Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

IE and Firefox redirect to non related websites


  • This topic is locked This topic is locked
7 replies to this topic

#1 Ellefson

Ellefson

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:23 AM

Posted 30 May 2010 - 01:57 PM

Will attach the files

DDS (Ver_10-03-17.01) - NTFSx86
Run by Chuck at 13:12:50.43 on Sun 05/30/2010
Internet Explorer: 7.0.6002.18005
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6002.2.1252.1.1033.18.2039.1323 [GMT -4:00]

AV: Verizon Internet Security Suite Anti-Virus *On-access scanning enabled* (Updated) {5B5A3BD7-8573-4672-AEA8-C9BB713B6755}
AV: Norton Security Online *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: Norton Security Online *enabled* (Updated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Verizon Internet Security Suite Anti-Spyware *enabled* (Updated) {307352C6-1CBD-11DB-8AF6-B622A1EF5492}
FW: Verizon Internet Security Suite Firewall *enabled* {80593BF4-D969-4EC5-ADAE-A22F2DFC7A22}
FW: Norton Security Online *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\rps.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\Program Files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe
C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\SafeConnect\Bin\SanaAgent.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\RpsSecurityAwareR.exe
C:\Program Files\Verizon\VSP\VerizonServicepointComHandler.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\SafeConnect\Bin\SanaMonitor.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe
C:\Program Files\Raxco\PerfectDisk2008\PD91AgentS1.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\Kav\Bin\ScanningProcess.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\PrtlAgt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Chuck\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uWindow Title = Windows Internet Explorer provided by Yahoo!
uStart Page = hxxp://my.yahoo.com/
uDefault_Page_URL = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
mDefault_Page_URL = hxxp://www.yahoo.com
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: PopKill Class: {3c060ea2-e6a9-4e49-a530-d4657b8c449a} - c:\program files\verizon\verizon internet security suite\pkR.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uRun: [EPSON Stylus CX7400 Series] c:\windows\system32\spool\drivers\w32x86\3\e_faticda.exe /fu "c:\windows\temp\E_SCACD.tmp" /EF "HKCU"
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Sony Ericsson PC Suite] "c:\program files\sony ericsson\sony ericsson pc suite\SEPCSuite.exe" /systray /nologon
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [<NO NAME>]
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [VerizonServicepoint.exe] "c:\program files\verizon\vsp\VerizonServicepoint.exe" /AUTORUN
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_05\bin\jusched.exe"
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemydsl.verizon.net/sdcCommon/download/DSL/Verizon%20High%20Speed%20Internet%20Installer.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {8B67B37E-1AE2-4B99-B8CF-55AF4D58DF0D} - file:///E:/win/setup/iamce.dll
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\chuck\appdata\roaming\mozilla\firefox\profiles\p719dgof.default\
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - plugin: c:\program files\verizon\vsp\nprpspa.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\sony ericsson\sony ericsson pc suite\SupServ.exe [2009-12-3 90112]
R2 OpenCASE Media Agent;OpenCASE Media Agent;c:\program files\opencase\opencase media agent\MediaAgent.exe [2008-1-16 814728]
R2 RadialpointSafeConnectAgent;Verizon Internet Security Suite SafeConnectAgent;c:\program files\verizon\verizon internet security suite\safeconnect\bin\SanaAgent.exe [2008-11-14 4937752]
R3 PD91Engine;PD91Engine;c:\program files\raxco\perfectdisk2008\PD91Engine.exe [2008-9-22 910600]
R3 Radialpoint Security Services;Verizon Internet Security Suite;c:\program files\verizon\verizon internet security suite\RpsSecurityAwareR.exe [2009-4-22 175184]
R3 RadialpointSafeConnectDriver;RadialpointSafeConnectDriver;c:\program files\verizon\verizon internet security suite\safeconnect\driver\platform_vista\SafeConnectDriver.sys [2008-11-14 161304]
R3 RadialpointSafeConnectFilter;RadialpointSafeConnectFilter;c:\program files\verizon\verizon internet security suite\safeconnect\driver\platform_vista\SafeConnectFilter.sys [2008-11-14 29720]
R3 RadialpointSafeConnectShim;RadialpointSafeConnectShim;c:\program files\verizon\verizon internet security suite\safeconnect\driver\platform_vista\SafeConnectShim.sys [2008-11-14 29248]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2009-12-3 27632]
S?2 PD91Agent;PD91Agent;c:\program files\raxco\perfectdisk2008\PD91Agent.exe [2008-9-22 693512]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\aspi32.sys [2008-1-14 25244]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-5-7 21504]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [2009-4-30 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [2009-4-30 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [2009-4-30 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [2009-4-30 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [2009-4-30 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [2009-4-30 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [2009-4-30 115752]

