Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

lsprst7.dll recurring infection


  • This topic is locked This topic is locked
12 replies to this topic

#1 jonbenz

jonbenz

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:59 PM

Posted 24 August 2010 - 10:04 AM

My computer stop working after an hour (or sometimes when i open a lot of software). internet connection fails (cable and wireless) and i can't even restart the computer (i must turn it off).

This files keeps regenerating

C:\WINDOWS\system32\lsprst7.dll
C:\WINDOWS\system32\lsprst7.tgz
C:\WINDOWS\system32\sysprs7.dll
C:\WINDOWS\system32\sysprs7.tgz
C:\WINDOWS\system32\servdat.slm
C:\WINDOWS\system32\log.txt

I also remove this registry entries but it regenerates too.

HKLM\SOFTWARE\Rainbow Technologies
HKLM\SOFTWARE\ntpad
HKLM\CLSSYSTEM

Please, i have 4 laptops (from work) infected with this virus (if it is a virus). I think some flash drive or an external HD is the source, i need to clean it too.




DDS (Ver_10-03-17.01) - NTFSx86
Run by benzaquj at 0:15:09.57 on Tue 08/24/2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3067.2288 [GMT -5:00]

AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

============== Running Processes ===============

c:\Program Files\Fingerprint Sensor\AtService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
C:\Program Files\Intel\WiFi\bin\WLKeeper.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\AspenTech\Enterprise\Integration\Framework\bin\AspenIntegrationFramework.exe
C:\Program Files\AspenTech\Enterprise\Integration\Framework\bin\AspenIntegrationRepository.exe
C:\Program Files\AspenTech\Enterprise\Integration\Framework\bin\AspenIntegrationRouter.exe
C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\system32\AccelerometerSt.Exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Norton Ghost\Agent\VProTray.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ATT Connect\OutlookAddin\Server\IWOAISRV.exe
C:\Program Files\Interwise\Participant\pull.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Benzaquj\Desktop\AV\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.aspentech.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptsn.dll
BHO: Windows Live Aplicación auxiliar de inicio de sesión: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [IWOAIsrv] "c:\program files\att connect\outlookaddin\server\IWOAISRV.exe"
uRun: [Push Client] c:\program files\interwise\participant\pull.exe
mRun: [picon] "c:\program files\common files\intel\privacy icon\PrivacyIconClient.exe" -startup
mRun: [FRYMXINS] "c:\program files\ati technologies\fire gl 3d studio max\atiimxgl"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [AccelerometerSysTrayApplet] c:\windows\system32\AccelerometerSt.Exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey
mRun: [RoxioDragToDisc] "c:\program files\roxio\drag-to-disc\DrgToDsc.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [imekrmig7.0] "c:\program files\common files\microsoft shared\ime\imkr7\IMEKRMIG.EXE"
mRun: [IMJPMIG9.0] "c:\program files\common files\microsoft shared\ime\imjp9\imjprmzb.exe" /RmZombie
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [WatchDog] c:\program files\intervideo\dvd check\DVDCheck.exe
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [IntelZeroConfig] "c:\program files\intel\wifi\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel Wireless Tray
mRun: [Norton Ghost 15.0] "c:\program files\norton ghost\agent\VProTray.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [MsmqIntCert] regsvr32 /s mqrt.dll
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dvdche~1.lnk - c:\program files\intervideo\dvd check\DVDCheck.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1281985659234
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFECAFE-0013-0001-0021-ABCDEFABCDEF} - hxxp://11iprod.corp.aspentech.com:8045/jinitiator/oajinit.exe
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://juniper.net/dana-cached/setup/JuniperSetupSP1.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
mASetup: {D6A4F85E-9184-4F1C-974B-1C8359E87F50} - "c:\windows\system32\msiexec.exe" /fu {D6A4F85E-9184-4F1C-974B-1C8359E87F50} /q
mASetup: 1CB42A39-CFB3-C2BD-6D59-046E4A167353 - "c:\windows\system32\msiexec.exe" /fpu {FBE103E9-E0B6-49F5-AA7D-E120C8ED4F60} /q

