

[2008-6-26 27163]
S3 LLUSBFLT;LLUSBFLT;c:\windows\system32\drivers\llusbflt.sys [2006-5-3 4736]
S3 m763001b;M-Audio Quattro Base Driver;c:\windows\system32\drivers\m763001b.sys

[2009-5-2 9216]
S3 m763001d;M-Audio Quattro Legacy Driver;c:\windows\system32\drivers\m763001d.sys

[2009-5-2 6656]
S3 ma763001;M-Audio Quattro;c:\windows\system32\drivers\MA763001.sys [2009-5-2

41856]
S3 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver;\??\c:\windows\system32\plcndis5.sys -->

c:\windows\system32\PLCNDIS5.SYS [?]
S3 PLUsbbc2;High-Speed USB Bridge Cable

Driver;c:\windows\system32\drivers\usbbc2.sys [2006-5-3 8960]
S3 Qlapioio;Qlapioio; [x]
S3 VVBETHERNET;Actiontec Gateway Service;c:\windows\system32\drivers\vvbeth.sys

[2001-11-13 15309]
S3 vvbususb;Actiontec Gateway USB Service;c:\windows\system32\drivers\vvbususb.sys

[2001-11-13 50911]
S4 dldf_device;dldf_device;c:\windows\system32\dldfcoms.exe -service -->

c:\windows\system32\dldfcoms.exe -service [?]
S4

dldfCATSCustConnectService;dldfCATSCustConnectService;c:\windows\system32\spool\dri

vers\w32x86\3\dldfserv.exe [2008-4-11 98952]
S4 gupdate;Google Update Service;"c:\program

files\google\common\update\1.0.69.0\googleupdate.exe" /svc --> c:\program

files\google\common\update\1.0.69.0\GoogleUpdate.exe [?]
S4 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run -->

c:\windows\system32\hasplms.exe -run [?]
S4 QuattroInstallerService;Quattro Installer;c:\program files\m-audio usb

quattro\install\QuatInst.exe [2009-5-2 86016]

=============== Created Last 30 ================

2009-10-12 08:07 268,648 a------- c:\windows\system32\mucltui.dll
2009-10-12 08:07 27,496 a------- c:\windows\system32\mucltui.dll.mui
2009-10-11 21:53 455,296 --------

c:\windows\system32\dllcache\mrxsmb.sys
2009-10-11 21:53 1,315,328 --------

c:\windows\system32\dllcache\msoe.dll
2009-10-11 21:18 337,408 --------

c:\windows\system32\dllcache\netapi32.dll
2009-10-11 20:32 53,248 -------- c:\windows\system32\tsgqec.dll
2009-10-11 20:32 50,688 -------- c:\windows\system32\tspkg.dll
2009-10-11 20:32 28,672 -------- c:\windows\system32\vidcap.ax
2009-10-11 20:32 712,704 --------

c:\windows\system32\windowscodecs.dll
2009-10-11 20:32 346,112 --------

c:\windows\system32\windowscodecsext.dll
2009-10-11 20:32 276,992 -------- c:\windows\system32\wmphoto.dll
2009-10-11 20:32 69,120 -------- c:\windows\system32\wlanapi.dll
2009-10-11 20:32 32,866 -------- c:\windows\slrundll.exe
2009-10-11 20:32 <DIR> --d----- c:\windows\system32\en
2009-10-11 20:23 19,569 a------- c:\windows\005870_.tmp
2009-10-11 18:48 <DIR> --d----- C:\a140367a84b9cc45b4e0
2009-10-11 18:12 <DIR> --d-----

c:\docume~1\alluse~1\applic~1\McAfee Security Scan
2009-10-11 18:12 <DIR> --d----- c:\program files\McAfee Security