============== File Associations ===============

.reg=

=============== Created Last 30 ================

2010-05-30 04:18:47 0 d-----w- c:\program files\Defraggler
2010-05-30 04:09:59 0 d-----w- c:\program files\CCleaner
2010-05-28 00:54:22 0 d-----w- c:\users\chuck\appdata\roaming\Geek Squad 24 Hour Computer Support
2010-05-28 00:20:24 0 d-----w- c:\users\chuck\appdata\roaming\Malwarebytes
2010-05-28 00:20:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-28 00:20:07 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-28 00:20:07 0 d-----w- c:\programdata\Malwarebytes
2010-05-28 00:20:06 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-23 03:14:06 0 d-----w- c:\users\chuck\Office Genuine Advantage
2010-05-19 22:03:10 0 d-----w- c:\program files\iPod
2010-05-19 21:53:57 0 d-----w- c:\program files\Bonjour
2010-05-14 15:38:12 738816 ----a-w- c:\windows\system32\inetcomm.dll

==================== Find3M ====================

2010-05-30 03:58:14 260232480 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-05-29 22:26:04 3483824 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-05-19 21:57:38 51200 ----a-w- c:\windows\inf\infpub.dat
2010-05-19 21:57:38 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-04-08 17:20:02 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 17:20:02 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-04-05 23:15:21 143360 ----a-w- c:\windows\inf\infstor.dat
2010-03-03 22:29:36 51716 ----a-w- c:\windows\system32\pdf995mon.dll
2010-03-03 22:29:36 249856 ----a-w- c:\windows\system32\pdfmona.dll
2009-11-17 11:42:03 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-05-08 00:04:31 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-12-25 18:34:57 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-12-24 17:26:07 16384 --sha-w- c:\windows\system32\%appdata%\microsoft\windows\ietldcache\index.dat

============= FINISH: 13:15:11.40 ===============


***************************************************

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft® Windows Vistaâ„¢ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 10/24/2007 12:21:05 AM
System Uptime: 5/30/2010 10:52:15 AM (3 hours ago)

Motherboard: ELITEGROUP | | 945GCT-M3
Processor: Genuine Intel® CPU 2140 @ 1.60GHz | Socket 775 | 1600/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 288 GiB total, 139.931 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 4.419 GiB free.
E: is CDROM ()
H: is Removable
I: is Removable
J: is Removable
K: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0000
Manufacturer: Microsoft
Name: isatap.{22B2A8CE-2A9E-46B2-9F16-C069D03882A5}
PNP Device ID: ROOT\*ISATAP\0000
Service: tunnel

==== System Restore Points ===================

RP710: 4/16/2010 3:00:41 AM - Windows Update
RP711: 4/17/2010 12:00:04 AM - Scheduled Checkpoint
RP712: 4/18/2010 10:13:35 PM - Scheduled Checkpoint
RP713: 4/19/2010 11:28:14 PM - Scheduled Checkpoint
RP714: 4/21/2010 7:26:29 PM - Scheduled Checkpoint
RP723: 4/28/2010 7:51:50 PM - Scheduled Checkpoint
RP724: 4/30/2010 10:08:22 PM - Scheduled Checkpoint
RP725: 5/1/2010 9:29:26 PM - Scheduled Checkpoint
RP726: 5/3/2010 5:46:52 PM - Scheduled Checkpoint
RP727: 5/4/2010 8:42:16 AM - Scheduled Checkpoint
RP728: 5/5/2010 7:19:05 PM - Scheduled Checkpoint
RP730: 5/7/2010 5:30:45 PM - Scheduled Checkpoint
RP731: 5/9/2010 3:39:20 AM - Scheduled Checkpoint
RP732: 5/10/2010 9:28:11 AM - Scheduled Checkpoint
RP733: 5/10/2010 9:40:15 PM - Scheduled Checkpoint
RP734: 5/11/2010 4:51:47 PM - Scheduled Checkpoint
RP735: 5/12/2010 7:53:51 AM - Scheduled Checkpoint
RP747: 5/21/2010 11:15:12 AM - Scheduled Checkpoint
RP748: 5/22/2010 3:00:29 AM - Windows Update
RP749: 5/23/2010 12:00:07 AM - Scheduled Checkpoint
RP750: 5/24/2010 9:32:31 AM - Scheduled Checkpoint
RP751: 5/25/2010 5:15:57 PM - Scheduled Checkpoint

