Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

windows closing services and controller app and status code 1073741819


  • Please log in to reply
10 replies to this topic

#1 tchung87

tchung87

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:03 AM

Posted 29 December 2009 - 10:44 PM

I restarted my laptop today and I got this pop up saying that the Services and Controller App is being closed by windows. After closing that pop up, I get another one saying something like C:\\windows\system32\services.exe has terminated unexpectedly with status code 1073741819 and will shut down in 60 seconds and that it was initiated by NT authority\system. After the 60 seconds are up, the computer just basically freezes. I went into safe mode and ran Mcafee virus scanner and found a couple of backdoor trojans (not exactly sure sorry) and my virus scanner deleted it. I started my laptop again, and the same message still appeared.

Oh, and I have windows xp home sp3. Please help : (

BC AdBot (Login to Remove)

 


#2 tchung87

tchung87
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:03 AM

Posted 30 December 2009 - 12:08 AM

just did a check for a blaster worm and it is not that =/

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:03 AM

Posted 30 December 2009 - 12:15 AM

Hello and welcome please run these next. If you have Spybot installed temporarily disable it.
Next run ATF:
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

Please download ATF Cleaner by Atribune & save it to your desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.

Next run MBAM (MalwareBytes):

NOTE: Before saving MBAM please rename it to zztoy.exe....now save it to your desktop.

Please download Malwarebytes Anti-Malware and save it to your desktop.

alternate download link

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.


Please download and scan with SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.


I'll be signing off now,but will look back early as I can.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 tchung87

tchung87
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:03 AM

Posted 30 December 2009 - 08:05 PM

Ok, couple things before I post the logs. Before I read your reply, I consulted a friend, who told me to see the dates of a couple of files in system32. I ended up deleting sr8282828.exe <--some file that looks similar to that, 4.tmp, 1.tmp, 2.tmp, 3.tmp, 5.tmp, 76a.tmp, and 76c.tmp. He told me to delete those tmp files because they were created around the same time two days ago and it looked fishy. After this, I stopped getting the pop up. Also, I ran the superantispyware program complete scan in safe mode, but it was taking 8hrs+. I stopped it for now to send some sort of update. So I think I'm going to run it fully again tomorrow because I will be gone for over 10 hours. Lastly, when I woke up this morning around 7:30 am pacific time, I noticed that an email was sent out in my account around 6:30am pacific time. This e-mail was some sort of spam mail about buying a tv off a link and it sent it out to everyone in my contacts (gmail btw).

Here are the logs:
Malwarebytes
Malwarebytes' Anti-Malware 1.42
Database version: 3289
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 6.0.2900.5512

12/29/2009 10:51:45 PM
mbam-log-2009-12-29 (22-51-45).txt

Scan type: Quick Scan
Objects scanned: 103527
Time elapsed: 11 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Tony Chung\Favorites\Clone Cash System.url (Malware.Trace) -> Quarantined and deleted successfully.

------------------------
-----------------------
--------------------------


I ran the superantispyware twice.

First one:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/30/2009 at 00:27 AM

Application Version : 4.32.1000

Core Rules Database Version : 4423
Trace Rules Database Version: 2249

Scan type : Complete Scan
Total Scan Time : 01:12:29

Memory items scanned : 260
Memory threats detected : 0
Registry items scanned : 5690
Registry threats detected : 0
File items scanned : 5660
File threats detected : 6

Adware.Tracking Cookie
C:\Documents and Settings\Tony Chung\Cookies\tony chung@atwola[1].txt
C:\Documents and Settings\Tony Chung\Cookies\tony chung@cdn.at.atwola[1].txt
C:\Documents and Settings\Tony Chung\Cookies\tony chung@advertising[2].txt
C:\Documents and Settings\Tony Chung\Cookies\tony chung@at.atwola[1].txt
C:\Documents and Settings\Tony Chung\Cookies\tony chung@html[1].txt
C:\Documents and Settings\Tony Chung\Cookies\tony chung@tacoda[2].txt

------------
----------
---------
Second one:


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/30/2009 at 04:42 PM

Application Version : 4.32.1000

Core Rules Database Version : 4423
Trace Rules Database Version: 2249

Scan type : Complete Scan
Total Scan Time : 08:17:58

Memory items scanned : 239
Memory threats detected : 0
Registry items scanned : 5690
Registry threats detected : 0
File items scanned : 16348
File threats detected : 4

Adware.Tracking Cookie
C:\Documents and Settings\Tony Chung\Cookies\tony chung@advertising[1].txt
C:\Documents and Settings\Tony Chung\Cookies\tony chung@at.atwola[1].txt
C:\Documents and Settings\Tony Chung\Cookies\tony chung@tacoda[2].txt
C:\Documents and Settings\Tony Chung\Cookies\tony chung@atdmt[2].txt

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:03 AM

Posted 30 December 2009 - 09:18 PM

Ok that was good to do.

