Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown Infection


  • This topic is locked This topic is locked
2 replies to this topic

#1 Tsukasa

Tsukasa

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:50 AM

Posted 26 March 2011 - 09:09 PM

Hi, I am new to this forum. My machine at one point just started to run slow, typical of most machines getting infected. I ran combofix, mbam, f-secure, norton, and panda on my drive to remove it with no success. How I notice it is that my hard disk light will flicker every so often when it is not in use, eventually it just got slow as dirt. I even wiped my machine and reloaded it because I could not find a final solution. One of my flash drives had some data on it I needed and of course, you guessed it, reinfected my machine. Keep in mind this is a fresh load. The machine started to do the same thing. Combofix reports that Regedit.exe is infected. It attempts repairs but fails. Combofix also detected rootkit activity, I did not see in the log what rootkit it was though. When I look at procmon, it has a large list of registry reads and writes in sync with the hard disk flashing. Its a constant flash, happens about every half second along with the registry access. My key drive seems to be accessed as well during inactivity, at a lower interval though(~1/2 min). I tried to pin down what it is, seems to be accessed through services.exe and maybe svchost.exe. I am a computer programmer, not an expert on viral analysis. Any help I could get would be greatly appreciated. Rootkit revealer and GMER especially seems to find a lot of things.

Here is my log file, I attached the attach.zip. GMER is still scanning, I will post that attachment when it is done.