==== Installed Programs ======================


Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 10 Plugin
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 8.2.2
Adobe Shockwave Player 11.5
Adobe Stock Photos 1.0
Adobe® Photoshop® Album Starter Edition 3.2
Agere Systems PCI-SV92PP Soft Modem
AnswerWorks 4.0 Runtime - English
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoImpression 6
ArcSoft Print Creations
Avanquest update
Bonjour
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
CCleaner
Defraggler
EPSON CX7400 User's Guide
EPSON Printer Software
EPSON Scan
EPSON Stylus CX7400 Series Scanner Driver Update
FileZilla Client 3.3.2.1
Free Buttons.org
Free DVD Ripper Version 2.25
Free DVD Video Burner version 1.1
Free Video to DVD Converter version 1.1
Free Video to JPG Converter version 1.4
Geek Squad 24 Hour Computer Support
Google Toolbar for Internet Explorer
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel® Graphics Media Accelerator Driver
iTunes
Java™ 6 Update 5
LiveUpdate 3.2 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Macromedia HomeSite 5
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint 2003
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
MobileMe Control Panel
Mozilla Firefox (3.0.8)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
neroxml
Next Video iPod Converter 2.0.0
OGA Notifier 2.0.0048.0
OpenCASE Media Agent
Pdf995
PerfectDisk 2008
PowerWorship 3.0
PowerWorship 3.0 (remove only)
Quicken 2009
QuickTime
RPS Burn
RPS CRT
RPS Diagnostic Utility
RPS Firewall
RPS Ksdk
RPS ParentalControl
RPS PerfectDiskStub
RPS PopupBlocker
RPS RpsCore
RPS SafeConnect
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB978380)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB978382)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Sibelius Scorch (ActiveX Only)
SimpleOCR 3.1
Sony Ericsson PC Suite 6.009.00
Sony Media Manager for PSP 2.5
TopStyle Lite (Version 2)
TurboTax 2008
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wpaiper
TurboTax 2008 wrapper
TurboTax 2009
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wpaiper
TurboTax 2009 wrapper
TurboTax Deluxe 2007
TurboTax Deluxe Deduction Maximizer 2006
TurboTax ItsDeductible 2006
Uninstall 1.0.0.1
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB981715)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 (KB974561)
Update for Microsoft Office Word 2007 Help (KB963665)
VCRedistSetup
Verizon High Speed Internet
Verizon Internet Security Suite
Verizon Servicepoint 1.5.24
Verizon Yahoo! Applications
VoiceOver Kit
WexTech AnswerWorks
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

