Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Norton 360 alerts: HTTPS Tidserv Request 2 (intrusion alert when online) & Unauthorized Access Blocked (Open Process Token) [when offline]


  • This topic is locked This topic is locked
10 replies to this topic

#1 jon y

jon y

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:41 PM

Posted 13 August 2010 - 01:01 PM

Hi folks,

I've somehow managed to pick up something nasty despite my usual careful surfing and downloading. The trouble started yesterday as I believe I carelessly clicked "run" on a site asking to run old java... Stupid me.
Anyhow, I've since run a full Malwarebytes scan and Norton 360 scan. Malwarebytes found and destroyed the AntiMalwareDoctor junk, and Norton's, well it found nothing. Typical. Although, Norton's has been vigilant in protecting me against intrusions while I've attempted to fix the issue.
The alerts about HTTPS Tidserv Request 2 [intrusion alert when online] have consistently appeared after the scans and often originate from the same attacking computer IP (61.61.20.132, 443)
The Unauthorized Access Blocked (Open Process Token) [when offline] appear to be targeting Norton as the alert states it is targeting C:\Program Files\Norton 360\Engine\4.2.0.12\ccsvchst.exe

I have followed the Preparation Guidelines and I have run DeFrogger, DDS, and Gmer and I am now turning to you beautiful people for some help. I know that ideally I should just reformat the computer and put on Windows 7 while I'm at it, but I'm cash and time strapped, thus I'm still on Vista 32bit on SP2.
The malware seems to begin to shut down different windows/microsoft functions. I noticed, while running scans, progressive message blocks about:
"Host Process for Windows Services stopped working and was closed"
and then it went for MS word, outlook, etc.

I appreciate your time and help guys!


DDS.txt below and attach.txt attached.



DDS (Ver_10-03-17.01) - NTFSx86
Run by cattherina at 9:42:26.18 on Fri 08/13/2010
Internet Explorer: 8.0.6001.18928
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.2037.1043 [GMT -6:00]

SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\lxdicoms.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Norton 360\Engine\4.2.0.12\ccSvcHst.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Norton 360\Engine\4.2.0.12\ccSvcHst.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Users\cattherina\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\cattherina\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\cattherina\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\cattherina\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\cattherina\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\cattherina\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\cattherina\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\cattherina\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\cattherina\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wuauclt.exe
C:\Users\cattherina\Desktop\dds.scr
C:\Windows\system32\conime.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.shoptoshiba.ca/welcome
uInternet Settings,ProxyOverride = *.local
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\4.2.0.12\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\4.2.0.12\IPSBHO.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\4.2.0.12\coIEPlg.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "c:\users\cattherina\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [EPSON NX410 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatifca.exe /fu "c:\windows\temp\E_S8BEC.tmp" /EF "HKCU"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [HWSetup] c:\program files\toshiba\utilities\HWSetup.exe hwSetUP
mRun: [SVPWUTIL] c:\program files\toshiba\utilities\SVPWUTIL.exe SVPwUTIL
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [lxdimon.exe] "c:\program files\lexmark 3500-4500 series\lxdimon.exe"
mRun: [lxdiamon] "c:\program files\lexmark 3500-4500 series\lxdiamon.exe"
mRun: [FaxCenterServer] "c:\program files\\lexmark fax solutions\fm3032.exe" /s
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [Adobe_ID0ENQBO] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlcm.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll

============= SERVICES / DRIVERS ===============

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0402000.00c\symds.sys [2010-5-20 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0402000.00c\symefa.sys [2010-5-20 173104]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\bashdefs\20100719.001\BHDrvx86.sys [2010-7-19 692272]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0402000.00c\cchpx86.sys [2010-5-20 501888]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\ipsdefs\20100809.001\IDSvix86.sys [2010-8-11 344112]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0402000.00c\ironx86.sys [2010-5-20 116784]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\0402000.00c\symtdiv.sys [2010-5-20 339504]
R2 lxdi_device;lxdi_device;c:\windows\system32\lxdicoms.exe -service --> c:\windows\system32\lxdicoms.exe -service [?]
R2 N360;Norton 360;c:\program files\norton 360\engine\4.2.0.12\ccsvchst.exe [2010-5-20 126392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-6-1 102448]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-20 135664]
S2 lxdiCATSCustConnectService;lxdiCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdiserv.exe [2007-4-26 99248]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 284016]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-2 21504]