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\benzaquj\applic~1\mozilla\firefox\profiles\pobciuvb.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.ve
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-10-8 343664]
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [2008-3-28 24064]
R2 Aspen EIF Repository;Aspen EIF Repository;c:\program files\aspentech\enterprise\integration\framework\bin\AspenIntegrationRepository.exe [2007-9-27 7168]
R2 Aspen EIF Router;Aspen EIF Router;c:\program files\aspentech\enterprise\integration\framework\bin\AspenIntegrationRouter.exe [2007-9-27 6144]
R2 AspenTech Enterprise Integration Framework;Aspen Enterprise Integration Framework;c:\program files\aspentech\enterprise\integration\framework\bin\AspenIntegrationFramework.exe [2007-9-27 7680]
R2 ATService;AuthenTec Fingerprint Service;c:\program files\fingerprint sensor\AtService.exe [2008-6-12 1164536]
R2 McAfeeEngineService;McAfee Engine Service;c:\program files\mcafee\virusscan enterprise\EngineServer.exe [2009-8-31 21256]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2008-3-13 103744]
R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2009-8-31 146448]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2009-8-31 66896]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2009-10-8 70728]
R2 UNS;Intel® Active Management Technology User Notification Service;c:\program files\common files\intel\privacy icon\uns\UNS.exe [2009-1-15 2058776]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2008-6-12 477696]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-1-15 193840]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2008-3-27 239760]
R3 GenericMount;Generic Mount Driver;c:\windows\system32\drivers\GenericMount.sys [2009-9-21 57840]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2007-4-4 41216]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-10-8 91672]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-10-8 43288]
R3 rismc32;RICOH Smart Card Reader;c:\windows\system32\drivers\rismc32.sys [2009-1-15 47616]
R3 SymSnapService;SymSnapService;c:\program files\norton ghost\shared\drivers\SymSnapService.exe [2009-9-21 1964528]
S1 mferkdk;VSCore mferkdk;\??\c:\program files\mcafee\virusscan enterprise\mferkdk.sys --> c:\program files\mcafee\virusscan enterprise\mferkdk.sys [?]
S2 AfwSecCliSvc;AFW Security Client Service;c:\program files\aspentech\bpe\AfwSecCliSvc.exe [2007-10-3 380928]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 ECORIONAdapter;ECORIONAdapter;c:\program files\aspentech\aep\enterpriseconnect\integrationpacks\orion\adapter\bin\ECOrionAdapter.exe [2007-8-27 20480]
S3 GenericMount Helper Service;GenericMount Helper Service;c:\program files\norton ghost\shared\drivers\GenericMountHelper.exe [2009-9-21 1574408]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\7.tmp --> c:\windows\system32\7.tmp [?]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2009-10-8 65448]
S3 PIMSRemoteService;PIMSRemoteService;c:\program files\aspentech\aspen pims\PIMSRemoteServer.exe [2007-8-6 20480]
S3 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [2006-2-28 5120]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2006-2-28 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2010-08-24 05:11:38 6956 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2010-08-24 05:06:07 2148 ----a-w- c:\windows\system32\wpa.dbl
2010-08-24 05:05:29 2491 ----a-w- c:\windows\system32\SiteList.xml