Scan
2009-10-11 15:43 <DIR> --dsh--- c:\documents and

settings\christopher\PrivacIE
2009-10-11 15:15 <DIR> --d-----

c:\docume~1\christ~1\applic~1\QuickScan
2009-10-11 13:26 <DIR> --d----- c:\program files\IP Traffic Monitor
2009-10-11 13:26 <DIR> --d-----

c:\docume~1\christ~1\applic~1\Skyward Software
2009-10-11 13:24 <DIR> --d----- c:\program files\WinPcap
2009-10-11 13:16 <DIR> --d----- c:\program files\CA
2009-10-11 13:06 91,328 a-------

c:\windows\system32\drivers\msfwdrv.sys
2009-10-11 13:06 116,416 a-------

c:\windows\system32\drivers\msfwhlpr.sys
2009-10-11 13:05 53,168 a-------

c:\windows\system32\drivers\MpFilter.sys
2009-10-11 13:04 <DIR> --d----- c:\windows\system32\bits
2009-10-11 13:03 7,168 -------- c:\windows\system32\bitsprx4.dll
2009-10-11 12:38 <DIR> --d----- c:\program files\Microsoft Windows

OneCare Live
2009-10-10 15:27 <DIR> --d----- c:\windows\system32\wbem\Repository
2009-10-09 16:42 16,037 a-------

C:\VA-Resident_Advisor_Top_50_For_September_2009__techitdown.part2.rar.html
2009-10-04 02:11 195,440 -------- c:\windows\system32\MpSigStub.exe
2009-09-29 22:08 282,459 a------- C:\Legend of Zelda, The - A Link to

the Past (E) [!].zst
2009-09-29 18:12 8,192 a------- C:\Legend of Zelda, The - A Link to

the Past (E) [!].srm
2009-09-29 18:10 1,048,576 a------- C:\Legend of Zelda, The - A

Link to the Past (E) [!].smc
2009-09-29 17:14 <DIR> --d----- c:\program files\Strange Adventures

in Infinite Space Demo
2009-09-28 14:17 438,551 a------- C:\SigDistParam.zip
2009-09-28 11:28 443,043 a------- C:\ParamLeftRightEvs.zip
2009-09-26 11:40 <DIR> --d----- C:\LeftRightEvs
2009-09-23 12:46 153,088 --------

c:\windows\system32\dllcache\triedit.dll
2009-09-23 12:46 128,512 --------

c:\windows\system32\dllcache\dhtmled.ocx
2009-09-23 12:46 2,066,432 --------

c:\windows\system32\dllcache\mstscax.dll
2009-09-23 11:12 102,664 a-------

c:\windows\system32\drivers\tmcomm.sys

==================== Find3M ====================

2009-08-27 09:56 196,189 a------- C:\EVs-paramonset.zip
2009-08-21 10:55 7,873 a------- C:\1120oddcorr.zip
2009-08-21 08:31 15,552 a------- C:\Oddcorrected.zip
2009-08-20 16:50 30,607 a------- C:\5004.zip
2009-08-05 03:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-05 03:01 204,800 --------

c:\windows\system32\dllcache\mswebdvd.dll
2009-07-28 22:37 119,808 a------- c:\windows\system32\t2embed.dll
2009-07-28 22:37 81,920 a------- c:\windows\system32\fontsub.dll
2009-07-28 22:37 119,808 --------

c:\windows\system32\dllcache\t2embed.dll
2009-07-28 22:37 81,920 --------

c:\windows\system32\dllcache\fontsub.dll
2009-07-17 12:55 58,880 a------- c:\windows\system32\atl.dll
2009-07-17 12:55 58,880 --------

c:\windows\system32\dllcache\atl.dll
2009-07-15 09:14 185,548 a------- C:\5020.zip
2009-04-28 11:13 192,512 a------- c:\program

files\rcp_client_setup.exe
2008-11-11 10:33 1,753 ac------ c:\documents and

settings\christopher\foo.bat

============= FINISH: 10:39:53.14 ===============





ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/12 10:42
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: a6yfyn59.SYS
Image Path: C:\WINDOWS\System32\Drivers\a6yfyn59.SYS
Address: 0xB9456000 Size: 303104 File Visible: No Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB0595000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBA5EC000 Size: 8192 File Visible: No Signed: -
Status: -