=============== Created Last 30 ================

2010-08-13 15:26:54 176 ----a-w- c:\users\cattherina\defogger_reenable
2010-08-13 00:54:02 0 d-----w- c:\users\catthe~1\appdata\roaming\Malwarebytes
2010-08-13 00:53:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-13 00:53:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-13 00:53:08 0 d-----w- c:\programdata\Malwarebytes
2010-08-13 00:53:08 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-12 22:05:58 0 d-----w- c:\users\catthe~1\appdata\roaming\032DAC15BFC8FC4462545DB867FB9A2C
2010-07-29 02:13:05 0 d-----w- c:\programdata\Blizzard Entertainment
2010-07-29 02:13:04 0 d-----w- c:\program files\StarCraft II
2010-07-21 06:39:39 0 d-----w- c:\program files\Microsoft Research
2010-07-16 15:35:00 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-07-16 15:35:00 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-07-16 15:35:00 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-07-16 15:35:00 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-07-16 15:35:00 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-07-16 15:30:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-07-16 15:30:37 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

==================== Find3M ====================

2010-08-13 15:41:41 51200 ----a-w- c:\windows\inf\infpub.dat
2010-08-13 15:41:41 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-07-17 11:00:04 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-09 02:09:20 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-05-26 17:06:41 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47:41 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-24 02:16:56 86016 ----a-w- c:\windows\inf\infstor.dat
2010-03-24 04:13:29 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-16 01:46:55 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 9:44:20.96 ===============


Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:41 PM

Posted 20 August 2010 - 01:54 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.
  1. Do not run any other tool untill instructed to do so!
  2. Please Do not Attach logs or put in code boxes.
  3. Tell me about any problems that have occurred during the fix.
  4. Tell me of any other symptoms you may be having as these can help also.
  5. Do not run anything while running a fix.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:
    Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
    • The application window will appear
    • Click the Disable button to disable your CD Emulation drivers
    • Click Yes to continue
    • A 'Finished!' message will appear
    • Click OK
    • DeFogger may ask you to reboot the machine, if it does - click OK
    Do not re-enable these drivers until otherwise instructed.

Download DDS:
    Please download DDS by sUBs from one of the links below and save it to your desktop:


    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.
    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
      • DDS.txt
      • Attach.txt
    • A window will open instructing you save & post the logs
    • Save the logs to a convenient place such as your desktop
    • Copy the contents of both logs & post in your next reply

Scan With RKUnHooker
  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


MBRCheck

Please also download MBRCheck to your desktop
  • Double click MBRCheck.exe to run (vista and Win 7 right click and select Run as Administrator)
  • It will show a Black screen with some data on it
  • a report called MBRcheck will be on your desktop
  • open this report
  • Right click on the screen and select > Select All
  • Press Control+C
  • now please copy that report to this thread


information and logs:
    In your next post I need the following
      1.logs from DDS
      2.log from RKUnHooker
      3. report from MBRchecker
      4.let me know of any problems you may have had

Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 jon y

jon y
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:41 PM

Posted 20 August 2010 - 05:47 PM

Hello Gringo,

Thanks for getting to me. Unfortunately the virus moved to blue screening and I elected to do a full factory reset. I would have done a hard reformat but Toshiba did not provide a recovery disc and the software they provided to make one did/does not work.
The laptop appears functional and there has been no detection of any viruses or malware by Microsoft Security Essentials, or Malwarebytes.

My only concern at this point, because I was unable to do a clean wipe and reinstall, is if there is anything in the boot or if the hidden partition was somehow affected (doubtful)
Could you help me check in this regard?