2010-08-24 04:08:41 219 ----a-w- c:\windows\system32\lsprst7.tgz
2010-08-24 04:08:41 205 ----a-w- c:\windows\system32\lsprst7.dll
2010-08-24 04:08:41 2048 ----a-w- c:\windows\system32\sysprs7.tgz
2010-08-24 04:08:41 2048 ----a-w- c:\windows\system32\sysprs7.dll
2010-08-24 04:08:41 16 ---h--w- c:\windows\system32\servdat.slm
2010-08-24 04:08:41 14 ----a-w- c:\windows\system32\tmpPrst.tgz
2010-08-23 21:41:54 0 d-----w- c:\program files\Sophos
2010-08-23 21:02:37 0 d-----w- C:\Quarantine
2010-08-23 21:01:42 0 d-sha-r- C:\cmdcons
2010-08-23 20:59:09 77312 ----a-w- c:\windows\MBR.exe
2010-08-23 20:59:03 161792 ----a-w- c:\windows\SWREG.exe
2010-08-23 20:59:02 98816 ----a-w- c:\windows\sed.exe
2010-08-23 20:43:46 0 d-----w- c:\docume~1\benzaquj\applic~1\Malwarebytes
2010-08-23 20:43:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-23 20:43:38 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-23 20:43:38 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-08-23 20:43:37 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-23 18:01:34 0 d-----w- c:\documents and settings\benzaquj\Tracing
2010-08-23 18:00:38 0 d-----w- c:\program files\Microsoft
2010-08-23 18:00:22 0 d-----w- c:\program files\Windows Live SkyDrive
2010-08-23 17:56:53 0 d-----w- c:\program files\common files\Windows Live
2010-08-23 17:35:59 0 d-----w- c:\program files\Microsoft Virtual PC
2010-08-23 17:09:57 0 d-----w- c:\program files\Microsoft SQL Server
2010-08-23 17:05:40 0 d-----w- c:\docume~1\benzaquj\applic~1\Aspentech
2010-08-23 16:12:25 0 d-----w- c:\docume~1\alluse~1\applic~1\AspenTech
2010-08-23 16:11:27 0 d-----w- c:\program files\MapInfo MapX
2010-08-23 16:11:27 0 d-----w- c:\program files\common files\MapInfo Shared
2010-08-23 16:11:22 308227 ----a-w- c:\windows\IsUninst.exe
2010-08-23 16:11:17 0 d-----w- c:\documents and settings\benzaquj\WINDOWS
2010-08-23 16:08:14 0 d-----w- c:\windows\system32\msmq
2010-08-23 15:41:57 0 d-----w- c:\program files\common files\SafeNet Sentinel
2010-08-23 15:41:52 0 d-----w- c:\program files\common files\Hyprotech
2010-08-23 15:41:52 0 d-----w- c:\program files\common files\AspenTech Shared
2010-08-23 15:41:52 0 d-----w- c:\program files\AspenTech
2010-08-20 22:43:21 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2010-08-20 22:43:21 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-08-20 22:43:19 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2010-08-20 22:43:19 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2010-08-20 20:59:11 0 d-----w- C:\Jonathan
2010-08-20 20:42:59 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01009.Wdf
2010-08-20 20:41:45 0 d-----w- c:\program files\LSI SoftModem
2010-08-20 20:21:20 0 d-----w- c:\windows\system32\winrm
2010-08-20 20:21:16 0 dc-h--w- c:\windows\$968930Uinstall_KB968930$
2010-08-20 20:20:57 0 d-----w- c:\docume~1\benzaquj\applic~1\Windows Desktop Search
2010-08-20 19:25:19 0 d-----w- c:\windows\system32\scripting
2010-08-20 19:25:19 0 d-----w- c:\windows\system32\en
2010-08-20 19:25:19 0 d-----w- c:\windows\l2schemas
2010-08-20 19:22:40 0 d-----w- c:\windows\network diagnostic
2010-08-20 18:44:59 56623 ------w- c:\windows\system32\drivers\ati1btxx.sys
2010-08-20 18:44:59 44928 ------w- c:\windows\system32\drivers\agpcpq.sys
2010-08-20 18:44:59 43008 ------w- c:\windows\system32\drivers\amdagp.sys
2010-08-20 18:44:59 42752 ------w- c:\windows\system32\drivers\alim1541.sys
2010-08-20 18:44:59 4255 ------w- c:\windows\system32\drivers\adv01nt5.dll