Name: hiber_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\hiber_WMILIB.SYS
Address: 0xBA636000 Size: 8192 File Visible: No Signed: -
Status: -

Name: PCI_NTPNP8284
Image Path: \Driver\PCI_NTPNP8284
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xACF44000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: c:\program files\microsoft windows onecare live\winsssvc_log.bin
Status: Size mismatch (API: 1024000, Raw: 999424)

Path: c:\windows\temp\hlktmp
Status: Allocation size mismatch (API: 12894208, Raw: 0)

Path: c:\windows\internet logs\fwpktlog.txt
Status: Size mismatch (API: 34540, Raw: 29957)

SSDT
-------------------
#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x804d7fec

#: 071 Function Name: NtEnumerateKey
Status: Hooked by "sptd.sys" at address 0xb9ed3a92

#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "sptd.sys" at address 0xb9ed3e20

#: 119 Function Name: NtOpenKey
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x804d7ff1

#: 160 Function Name: NtQueryKey
Status: Hooked by "sptd.sys" at address 0xb9ed3ef8

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "sptd.sys" at address 0xb9ed3d78

#: 247 Function Name: NtSetValueKey
Status: Hooked by "sptd.sys" at address 0xb9ed3f8a

Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System Address: 0x8a7991e8 Size: 463

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System Address: 0x8a7991e8 Size: 463

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x8a7991e8 Size: 463

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System Address: 0x8a7991e8 Size: 463

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8a7991e8 Size: 463

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8a7991e8 Size: 463

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System Address: 0x8a7991e8 Size: 463

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System Address: 0x8a7991e8 Size: 463

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8a7991e8 Size: 463

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8a7991e8 Size: 463

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x8a7991e8 Size: 463

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8a7991e8 Size: 463

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8a7991e8 Size: 463

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a7991e8 Size: 463

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8a7991e8 Size: 463

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8a7991e8 Size: 463

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System Address: 0x8a7991e8 Size: 463

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x8a7991e8 Size: 463

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System Address: 0x8a7991e8 Size: 463

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x8a7991e8 Size: 463

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System Address: 0x8a7991e8 Size: 463

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System Address: 0x8a7991e8 Size: 463

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CREATE]
Process: System Address: 0x8a540980 Size: 463

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLOSE]
Process: System Address: 0x8a540980 Size: 463

Object: Hidden Code [Driver: Fastfat, IRP_MJ_READ]
Process: System Address: 0x8a540980 Size: 463

Object: Hidden Code [Driver: Fastfat, IRP_MJ_WRITE]
Process: System Address: 0x8a540980 Size: 463

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8a540980 Size: 463

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8a540980 Size: 463

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_EA]
Process: System Address: 0x8a540980 Size: 463

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_EA]
Process: System Address: 0x8a540980 Size: 463

Object: Hidden Code [Driver: Fastfat, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8a540980 Size: 463

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8a540980 Size: 463

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x8a540980 Size: 463

Object: Hidden Code [Driver: Fastfat, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8a540980 Size: 463

Object: Hidden Code [Driver: Fastfat, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8a540980 Size: 463

Object: Hidden Code [Driver: Fastfat, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a540980 Size: 463

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8a540980 Size: 463

Object: Hidden Code [Driver: Fastfat, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8a540980 Size: 463

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLEANUP]
Process: System Address: 0x8a540980 Size: 463

Object: Hidden Code [Driver: Fastfat, IRP_MJ_PNP]
Process: System Address: 0x8a540980 Size: 463

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]
Process: System Address: 0x8a5501e8 Size: 194

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]
Process: System Address: 0x8a5501e8 Size: 194

Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]
Process: System Address: 0x8a5501e8 Size: 194

Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]
Process: System Address: 0x8a5501e8 Size: 194

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8a5501e8 Size: 194

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a5501e8 Size: 194

Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a5501e8 Size: 194

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8a5501e8 Size: 194

Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]
Process: System Address: 0x8a5501e8 Size: 194