Cheers,

Jon

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:41 PM

Posted 20 August 2010 - 06:02 PM

Run this for me

MBRCheck

Please also download MBRCheck to your desktop
  • Double click MBRCheck.exe to run (vista and Win 7 right click and select Run as Administrator)
  • It will show a Black screen with some data on it
  • a report called MBRcheck will be on your desktop
  • open this report
  • Right click on the screen and select > Select All
  • Press Control+C
  • now please copy that report to this thread

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 jon y

jon y
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:41 PM

Posted 20 August 2010 - 06:21 PM

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: TOSHIBA
BIOS Manufacturer: TOSHIBA
System Manufacturer: TOSHIBA
System Product Name: Satellite A200
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 152):
0x81C10000 \SystemRoot\system32\ntoskrnl.exe
0x81FBB000 \SystemRoot\system32\hal.dll
0x82407000 \SystemRoot\system32\kdcom.dll
0x8240E000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8247E000 \SystemRoot\system32\PSHED.dll
0x8248F000 \SystemRoot\system32\BOOTVID.dll
0x82497000 \SystemRoot\system32\CLFS.SYS
0x824D8000 \SystemRoot\system32\CI.dll
0x825B8000 \SystemRoot\system32\drivers\Wdf01000.sys
0x82634000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x82641000 \SystemRoot\system32\drivers\acpi.sys
0x82687000 \SystemRoot\system32\drivers\WMILIB.SYS
0x82690000 \SystemRoot\system32\drivers\msisadrv.sys
0x82698000 \SystemRoot\system32\drivers\pci.sys
0x826BF000 \SystemRoot\system32\DRIVERS\LPCFilter.sys
0x826C9000 \SystemRoot\System32\drivers\partmgr.sys
0x826D8000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x826DB000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x826E5000 \SystemRoot\system32\drivers\volmgr.sys
0x826F4000 \SystemRoot\System32\drivers\volmgrx.sys
0x8273E000 \SystemRoot\system32\drivers\intelide.sys
0x82745000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x82753000 \SystemRoot\system32\DRIVERS\pcmcia.sys
0x82780000 \SystemRoot\System32\drivers\mountmgr.sys
0x82790000 \SystemRoot\system32\drivers\atapi.sys
0x82798000 \SystemRoot\system32\drivers\ataport.SYS
0x827B6000 \SystemRoot\system32\drivers\fltmgr.sys
0x827E8000 \SystemRoot\system32\drivers\fileinfo.sys
0x87C0B000 \SystemRoot\System32\Drivers\ksecdd.sys
0x87C7C000 \SystemRoot\system32\drivers\ndis.sys
0x87D87000 \SystemRoot\system32\drivers\msrpc.sys
0x87DB2000 \SystemRoot\system32\drivers\NETIO.SYS
0x87DED000 \SystemRoot\System32\drivers\tcpip.sys
0x87EDA000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x87EF5000 \SystemRoot\system32\DRIVERS\timntr.sys
0x8800B000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8811B000 \SystemRoot\system32\drivers\volsnap.sys
0x88154000 \SystemRoot\system32\DRIVERS\TVALZ_O.SYS
0x88159000 \SystemRoot\system32\DRIVERS\tos_sps32.sys
0x881A4000 \SystemRoot\system32\DRIVERS\tdrpm251.sys
0x8827F000 \SystemRoot\System32\Drivers\spldr.sys
0x88287000 \SystemRoot\system32\DRIVERS\snapman.sys
0x882AC000 \SystemRoot\System32\Drivers\mup.sys
0x882BB000 \SystemRoot\System32\drivers\ecache.sys
0x882E2000 \SystemRoot\system32\drivers\disk.sys
0x882F3000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x88314000 \SystemRoot\system32\drivers\crcdisk.sys
0x8833D000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x88348000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x88351000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8B80B000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x8BEC6000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8BF67000 \SystemRoot\System32\drivers\watchdog.sys
0x8BF73000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8C008000 \SystemRoot\system32\DRIVERS\NETw5v32.sys
0x8C391000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
0x8C3D3000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x88360000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8C3DE000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8C3ED000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8839E000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x883AC000 \SystemRoot\system32\drivers\tifm21.sys
0x87F7F000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x8C000000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x87F99000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8B800000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x87FAC000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8C004000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x88000000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x883F9000 \SystemRoot\system32\DRIVERS\tdcmdpst.sys