2010-08-20 18:44:59 42368 ------w- c:\windows\system32\drivers\agp440.sys
2010-08-20 18:44:59 3967 ------w- c:\windows\system32\drivers\adv02nt5.dll
2010-08-20 18:44:59 3775 ------w- c:\windows\system32\drivers\adv11nt5.dll
2010-08-20 18:44:59 3711 ------w- c:\windows\system32\drivers\adv09nt5.dll
2010-08-20 18:44:59 3647 ------w- c:\windows\system32\drivers\adv07nt5.dll
2010-08-20 18:44:59 3615 ------w- c:\windows\system32\drivers\adv05nt5.dll
2010-08-20 18:44:59 3135 ------w- c:\windows\system32\drivers\adv08nt5.dll
2010-08-20 18:44:59 11615 ------w- c:\windows\system32\drivers\ati1mdxx.sys
2010-08-19 16:41:33 0 d-----w- c:\docume~1\benzaquj\applic~1\Symantec
2010-08-19 16:12:39 215144 ----a-r- c:\windows\patchw32.dll
2010-08-19 16:10:45 215144 ----a-r- c:\windows\pw32a.dll
2010-08-19 16:03:54 0 d-----w- c:\program files\Symantec
2010-08-19 16:03:42 131000 ----a-w- c:\windows\system32\drivers\WimFltr.sys
2010-08-19 16:03:16 138592 ----a-w- c:\windows\system32\drivers\symsnap.sys
2010-08-19 16:03:11 15096 ----a-w- c:\windows\system32\drivers\vproeventmonitor.sys
2010-08-19 16:03:11 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_GenericMount_01009.Wdf
2010-08-19 16:03:10 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-08-19 16:03:04 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2010-08-19 16:02:53 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-08-19 16:02:53 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-08-19 16:02:34 0 d-----w- c:\program files\common files\Symantec Shared
2010-08-19 16:02:17 0 d-----w- c:\program files\Norton Ghost
2010-08-19 16:02:17 0 d-----w- c:\docume~1\alluse~1\applic~1\Symantec
2010-08-19 16:02:17 0 d-----w- c:\docume~1\alluse~1\applic~1\{1C6FDDD8-FC9E-4C12-9FA5-1AAD377097B3}
2010-08-16 19:51:56 0 d-----w- c:\docume~1\benzaquj\applic~1\Juniper Networks
2010-08-16 19:51:03 0 d-----w- c:\windows\system32\bits
2010-08-16 19:50:31 7168 ------w- c:\windows\system32\bitsprx4.dll
2010-08-16 19:50:20 0 d-----w- c:\windows\system32\ccmsetup
2010-08-16 19:44:55 0 d-----w- c:\docume~1\benzaquj\applic~1\Interwise
2010-08-16 19:44:55 0 d-----w- c:\docume~1\benzaquj\applic~1\Intel
2010-08-16 19:44:55 0 d-----w- c:\docume~1\benzaquj\applic~1\ATT Connect
2010-08-16 19:22:18 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-08-16 19:20:38 65536 -c----w- c:\windows\system32\dllcache\asycfilt.dll
2010-08-16 19:20:13 177664 -c----w- c:\windows\system32\dllcache\wintrust.dll
2010-08-16 19:19:49 100864 -c----w- c:\windows\system32\dllcache\6to4svc.dll
2010-08-16 19:19:44 86016 -c----w- c:\windows\system32\dllcache\cabview.dll
2010-08-16 19:19:15 343040 -c----w- c:\windows\system32\dllcache\mspaint.exe
2010-08-16 19:19:02 11264 -c----w- c:\windows\system32\dllcache\msrle32.dll
2010-08-16 19:18:49 33280 -c----w- c:\windows\system32\dllcache\csrsrv.dll
2010-08-16 19:18:47 474112 -c----w- c:\windows\system32\dllcache\shlwapi.dll
2010-08-16 19:18:13 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-08-16 19:18:06 270336 -c----w- c:\windows\system32\dllcache\oakley.dll
2010-08-16 19:18:02 79872 -c----w- c:\windows\system32\dllcache\raschap.dll
2010-08-16 19:18:02 149504 -c----w- c:\windows\system32\dllcache\rastls.dll
2010-08-16 19:17:52 75776 -c----w- c:\windows\system32\dllcache\strmfilt.dll
2010-08-16 19:17:52 25088 -c----w- c:\windows\system32\dllcache\httpapi.dll
2010-08-16 19:17:51 265728 -c----w- c:\windows\system32\dllcache\http.sys
2010-08-16 19:08:15 15064 ----a-w- c:\windows\system32\wuapi.dll.mui