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a5501e8 Size: 194

Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]
Process: System Address: 0x8a5501e8 Size: 194

Object: Hidden Code [Driver: dmio, IRP_MJ_CREATE]
Process: System Address: 0x8a80b1e8 Size: 463

Object: Hidden Code [Driver: dmio, IRP_MJ_CLOSE]
Process: System Address: 0x8a80b1e8 Size: 463

Object: Hidden Code [Driver: dmio, IRP_MJ_READ]
Process: System Address: 0x8a80b1e8 Size: 463

Object: Hidden Code [Driver: dmio, IRP_MJ_WRITE]
Process: System Address: 0x8a80b1e8 Size: 463

Object: Hidden Code [Driver: dmio, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8a80b1e8 Size: 463

Object: Hidden Code [Driver: dmio, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a80b1e8 Size: 463

Object: Hidden Code [Driver: dmio, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a80b1e8 Size: 463

Object: Hidden Code [Driver: dmio, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8a80b1e8 Size: 463

Object: Hidden Code [Driver: dmio, IRP_MJ_POWER]
Process: System Address: 0x8a80b1e8 Size: 463

Object: Hidden Code [Driver: dmio, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a80b1e8 Size: 463

Object: Hidden Code [Driver: dmio, IRP_MJ_PNP]
Process: System Address: 0x8a80b1e8 Size: 463

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE]
Process: System Address: 0x8a5e2980 Size: 463

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE]
Process: System Address: 0x8a5e2980 Size: 463

Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a5e2980 Size: 463

Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a5e2980 Size: 463

Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER]
Process: System Address: 0x8a5e2980 Size: 463

Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a5e2980 Size: 463

Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP]
Process: System Address: 0x8a5e2980 Size: 463

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]
Process: System Address: 0x8a79b1e8 Size: 463

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]
Process: System Address: 0x8a79b1e8 Size: 463

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]
Process: System Address: 0x8a79b1e8 Size: 463

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8a79b1e8 Size: 463

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a79b1e8 Size: 463

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a79b1e8 Size: 463

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8a79b1e8 Size: 463

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]
Process: System Address: 0x8a79b1e8 Size: 463

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]
Process: System Address: 0x8a79b1e8 Size: 463

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a79b1e8 Size: 463

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]
Process: System Address: 0x8a79b1e8 Size: 463

Object: Hidden Code [Driver: sys, IRP_MJ_CREATE]
Process: System Address: 0x8a50b458 Size: 463

Object: Hidden Code [Driver: sys, IRP_MJ_CLOSE]
Process: System Address: 0x8a50b458 Size: 463

Object: Hidden Code [Driver: sys, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a50b458 Size: 463

Object: Hidden Code [Driver: sys, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a50b458 Size: 463

Object: Hidden Code [Driver: sys, IRP_MJ_POWER]
Process: System Address: 0x8a50b458 Size: 463

Object: Hidden Code [Driver: sys, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a50b458 Size: 463

Object: Hidden Code [Driver: sys, IRP_MJ_PNP]
Process: System Address: 0x8a50b458 Size: 463

Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]
Process: System Address: 0x898c1548 Size: 463

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]
Process: System Address: 0x898c1548 Size: 463

Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x898c1548 Size: 463

Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x898c1548 Size: 463

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]
Process: System Address: 0x898c1548 Size: 463

Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]
Process: System Address: 0x898c1548 Size: 463

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: System Address: 0x8a5a61e8 Size: 463

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: System Address: 0x8a5a61e8 Size: 463

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a5a61e8 Size: 463

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a5a61e8 Size: 463

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: System Address: 0x8a5a61e8 Size: 463

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a5a61e8 Size: 463

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: System Address: 0x8a5a61e8 Size: 463

Object: Hidden Code [Driver: sbp2port, IRP_MJ_CREATE]
Process: System Address: 0x8a8091e8 Size: 463

Object: Hidden Code [Driver: sbp2port, IRP_MJ_CLOSE]
Process: System Address: 0x8a8091e8 Size: 463