0x87FDE000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8C802000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8C831000 \SystemRoot\system32\DRIVERS\storport.sys
0x8C872000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8C87D000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8C894000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8C89F000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8C8C2000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8C8D1000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8C8E5000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8C8FA000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8C90A000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8C90C000 \SystemRoot\system32\DRIVERS\ks.sys
0x8C936000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8C940000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8C94D000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8C982000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8C993000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8CB3B000 \SystemRoot\system32\drivers\portcls.sys
0x8CB68000 \SystemRoot\system32\drivers\drmk.sys
0x8CC0F000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0x8CD2B000 \SystemRoot\system32\drivers\modem.sys
0x8CD38000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x8CD5B000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8CD64000 \SystemRoot\System32\Drivers\Null.SYS
0x8CD6B000 \SystemRoot\System32\Drivers\Beep.SYS
0x8CD72000 \SystemRoot\System32\drivers\vga.sys
0x8CD7E000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8CD9F000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8CDA7000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8CDAF000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8CDBA000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8CDC8000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8CDD1000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8CDE7000 \SystemRoot\system32\DRIVERS\smb.sys
0x8CDFB000 \SystemRoot\system32\drivers\afd.sys
0x8CE43000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8CE75000 \SystemRoot\system32\DRIVERS\vsdatant.sys
0x8CF00000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8CF16000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8CF24000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8CF37000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8CF73000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8CF7D000 \SystemRoot\System32\Drivers\dfsc.sys
0x8CF94000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8CFA1000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8CFAC000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x8CFB4000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8CFCB000 \SystemRoot\system32\DRIVERS\UVCFTR_S.SYS
0x8CFD4000 \SystemRoot\System32\Drivers\usbvideo.sys
0x81440000 \SystemRoot\System32\win32k.sys
0x8CFF5000 \SystemRoot\System32\drivers\Dxapi.sys
0x8CC00000 \SystemRoot\system32\DRIVERS\monitor.sys
0x81660000 \SystemRoot\System32\TSDDD.dll
0x81680000 \SystemRoot\System32\cdd.dll
0x8CB8D000 \SystemRoot\system32\drivers\luafv.sys
0x8CBB0000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xA8003000 \SystemRoot\system32\drivers\spsys.sys
0xA80B3000 \SystemRoot\system32\DRIVERS\nwifi.sys
0xA80DD000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA80E7000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xA80FA000 \??\C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
0xA8102000 \SystemRoot\system32\drivers\HTTP.sys
0xA816F000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xA818C000 \SystemRoot\system32\DRIVERS\bowser.sys
0xA81A5000 \SystemRoot\System32\drivers\mpsdrv.sys
0xA81BA000 \SystemRoot\system32\drivers\mrxdav.sys
0xA81DB000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA81FA000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xA8233000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA824B000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA8272000 \SystemRoot\System32\DRIVERS\srv.sys
0xA82C0000 \SystemRoot\system32\DRIVERS\afcdp.sys
0xA82E6000 \SystemRoot\system32\drivers\peauth.sys
0xA83C4000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA83CE000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA83DA000 \SystemRoot\system32\drivers\tdtcp.sys
0xA83E5000 \SystemRoot\System32\DRIVERS\tssecsrv.sys
0x8CBC0000 \SystemRoot\System32\Drivers\RDPWD.SYS
0x8831D000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xA83F1000 \SystemRoot\system32\DRIVERS\MpNWMon.sys
0x77210000 \Windows\System32\ntdll.dll