==================== Find3M ====================

2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:15:28 832512 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 12:15:26 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-06-24 12:15:26 17408 ----a-w- c:\windows\system32\corpol.dll
2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-05-28 03:31:32 165160 ----a-w- c:\windows\system32\SynTPAPI.dll
2010-05-28 03:31:32 120104 ----a-w- c:\windows\system32\SynTPCo4.dll
2010-05-28 03:31:28 210216 ----a-w- c:\windows\system32\SynCtrl.dll
2010-05-28 03:31:26 173352 ----a-w- c:\windows\system32\SynCOM.dll
2009-10-22 22:12:59 16384 --sha-w- c:\windows\system32\config\systemprofile\application data\microsoft\internet explorer\userdata\index.dat

============= FINISH: 0:15:50.25 ===============


Attached Files



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:59 AM

Posted 30 August 2010 - 09:53 AM


If this is a business computer, are you the domain administrator? If you are not, have you informed your domain administrator, (business manager, Systems Analyst, or Information Technology (IT) Specialist)?

I ask this for several reasons:
  • There may be restrictions and modifications installed on such machines that could be damaged or altered by the actions we take to remove Malware.
  • Any infection could jump terminals in a computer network.
  • There may also be legal issues regarding any loss of business data that I do not wish to deal with.
  • Some people who come here use their computers for work, and the computers may contain the patient records of a physician or the financial records of an accountant's clients or credit card and bank account information of their employer's customers.
  • There may be tremendous risks and legal liability for such users for not fully securing the computer. We will not know this unless we ask. We do not want to be accidentally putting those we help in vulnerable positions for law suits.
  • Business factors outweigh technical factors in making the reformat and reinstall decision. Sometimes friends give missing CDs or lack of expertise as a reason for not doing a reformat and reinstall.
  • The cost of replacing missing Windows XP and MS Office CDs and getting an Microsoft Certified Systems Engineer to come in for 3 hours to do the reinstall and apply all the critical updates, is trivial compared with the potential cost of a multi-million dollar lawsuit for breach of trust if confidential client or patient information is disclosed.
  • In specific situations where highly confidential information about others is on the computer, and a backdoor virus or trojan is found, we are helping people more by identifying that they have a backdoor trojan which puts them in a particularly vulnerable situation and sending them to seek local professional help from a Microsoft Certified Systems Engineer or Certified Information Systems Security Professional or Global Information Assurance Certification Certified Security Expert or Certified Computing Professional or Internet Service Provider than we would be trying to fully resolve their problems long distance.

Please let me know if you have the approval to clean these pPCs and if you want to proceed

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 jonbenz

jonbenz
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:59 PM

Posted 31 August 2010 - 12:02 PM

Hi Myrti,

Yes, this is a business computer. I am the final user but not the domain administrator. I think i must ask for the approval to clean it (i will let you know immediately i get an answer). IT guys re-formated my hard drive but i think the virus is still on the flash drive i made the backup (because the malware went back).

I know this is a rule of the forum, but due the lack of response (until now) i was forced to use combofix (it removed the malware) but it came back (it is possible tha this malware is coming from a zip file sent to me from a infected computer?).

If it came from my flash drive, how can i use combofix on them?

after the cleaning, how can i protect my computer from this malware? I use Mcaffe and Super Anty Spyware (inclusive Malware Bytes) but none of them detect the threat.