5/30/2010 8:40:41 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: StarOpen
5/30/2010 8:39:10 AM, Error: EventLog [6008] - The previous system shutdown at 8:36:55 AM on 5/30/2010 was unexpected.
5/30/2010 12:00:05 AM, Error: EventLog [6008] - The previous system shutdown at 11:53:04 PM on 5/29/2010 was unexpected.
5/29/2010 6:28:29 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the User Profile Service service to connect.
5/29/2010 6:28:29 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Multimedia Class Scheduler service to connect.
5/29/2010 6:28:29 PM, Error: Service Control Manager [7001] - The Windows Audio service depends on the Multimedia Class Scheduler service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
5/29/2010 6:28:29 PM, Error: Service Control Manager [7000] - The User Profile Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/29/2010 6:28:29 PM, Error: Service Control Manager [7000] - The Multimedia Class Scheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/29/2010 11:47:16 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Themes service to connect.
5/29/2010 11:47:16 AM, Error: Service Control Manager [7000] - The Themes service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/28/2010 5:46:52 PM, Error: Service Control Manager [7001] - The Workstation service depends on the SMB 2.0 MiniRedirector service which failed to start because of the following error: The dependency service or group failed to start.
5/28/2010 5:46:52 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: SMB 2.0 MiniRedirector is not a valid Win32 application.
5/28/2010 5:46:52 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: SMB 1.x MiniRedirector is not a valid Win32 application.
5/28/2010 5:46:52 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Workstation service which failed to start because of the following error: The dependency service or group failed to start.
5/28/2010 5:46:52 PM, Error: Service Control Manager [7000] - The SMB MiniRedirector Wrapper and Engine service failed to start due to the following error: SMB MiniRedirector Wrapper and Engine is not a valid Win32 application.
5/28/2010 5:26:02 PM, Error: EventLog [6008] - The previous system shutdown at 5:23:30 PM on 5/28/2010 was unexpected.
5/28/2010 5:24:41 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
5/28/2010 5:24:36 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume .
5/27/2010 9:33:29 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the System Event Notification Service service to connect.
5/27/2010 9:33:29 PM, Error: Service Control Manager [7000] - The System Event Notification Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/27/2010 9:30:47 PM, Error: Microsoft-Windows-Bits-Client [16392] - The BITS service failed to start. Error 2147943515.
5/27/2010 9:29:30 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Shell Hardware Detection service to connect.
5/27/2010 9:29:30 PM, Error: Service Control Manager [7001] - The Windows Image Acquisition (WIA) service depends on the Shell Hardware Detection service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
5/27/2010 9:26:32 PM, Error: BROWSER [8007] - The browser was unable to update the service status bits. The data is the error.
5/27/2010 9:25:56 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Task Scheduler service to connect.
5/27/2010 9:25:56 PM, Error: Service Control Manager [7000] - The Task Scheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/27/2010 9:07:07 PM, Error: EventLog [6008] - The previous system shutdown at 9:00:27 PM on 5/27/2010 was unexpected.
5/27/2010 8:44:04 PM, Error: PlugPlayManager [11] - The device Root\LEGACY_SASKUTIL\0000 disappeared from the system without first being prepared for removal.
5/27/2010 8:44:04 PM, Error: PlugPlayManager [11] - The device Root\LEGACY_SASDIFSV\0000 disappeared from the system without first being prepared for removal.
5/27/2010 7:55:08 PM, Error: Service Control Manager [7034] - The MSWU-1c6439a3 service terminated unexpectedly. It has done this 1 time(s).
5/27/2010 7:54:53 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the MSWU-f36decbb service to connect.
5/27/2010 5:58:14 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the service.
5/27/2010 5:57:44 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Radialpoint Security Services service.
5/27/2010 5:50:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1115" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
5/27/2010 5:50:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "109" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
5/27/2010 5:50:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
5/27/2010 5:47:54 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
5/27/2010 5:46:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
5/27/2010 5:46:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
5/27/2010 5:46:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
5/27/2010 5:46:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/27/2010 5:46:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
5/27/2010 5:46:06 PM, Error: EventLog [6008] - The previous system shutdown at 5:44:15 PM on 5/27/2010 was unexpected.
5/27/2010 5:11:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
5/27/2010 5:11:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
5/27/2010 5:11:31 PM, Error: EventLog [6008] - The previous system shutdown at 11:07:00 PM on 5/26/2010 was unexpected.
5/26/2010 6:03:48 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intuit Update Service service to connect.
5/26/2010 6:03:48 PM, Error: Service Control Manager [7000] - The Intuit Update Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/26/2010 5:49:02 PM, Error: EventLog [6008] - The previous system shutdown at 5:46:08 PM on 5/26/2010 was unexpected.
5/26/2010 5:43:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service winmgmt with arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
5/26/2010 11:04:25 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: rdbss StarOpen
5/26/2010 11:04:25 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
5/26/2010 11:04:25 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
5/26/2010 11:04:25 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: SMB MiniRedirector Wrapper and Engine is not a valid Win32 application.
5/26/2010 11:04:25 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
5/26/2010 11:04:25 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
5/26/2010 11:04:25 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
5/26/2010 11:04:25 PM, Error: Service Control Manager [7000] - The Redirected Buffering Sub Sysytem service failed to start due to the following error: Redirected Buffering Sub Sysytem is not a valid Win32 application.
5/25/2010 7:35:54 PM, Error: Service Control Manager [7031] - The OpenCASE Media Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
5/25/2010 7:35:53 PM, Error: Service Control Manager [7034] - The Verizon Internet Security Suite SafeConnectAgent service terminated unexpectedly. It has done this 1 time(s).
5/25/2010 7:35:53 PM, Error: Service Control Manager [7034] - The PD91Agent service terminated unexpectedly. It has done this 1 time(s).