Object: Hidden Code [Driver: sbp2port, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a8091e8 Size: 463

Object: Hidden Code [Driver: sbp2port, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a8091e8 Size: 463

Object: Hidden Code [Driver: sbp2port, IRP_MJ_POWER]
Process: System Address: 0x8a8091e8 Size: 463

Object: Hidden Code [Driver: sbp2port, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a8091e8 Size: 463

Object: Hidden Code [Driver: sbp2port, IRP_MJ_PNP]
Process: System Address: 0x8a8091e8 Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE]
Process: System Address: 0x898e1980 Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x898e1980 Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE]
Process: System Address: 0x898e1980 Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]
Process: System Address: 0x898e1980 Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE]
Process: System Address: 0x898e1980 Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x898e1980 Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x898e1980 Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA]
Process: System Address: 0x898e1980 Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA]
Process: System Address: 0x898e1980 Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x898e1980 Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x898e1980 Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x898e1980 Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x898e1980 Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x898e1980 Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x898e1980 Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x898e1980 Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN]
Process: System Address: 0x898e1980 Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x898e1980 Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP]
Process: System Address: 0x898e1980 Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x898e1980 Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x898e1980 Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY]
Process: System Address: 0x898e1980 Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER]
Process: System Address: 0x898e1980 Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x898e1980 Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x898e1980 Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x898e1980 Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA]
Process: System Address: 0x898e1980 Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP]
Process: System Address: 0x898e1980 Size: 463

Object: Hidden Code [Driver: Cdfsȅ䱆汦螨ᒈȂఆ䵃慖, IRP_MJ_CREATE]
Process: System Address: 0x89942980 Size: 463

Object: Hidden Code [Driver: Cdfsȅ䱆汦螨ᒈȂఆ䵃慖, IRP_MJ_CLOSE]
Process: System Address: 0x89942980 Size: 463

Object: Hidden Code [Driver: Cdfsȅ䱆汦螨ᒈȂఆ䵃慖, IRP_MJ_READ]
Process: System Address: 0x89942980 Size: 463

Object: Hidden Code [Driver: Cdfsȅ䱆汦螨ᒈȂఆ䵃慖, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x89942980 Size: 463

Object: Hidden Code [Driver: Cdfsȅ䱆汦螨ᒈȂఆ䵃慖, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x89942980 Size: 463

Object: Hidden Code [Driver: Cdfsȅ䱆汦螨ᒈȂఆ䵃慖, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x89942980 Size: 463

Object: Hidden Code [Driver: Cdfsȅ䱆汦螨ᒈȂఆ䵃慖, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x89942980 Size: 463

Object: Hidden Code [Driver: Cdfsȅ䱆汦螨ᒈȂఆ䵃慖, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x89942980 Size: 463

Object: Hidden Code [Driver: Cdfsȅ䱆汦螨ᒈȂఆ䵃慖, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x89942980 Size: 463

Object: Hidden Code [Driver: Cdfsȅ䱆汦螨ᒈȂఆ䵃慖, IRP_MJ_SHUTDOWN]
Process: System Address: 0x89942980 Size: 463

Object: Hidden Code [Driver: Cdfsȅ䱆汦螨ᒈȂఆ䵃慖, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x89942980 Size: 463

Object: Hidden Code [Driver: Cdfsȅ䱆汦螨ᒈȂఆ䵃慖, IRP_MJ_CLEANUP]
Process: System Address: 0x89942980 Size: 463

Object: Hidden Code [Driver: Cdfsȅ䱆汦螨ᒈȂఆ䵃慖, IRP_MJ_PNP]
Process: System Address: 0x89942980 Size: 463

==EOF==

Attached Files



BC AdBot (Login to Remove)

 


#2 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:08:15 AM

Posted 27 October 2009 - 10:59 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#3 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,011 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:08:15 AM

Posted 06 November 2009 - 08:40 PM

Due to the lack of feedback, this Topic is now closed.

In case you still have problems, please send me a Private message to reopen this topic within the next 5 days. Beyond that point, please start a new topic.

Orange Blossom :(
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users