Processes (total 72):
0 System Idle Process
4 System
708 C:\Windows\System32\smss.exe
848 csrss.exe
892 C:\Windows\System32\wininit.exe
904 csrss.exe
936 C:\Windows\System32\services.exe
956 C:\Windows\System32\lsass.exe
964 C:\Windows\System32\lsm.exe
1048 C:\Windows\System32\winlogon.exe
1156 C:\Windows\System32\svchost.exe
1200 C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
1248 C:\Windows\System32\svchost.exe
1304 C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
1432 C:\Windows\System32\svchost.exe
1492 C:\Windows\System32\svchost.exe
1504 C:\Windows\System32\svchost.exe
1600 C:\Windows\System32\audiodg.exe
1624 C:\Windows\System32\svchost.exe
1640 C:\Windows\System32\SLsvc.exe
1672 C:\Windows\System32\svchost.exe
1820 C:\Windows\System32\svchost.exe
1964 C:\Windows\System32\ZoneLabs\vsmon.exe
1660 C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
1828 C:\Windows\System32\dwm.exe
748 C:\Windows\explorer.exe
1592 C:\Windows\System32\spoolsv.exe
1092 C:\Windows\System32\svchost.exe
2120 C:\Windows\System32\taskeng.exe
2224 C:\Windows\System32\taskeng.exe
2240 C:\Windows\RtHDVCpl.exe
2272 C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
2288 C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
2320 C:\Program Files\Microsoft Security Essentials\msseces.exe
2328 C:\Windows\System32\igfxtray.exe
2336 C:\Windows\System32\hkcmd.exe
2344 C:\Windows\System32\igfxpers.exe
2352 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2368 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2392 C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
2428 C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
2444 C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
2452 C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
2472 C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
2488 C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
2612 C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
2664 C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
2676 C:\Windows\System32\agrsmsvc.exe
2688 C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
2812 C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
2828 C:\Windows\System32\igfxsrvc.exe
3016 C:\Windows\System32\svchost.exe
3052 C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
3072 C:\Windows\System32\TODDSrv.exe
3096 C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
3168 C:\Windows\System32\svchost.exe
3204 C:\Windows\System32\SearchIndexer.exe
3976 C:\Program Files\Synaptics\SynTP\SynToshiba.exe
3040 C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
2660 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
3300 C:\Windows\System32\SearchProtocolHost.exe
3028 C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
3692 C:\Program Files\Internet Explorer\iexplore.exe
3312 C:\Program Files\Internet Explorer\iexplore.exe
4976 C:\Program Files\Internet Explorer\iexplore.exe
5224 WmiPrvSE.exe
5532 C:\Windows\servicing\TrustedInstaller.exe
5608 C:\Windows\System32\SearchFilterHost.exe
4408 C:\Windows\System32\wbem\WMIADAP.exe
2388 WmiPrvSE.exe
3248 C:\Program Files\Internet Explorer\iexplore.exe
4972 C:\Users\Jon\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`5dd00000 (NTFS)

PhysicalDrive0 Model Number: TOSHIBAMK2035GSS, Rev: DK020M

Size Device Name MBR Status
--------------------------------------------
186 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: BBAD517F7EAC529451E4B9586C847AE190574F61


Done!

Edited by jon y, 20 August 2010 - 06:28 PM.


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:41 PM

Posted 20 August 2010 - 06:44 PM

Hello

That looks good, If you have any problems just give me a shout and I will check things over for you thumbup2.gif



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 jon y

jon y
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:41 PM

Posted 20 August 2010 - 06:48 PM

Thanks Gringo. Much Appreciated.

One last thing, that factory reset would have eliminated backdoor trojan threat as well right?

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:41 PM

Posted 20 August 2010 - 06:51 PM

Yes it would put the computer exactly as you brought it home


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 jon y

jon y
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:41 PM

Posted 20 August 2010 - 06:58 PM

Awesome. Thanks again Gringo!

Keep up the good work. You may close this thread and help another!

~J

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:41 PM

Posted 20 August 2010 - 07:24 PM

You are most welcome


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:41 PM

Posted 23 August 2010 - 02:05 AM

Since the issue is resolved, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

The fixes and advice in this thread are for this machine only.
Do not apply the instructions from this thread to your own machine.
Please start a new thread describing your issue and someone will be along to assist you.


With Regards,
Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users