==== End Of File ===========================


***************************************************

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-30 14:52:24
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\Chuck\AppData\Local\Temp\uglcqpog.sys


---- Kernel code sections - GMER 1.0.15 ----

.rsrc C:\Windows\system32\drivers\ndis.sys entry point in ".rsrc" section [0x87D76014]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[768] USER32.dll!InSendMessageEx + 4C9 76DDE7C8 7 Bytes JMP 10031D10 C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
.text C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[768] USER32.dll!CreateIconFromResourceEx + 340 76DE0E45 7 Bytes JMP 10031C80 C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
.text C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[768] USER32.dll!DdeQueryStringW + 5CE 76DFFA2D 7 Bytes JMP 10031CF0 C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
.text C:\Windows\system32\svchost.exe[1068] ntdll.dll!NtProtectVirtualMemory 77C44D34 5 Bytes JMP 0028000A
.text C:\Windows\system32\svchost.exe[1068] ntdll.dll!NtWriteVirtualMemory 77C45674 5 Bytes JMP 0029000A
.text C:\Windows\system32\svchost.exe[1068] ntdll.dll!KiUserExceptionDispatcher 77C45DC8 5 Bytes JMP 0027000A
.text C:\Windows\system32\svchost.exe[1068] ole32.dll!CoCreateInstance 76509EA6 5 Bytes JMP 007B000A
.text C:\Windows\system32\svchost.exe[1068] USER32.dll!GetCursorPos 76DF0B88 5 Bytes JMP 012F000A
.text C:\Windows\Explorer.EXE[1752] ntdll.dll!NtProtectVirtualMemory 77C44D34 5 Bytes JMP 0061000A
.text C:\Windows\Explorer.EXE[1752] ntdll.dll!NtWriteVirtualMemory 77C45674 5 Bytes JMP 0062000A
.text C:\Windows\Explorer.EXE[1752] ntdll.dll!KiUserExceptionDispatcher 77C45DC8 5 Bytes JMP 0033000A

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp rp_skt32.sys (Radialpoint Filter/Radialpoint Inc.)
AttachedDevice \Driver\tdx \Device\Udp rp_skt32.sys (Radialpoint Filter/Radialpoint Inc.)
AttachedDevice \Driver\tdx \Device\RawIp rp_skt32.sys (Radialpoint Filter/Radialpoint Inc.)

Device -> \Driver\atapi \Device\Harddisk0\DR0 84C4FD01

---- Files - GMER 1.0.15 ----

File C:\Windows\system32\drivers\ndis.sys suspicious modification
File C:\Windows\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----

Attached Files


Edited by Blade Zephon, 01 June 2010 - 06:38 PM.
Posted log in reply to facilitate analysis. Please do not attach logs unless the board software will not let you post them directly. Thanks!


BC AdBot (Login to Remove)

 


#2 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:05:23 AM

Posted 01 June 2010 - 06:40 PM

Hello, and welcome.gif to the Malware Removal forum! My online alias is Blade Zephon, or Blade for short, and I will be assisting you with your malware issues!

If you have since resolved the original problem you were having, we would appreciate you letting us know.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

Before we begin cleaning your machine, I'd like to lay out some guidelines for us to follow while we are working together.
  • I will be assisting you with your malware issues. This may or may not resolve other problems you are having with your computer. If you are still having problems after your machine has been determined clean, I will be glad to direct you to the proper forum for assistance.
  • Even if things appear better, that does not mean we are finished. Please continue to follow my instructions until I give you the all clean. Absence of symptoms does not mean that all the malware has been removed. If a piece of the infection is left, it can regenerate and reinfect your machine.
  • Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • I ask that you please refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. If you act independently it will cause changes to your system that I will not be aware of, which will make the process of cleaning the machine a much slower and more difficult process. Additionally, some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you are unsure or confused about any instructions I give you, you should ask me to clarify before doing anything. Additionally, if you run into any problems while carrying out instructions, you should STOP and reply back here explaining what happened.
  • After 5 days if a topic is not replied to we assume it has been abandoned and it is closed. If you need additional time, that is perfectly alright; you just need to let us know beforehand. smile.gif

***************************************************

Please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Download Combofix from any of the links below but rename it to renamed.exe before saving it to your desktop.


Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • VERY IMPORTANT: Disable all running antivirus, antimalware and firewall programs as they may interfere with the proper running of ComboFix. Click on this link to see a list of programs that should be disabled. NOTE: This list is not all-inclusive. If yours is not listed and you do not know how to disable it, please ask.
  • Double click on renamed.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


~Blade


In your next reply, please include the following:
ComboFix Log

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#3 Ellefson

Ellefson
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:23 AM

Posted 01 June 2010 - 09:40 PM

Thanks in advance for your help!

Here is the ComboFix.txt

ComboFix 10-06-01.01 - Chuck 06/01/2010 22:04:39.1.2 - x86
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6002.2.1252.1.1033.18.2039.886 [GMT -4:00]
Running from: c:\users\Chuck\Desktop\renamed.exe
AV: Norton Security Online *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
AV: Verizon Internet Security Suite Anti-Virus *On-access scanning enabled* (Updated) {5B5A3BD7-8573-4672-AEA8-C9BB713B6755}
FW: Norton Security Online *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
FW: Verizon Internet Security Suite Firewall *enabled* {80593BF4-D969-4EC5-ADAE-A22F2DFC7A22}
SP: Norton Security Online *enabled* (Updated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Verizon Internet Security Suite Anti-Spyware *enabled* (Updated) {307352C6-1CBD-11DB-8AF6-B622A1EF5492}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\hpeC32F.dll
c:\users\Chuck\GoToAssistDownloadHelper.exe
c:\windows\system32\%appdata%
c:\windows\system32\system
D:\Autorun.inf

Infected copy of c:\windows\system32\drivers\ndis.sys was found and disinfected
Restored copy from - Kitty had a snack tongue.gif
.
((((((((((((((((((((((((( Files Created from 2010-05-02 to 2010-06-02 )))))))))))))))))))))))))))))))
.

2010-06-02 02:17 . 2010-06-02 02:17 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2010-06-02 02:17 . 2010-06-02 02:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-06-01 21:52 . 2010-06-01 21:52 -------- d-----w- c:\users\Chuck\AppData\Local\Apple
2010-05-31 22:05 . 2010-05-31 22:06 -------- d-----w- c:\users\Chuck\AppData\Local\Adobe
2010-05-30 04:18 . 2010-05-30 04:19 -------- d-----w- c:\program files\Defraggler
2010-05-30 04:09 . 2010-05-30 04:10 -------- d-----w- c:\program files\CCleaner
2010-05-29 22:21 . 2010-05-29 22:21 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\Intuit
2010-05-28 21:51 . 2010-05-28 21:51 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Mozilla
2010-05-28 00:54 . 2010-05-28 00:54 -------- d-----w- c:\users\Chuck\AppData\Roaming\Geek Squad 24 Hour Computer Support
2010-05-28 00:36 . 2010-05-28 00:37 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\Malwarebytes
2010-05-28 00:20 . 2010-05-28 00:20 -------- d-----w- c:\users\Chuck\AppData\Roaming\Malwarebytes
2010-05-28 00:20 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-28 00:20 . 2010-05-28 00:20 -------- d-----w- c:\programdata\Malwarebytes
2010-05-28 00:20 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-28 00:20 . 2010-05-28 00:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-27 23:54 . 2010-05-31 22:11 -------- d-----w- c:\users\Chuck\AppData\Local\Apple Computer
2010-05-27 23:43 . 2010-05-27 23:43 -------- d-----w- c:\users\Default\AppData\Roaming\Yahoo!
2010-05-27 23:43 . 2010-05-27 23:43 -------- d-----w- c:\users\Default\AppData\Local\FLVService
2010-05-27 21:41 . 2010-05-27 21:41 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Sony Ericsson
2010-05-26 21:56 . 2010-05-26 21:57 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Adobe
2010-05-26 21:54 . 2010-05-26 21:54 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\Yahoo!
2010-05-26 21:52 . 2010-05-26 21:52 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\Apple Computer
2010-05-26 21:52 . 2010-05-26 21:52 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Apple Computer
2010-05-26 21:51 . 2010-05-26 21:51 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\FLVService
2010-05-26 21:49 . 2010-05-26 21:51 -------- d-----w- c:\users\Default\AppData\Roaming\Verizon
2010-05-26 21:40 . 2010-05-27 21:53 -------- d-----w- c:\users\Chuck\AppData\Local\cdmhydmum
2010-05-23 03:14 . 2010-05-23 03:14 -------- d-----w- c:\users\Chuck\Office Genuine Advantage
2010-05-19 22:03 . 2010-05-19 22:03 -------- d-----w- c:\program files\iPod
2010-05-19 21:58 . 2010-05-19 21:58 -------- d-----w- c:\program files\Apple Software Update
2010-05-19 21:53 . 2010-05-19 21:53 -------- d-----w- c:\program files\Bonjour
2010-05-14 15:38 . 2010-01-29 15:40 738816 ----a-w- c:\windows\system32\inetcomm.dll
2010-05-11 18:54 . 2010-05-11 18:54 0 ----a-w- c:\windows\nsreg.dat
2010-05-11 02:07 . 2010-05-31 22:13 -------- d-----w- c:\users\Chuck\AppData\Roaming\FileZilla
2010-05-11 02:07 . 2010-05-11 02:07 -------- d-----w- c:\program files\FileZilla FTP Client