Thank you



#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:59 AM

Posted 01 September 2010 - 04:30 AM

Hi,

you cnan use flash disinfector to clean and vaccinate your flash drives:

Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
  • Hold down the Shift key when inserting the drive until Windows detects it to keep autorun.inf from executing if it is present.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: As part of its routine, Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that was plugged in when you ran it. Do not delete this folder...it will help protect your drives from future infection by keeping the autorun file from being installed on the root drive and running other malicious files.

Let me know what the admin says.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 jonbenz

jonbenz
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:59 PM

Posted 02 September 2010 - 09:48 AM

Hi Myrti,

Sorry for the delay, i am still waiting for the autorization of the domain administrator sad.gif


Thanks for the software to clean up the flash drives, i will use it on them. i got a question, if i have already disabled the "autorun feature" in windows, should i still press "bleepf" to avoid it?


As i told you before, i detected that this threat is comming from a ZIP file. Combofix is only eliminating the threat from Windows\System32 folder, but no from de ZIP file. how can i clean it?


and last but not least, is there any software that really help me to avoid this malware after the cleaning process?


I will let you know when they allow me to proceed (i don't know why it takes so long)


Thank You very much.

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:59 AM

Posted 03 September 2010 - 04:15 AM

Hi,

an important part of preventing infections is keeping your PC up to date, I see both your Java and Adobe Reader to be outdated. These two programs are, above most others, the most common route of infections nowadays.

I'll give you some more tips at the end, since I would like to have as little change as possible while we clean, so that we can see what modifications are done by malware.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 jonbenz

jonbenz
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:59 PM

Posted 06 September 2010 - 01:20 PM

Hi myrti,

My administrator says that these files belongs to a Licenses Manager from our software. It seems that he is right, because every time i use this software the files modificates itself. So i think there was an infection but not with these files. Also, the computer has not experienced any failure since i ran combofix. what do you think?

everytime a ran combofix keeps removing this famous file (c:\windows\system32\lsprst7.dll) that according to my administrator is not malware... what is your opinion?

I have not receive a "no" for an answer (to cleaning it) but neither a yes.

I updated my Java and adobe acrobat too.

Thanks

#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:59 AM

Posted 07 September 2010 - 03:32 AM

Hi,

this is quite possible. Could you please zip the files that were deleted by ComboFix and the log created by ComboFix and upload it to this site. I will ask the developer to take a look.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 jonbenz

jonbenz
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:59 PM

Posted 07 September 2010 - 12:25 PM

Ok Myrti. I have already sent the file. Let me know if you need anything else

#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:59 AM

Posted 07 September 2010 - 03:08 PM

Hi,

thanks, I have let the developper know.

The PC is doing fine?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 jonbenz

jonbenz
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:59 PM

Posted 07 September 2010 - 11:15 PM

Yes Myrti, the PC is doing ok. no symptoms so far.

#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:59 AM

Posted 10 September 2010 - 04:22 AM

Hi,

that is great, all that is left to do then is to remove the programs we used:
Please do the following to clean up your PC:
  1. Delete the tools used during the disinfection:
  2. Uninstall ComboFix.exe And all Backups of the files it deleted
    • Click START then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    • Download OTC from the following mirror and save it to your desktop:
    • Double click on
    • Push the large "Cleanup" button.
    • Allow your system to reboot.
  3. If OTC faild to remove all programs from your Desktop, please delete the rest manually.
Please read these advices, in order to prevent reinfecting your PC:
  1. Install and update the following programs regularly:
    • an outbound firewall
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    • an Anti-Spyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
      SUPERAntiSpyware is another good scanner with high detection and removal rates.
      Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    • Spyware Blaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.
    • MVPs hosts file
      A tutorial for MVPs hosts file can be found here. If you would like automatic updates you might want to take a look at HostMan host file manager. For more information on thehosts file, and what it can do for you,please consult the Tutorial on the Hosts file
  2. Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holeswill allow an attacker unrestricted access to your computer.
    Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!
  3. Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.
  4. Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variantsevery single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing sad.gif.
Some more links you might find of interest:Have a nice day
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:59 AM

Posted 27 September 2010 - 07:11 AM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users