Let's seee if we can see about the email.
We Need to check for Rootkits with RootRepeal
  • Download RootRepeal from the following location and save it to your desktop.
  • Extract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).
  • Open Posted Image on your desktop.
  • Click the Posted Image tab.
  • Click the Posted Image button.
  • Check all seven boxes: Posted Image
  • Push Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.

Now run part 1 of S!Ri's SmitfraudFix
Please download SmitfraudFix

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 tchung87

tchung87
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:03 AM

Posted 03 January 2010 - 12:06 AM

Sorry for the late reply...was recovering from New Years Eve. Anyways here are the logs.

Oh and happy new year!

RootRepeal log::

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2010/01/02 19:49
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB7DD1000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBADE4000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB3D5E000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

SSDT
-------------------
#: 041 Function Name: NtCreateKey
Status: Hooked by "Lbd.sys" at address 0xba91887e

#: 247 Function Name: NtSetValueKey
Status: Hooked by "Lbd.sys" at address 0xba918bfe

==EOF==


------------------
------------------
------------------

Smitfraudfix

SmitFraudFix v2.424

Scan done at 21:03:53.60, Sat 01/02/2010
Run from C:\Documents and Settings\Tony Chung\My Documents\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\OEM02Mon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Tony Chung\My Documents\Downloads\RootRepeal.exe
C:\Program Files\VideoLAN\VLC\vlc.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\cmd.exe

hosts


C:\


C:\WINDOWS


C:\WINDOWS\system


C:\WINDOWS\Web


C:\WINDOWS\system32


C:\WINDOWS\system32\LogFiles


C:\Documents and Settings\Tony Chung


C:\DOCUME~1\TONYCH~1\LOCALS~1\Temp


C:\Documents and Settings\Tony Chung\Application Data


Start Menu


C:\DOCUME~1\TONYCH~1\FAVORI~1


Desktop


C:\Program Files


Corrupted keys


Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


o4Patch
!!!Attention, following keys are not inevitably infected!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



Agent.OMZ.Fix
!!!Attention, following keys are not inevitably infected!!!

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

RK

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""




DNS

Description: Dell Wireless 1395 WLAN Mini-Card - Packet Scheduler Miniport
DNS Server Search Order: 209.18.47.61
DNS Server Search Order: 209.18.47.62

HKLM\SYSTEM\CCS\Services\Tcpip\..\{213257F0-20BE-4D73-82CF-5CAB0B597CA0}: DhcpNameServer=209.18.47.61 209.18.47.62
HKLM\SYSTEM\CS1\Services\Tcpip\..\{213257F0-20BE-4D73-82CF-5CAB0B597CA0}: DhcpNameServer=209.18.47.61 209.18.47.62
HKLM\SYSTEM\CS3\Services\Tcpip\..\{213257F0-20BE-4D73-82CF-5CAB0B597CA0}: DhcpNameServer=209.18.47.61 209.18.47.62
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=209.18.47.61 209.18.47.62
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=209.18.47.61 209.18.47.62
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=209.18.47.61 209.18.47.62


Scanning for wininet.dll infection


End

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:03 AM

Posted 03 January 2010 - 03:40 PM

Oh man the party's over :thumbsup:

That error is usually the Sasser worm. So you porbably need this MXSFT update and run a removal tool.

Download and install the Security Update for Windows XP (KB835732).

Sasser Removal Tool


Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 tchung87

tchung87
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:03 AM

Posted 03 January 2010 - 04:36 PM

I got an error when I tried to install the KB835732. It says: Setup has detected that the Service Pack version of this system is newer than the update you are applying. There is no need to install this update.


Here is the malwarebytes log:

Malwarebytes' Anti-Malware 1.43
Database version: 3489
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

1/3/2010 1:36:25 PM
mbam-log-2010-01-03 (13-36-25).txt

Scan type: Quick Scan
Objects scanned: 109800
Time elapsed: 7 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:03 AM

Posted 03 January 2010 - 07:27 PM

Ok,you have the update then. How is it running now?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 tchung87

tchung87
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:03 AM

Posted 04 January 2010 - 02:44 AM

My computer seems to be fine. I was just worried a bit because the email was sent out after I deleted those files that my friend told me to delete. But I guess everything's fine!! Thanks for your help!

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:03 AM

Posted 04 January 2010 - 11:55 AM

HI, your hosts file and DNS look to be your own so that's good..

If you still have any concern you can post an HJT log and have them review itt for any infection.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users