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-02 02:24 . 2008-11-22 02:03 260646432 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-06-02 02:18 . 2008-11-22 02:03 3492704 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-05-30 04:12 . 2008-01-15 03:31 -------- d-----w- c:\users\Chuck\AppData\Roaming\Media Player Classic
2010-05-28 00:38 . 2009-05-09 23:26 -------- d-----w- c:\program files\Ask & Record Toolbar
2010-05-27 21:41 . 2008-09-09 01:58 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\Verizon
2010-05-27 01:22 . 2007-11-01 23:20 -------- d-----w- c:\program files\Java
2010-05-26 21:52 . 2007-10-24 04:24 76808 ----a-w- c:\windows\system32\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-20 17:14 . 2009-04-23 00:21 -------- d-----w- c:\users\Chuck\AppData\Roaming\ZoomBrowser EX
2010-05-20 17:10 . 2009-07-02 02:54 -------- d-----w- c:\users\Chuck\AppData\Roaming\CameraWindowDC
2010-05-19 22:04 . 2009-12-26 17:40 -------- d-----w- c:\program files\iTunes
2010-05-19 22:03 . 2009-12-26 17:28 -------- d-----w- c:\program files\Common Files\Apple
2010-05-15 07:03 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-05-15 07:02 . 2007-10-24 01:45 -------- d-----w- c:\programdata\Microsoft Help
2010-04-27 21:32 . 2007-10-24 04:29 76808 ----a-w- c:\users\Chuck\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-20 02:33 . 2009-12-26 17:42 -------- d-----w- c:\users\Chuck\AppData\Roaming\Apple Computer
2010-04-08 17:20 . 2010-04-08 17:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 17:20 . 2010-04-08 17:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-04-05 23:29 . 2010-04-05 23:27 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-05 23:21 . 2010-04-05 23:20 -------- d-----w- c:\program files\QuickTime
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2009-09-24 434176]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" [2008-01-29 583048]
"VerizonServicepoint.exe"="c:\program files\Verizon\VSP\VerizonServicepoint.exe" [2009-03-12 2303216]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-04-02 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-03-09 15:09 63712 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-02-22 08:25 144784 ----a-w- c:\program files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(cool.gif:8e,22,93,77,60,5f,ca,01

R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [1999-09-10 25244]
R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]
R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]
R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]
R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]
R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]
R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]
S2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
S2 OpenCASE Media Agent;OpenCASE Media Agent;c:\program files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe [2008-01-16 814728]
S2 PD91Agent;PD91Agent;c:\program files\Raxco\PerfectDisk2008\PD91Agent.exe [2008-09-22 693512]
S2 RadialpointSafeConnectAgent;Verizon Internet Security Suite SafeConnectAgent;c:\program files\Verizon\Verizon Internet Security Suite\SafeConnect\Bin\SanaAgent.exe RadialpointSafeConnectAgent [x]
S3 PD91Engine;PD91Engine;c:\program files\Raxco\PerfectDisk2008\PD91Engine.exe [2008-09-22 910600]
S3 Radialpoint Security Services;Verizon Internet Security Suite;c:\program files\Verizon\Verizon Internet Security Suite\RpsSecurityAwareR.exe [2009-08-24 175184]
S3 RadialpointSafeConnectDriver;RadialpointSafeConnectDriver;c:\program files\Verizon\Verizon Internet Security Suite\SafeConnect\Driver\platform_VISTA\SafeConnectDriver.sys [2008-11-14 161304]
S3 RadialpointSafeConnectFilter;RadialpointSafeConnectFilter;c:\program files\Verizon\Verizon Internet Security Suite\SafeConnect\Driver\platform_VISTA\SafeConnectFilter.sys [2008-11-14 29720]
S3 RadialpointSafeConnectShim;RadialpointSafeConnectShim;c:\program files\Verizon\Verizon Internet Security Suite\SafeConnect\Driver\platform_VISTA\SafeConnectShim.sys [2008-11-14 29248]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2008-01-09 27632]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.yahoo.com/
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
DPF: {8B67B37E-1AE2-4B99-B8CF-55AF4D58DF0D} - file:///E:/win/setup/iamce.dll
FF - ProfilePath - c:\users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\p719dgof.default\
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - plugin: c:\program files\Verizon\VSP\nprpspa.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
.
------- File Associations -------
.
.reg=
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-01 22:20
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-4076927779-173144305-3577909202-1000\Software\Sony Creative Software\M*e*d*i*a* *M*a*n*a*g*e*r* *f*o*r* *P*S*P*"!\2.5]
"FRT"="qV/gr23NIUOwwsGcIlwr0cmLsWUYFTgZAJHGVlZzqgM0KEGr7QsfRA=="
"PLCK"="srqYDpZdkM4tsWCn9yPwFlUEMVPsohRP"
"Percents"="0.0002 0.0583 0.1355 0.2498 0.8569 0.9188 0.9207 "
"Increment"=".001916"
"PHSH"=""

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Verizon\Verizon Internet Security Suite\Fws.exe
c:\program files\Verizon\Verizon Internet Security Suite\rps.exe
c:\program files\Verizon\VSP\VerizonServicepointComHandler.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Verizon\Verizon Internet Security Suite\SafeConnect\Bin\SanaAgent.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Verizon\Verizon Internet Security Suite\SafeConnect\Bin\SanaMonitor.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Verizon\Verizon Internet Security Suite\Kav\Bin\ScanningProcess.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2010-06-01 22:33:05 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-02 02:32

Pre-Run: 150,115,127,296 bytes free
Post-Run: 150,068,129,792 bytes free

- - End Of File - - 7C4019F5FECDDD39E86FB3EC960B2AEF

Attached Files


Edited by Blade Zephon, 01 June 2010 - 09:46 PM.
Posted log in reply to facilitate analysis. Please do not attach logs unless the board software will not let you post them directly. Thanks!


#4 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:05:23 AM

Posted 03 June 2010 - 12:14 AM

1. Open notepad and copy/paste the text in the codebox below into it:

CODE
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=-

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=-

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=-


DDS::
uInternet Settings,ProxyServer =


Save this as CFScript.txt, in the same location as ComboFix.exe

2. Close any open browsers.

3. VERY IMPORTANT: Disable all running antivirus, antimalware and firewall programs as they may interfere with the proper running of ComboFix. Click on this link to see a list of programs that should be disabled. NOTE: This list is not all-inclusive. If yours is not listed and you do not know how to disable it, please ask.



Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

~Blade


In your next reply, please include the following:
ComboFix Log
How is the computer running now?

Edited by Blade Zephon, 03 June 2010 - 12:36 AM.

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#5 Ellefson

Ellefson
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:23 AM

Posted 03 June 2010 - 07:22 PM

I am unable to disable my antivirus and spyware - I am running Verizon Internet Security Suite. Please help with how to disable


#6 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:05:23 AM

Posted 05 June 2010 - 05:03 AM

Hi Ellefson.

Please go ahead and run ComboFix without disabling them. . . it should be fine in this case.

~Blade

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#7 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:05:23 AM

Posted 10 June 2010 - 02:58 AM

are you still there?

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#8 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:05:23 AM

Posted 15 June 2010 - 09:08 AM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

~Blade

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users