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by User at 20:27:35.42 on Sat 03/26/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2198 [GMT -5:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Sunbelt VIPRE *Enabled/Updated* {964FCE60-0B18-4D30-ADD6-EB178909041C}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
svchost.exe
C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\User\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [SBAMTray] "c:\program files\sunbelt software\vipre\SBAMTray.exe"
mRun: [VirtualDrive] "c:\program files\farstone\virtualdrive\VDTask.exe" /AutoRestore
mRun: [vcdplayx] "c:\windows\vcdplayx.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1300549636765
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\user\applic~1\mozilla\firefox\profiles\xlaicgbq.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
.
============= SERVICES / DRIVERS ===============
.
R1 cdawdm;CDAWDM;c:\windows\system32\drivers\cdawdm.sys [2002-8-13 57877]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R1 pfmfs_359;pfmfs_359;c:\windows\system32\drivers\pfmfs_359.sys [2011-3-20 185048]
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2011-3-22 21464]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2010-5-13 98392]
R1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [2011-3-22 212568]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2011-3-22 69976]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [2011-3-19 20160]
S3 bcm;WiMAX Network Adapter;c:\windows\system32\drivers\drxvi314.sys [2009-11-3 282112]
S3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\drivers\BcmBusCtr.sys [2009-11-3 51712]
S3 PORTMON;PORTMON;\??\c:\documents and settings\user\desktop\systernals\portmsys.sys --> c:\documents and settings\user\desktop\systernals\PORTMSYS.SYS [?]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]
.
=============== Created Last 30 ================
.
2011-03-27 00:35:18 98816 ----a-w- c:\windows\sed.exe
2011-03-27 00:35:18 89088 ----a-w- c:\windows\MBR.exe
2011-03-27 00:35:18 256512 ----a-w- c:\windows\PEV.exe
2011-03-27 00:35:18 161792 ----a-w- c:\windows\SWREG.exe
2011-03-26 18:24:52 229208 ----a-w- c:\windows\system32\drivers\VMM.sys
2011-03-26 07:58:27 165232 ---ha-w- c:\docume~1\user\applic~1\microsoft\virtual pc\VPCKeyboard.dll
2011-03-26 07:56:51 6792528 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{2db7d37b-8130-4efd-98b1-52cccd3bb29b}\mpengine.dll
2011-03-25 23:59:29 -------- d-----w- c:\docume~1\user\applic~1\FarStone
2011-03-25 23:51:28 -------- d-----w- C:\VCD
2011-03-25 23:46:43 -------- d-----w- c:\program files\FarStone
2011-03-25 23:46:07 5501 ----a-w- c:\windows\system32\rtclcmg32.dll
2011-03-25 22:34:48 -------- d-----w- c:\program files\Microsoft Virtual PC
2011-03-25 22:18:55 -------- d-----w- c:\program files\IMSI
2011-03-25 21:40:44 -------- d-----w- c:\docume~1\alluse~1\applic~1\VS
2011-03-25 21:31:25 -------- d-----w- c:\docume~1\user\locals~1\applic~1\Microsoft_Corporation
2011-03-25 21:28:52 348256 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\vstahost\ssis_scriptcomponent\9.0\1033\ResourceCache.dll
2011-03-25 21:28:39 348256 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\vstahost\ssis_scripttask\9.0\1033\ResourceCache.dll
2011-03-25 21:25:44 416 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\msdn\9.0\1033\ResourceCache.dll
2011-03-25 21:25:38 -------- d-----w- c:\docume~1\user\locals~1\applic~1\Microsoft Help
2011-03-25 05:12:00 -------- d-----w- c:\docume~1\user\applic~1\Microsoft Corporation
2011-03-24 22:20:42 -------- d-----w- c:\program files\MSXML 4.0
2011-03-24 19:28:57 -------- d-----w- c:\windows\system32\XPSViewer
2011-03-24 19:28:28 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-03-24 19:25:42 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2011-03-24 19:25:42 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2011-03-24 19:25:42 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2011-03-24 19:25:42 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2011-03-24 19:25:42 575488 ------w- c:\windows\system32\xpsshhdr.dll
2011-03-24 19:25:42 117760 ------w- c:\windows\system32\prntvpt.dll
2011-03-24 19:25:41 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2011-03-24 19:25:41 1676288 ------w- c:\windows\system32\xpssvcs.dll
2011-03-24 19:25:41 -------- d-----w- C:\fce8424e4d8eb0d08430bc00ff
2011-03-23 04:25:25 -------- d-----w- c:\docume~1\user\locals~1\applic~1\ConfigSystem
2011-03-23 04:24:29 -------- d-----w- c:\docume~1\user\locals~1\applic~1\Irradiance Volume
2011-03-23 00:18:32 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2011-03-23 00:18:32 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2011-03-23 00:18:23 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2011-03-23 00:18:15 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2011-03-23 00:18:06 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2011-03-23 00:18:06 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2011-03-23 00:17:57 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2011-03-23 00:17:49 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2011-03-23 00:17:40 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2011-03-23 00:17:40 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2011-03-23 00:17:31 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2011-03-23 00:17:23 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2011-03-23 00:17:14 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2011-03-23 00:17:05 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2011-03-23 00:16:57 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2011-03-23 00:16:48 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2011-03-23 00:16:39 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2011-03-23 00:16:30 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2011-03-23 00:16:12 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2011-03-23 00:16:12 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
2011-03-23 00:16:03 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2011-03-23 00:15:54 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2011-03-23 00:15:54 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2011-03-23 00:15:45 235352 ----a-w- c:\windows\system32\xactengine3_4.dll
2011-03-23 00:15:37 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll
2011-03-23 00:15:28 452440 ----a-w- c:\windows\system32\d3dx10_40.dll
2011-03-23 00:15:28 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2011-03-23 00:15:19 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2011-03-23 00:15:10 70992 ----a-w- c:\windows\system32\XAPOFX1_2.dll
2011-03-23 00:15:10 514384 ----a-w- c:\windows\system32\XAudio2_3.dll
2011-03-23 00:15:02 235856 ----a-w- c:\windows\system32\xactengine3_3.dll
2011-03-23 00:14:53 23376 ----a-w- c:\windows\system32\X3DAudio1_5.dll
2011-03-23 00:14:44 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll
2011-03-23 00:14:44 509448 ----a-w- c:\windows\system32\XAudio2_2.dll
2011-03-23 00:14:35 238088 ----a-w- c:\windows\system32\xactengine3_2.dll
2011-03-23 00:14:27 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2011-03-23 00:14:27 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2011-03-23 00:14:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2011-03-23 00:14:09 65032 ----a-w- c:\windows\system32\XAPOFX1_0.dll
2011-03-23 00:14:09 507400 ----a-w- c:\windows\system32\XAudio2_1.dll
2011-03-23 00:14:00 238088 ----a-w- c:\windows\system32\xactengine3_1.dll
2011-03-23 00:13:52 25608 ----a-w- c:\windows\system32\X3DAudio1_4.dll
2011-03-23 00:13:43 467984 ----a-w- c:\windows\system32\d3dx10_38.dll
2011-03-23 00:13:43 1491992 ----a-w- c:\windows\system32\D3DCompiler_38.dll
2011-03-23 00:13:34 3850760 ----a-w- c:\windows\system32\D3DX9_38.dll
2011-03-23 00:13:25 479752 ----a-w- c:\windows\system32\XAudio2_0.dll
2011-03-23 00:13:17 238088 ----a-w- c:\windows\system32\xactengine3_0.dll
2011-03-23 00:13:08 25608 ----a-w- c:\windows\system32\X3DAudio1_3.dll
2011-03-23 00:13:00 1420824 ----a-w- c:\windows\system32\D3DCompiler_37.dll
2011-03-23 00:12:59 462864 ----a-w- c:\windows\system32\d3dx10_37.dll
2011-03-23 00:12:51 3786760 ----a-w- c:\windows\system32\D3DX9_37.dll
2011-03-23 00:12:42 267272 ----a-w- c:\windows\system32\xactengine2_10.dll
2011-03-23 00:12:32 444776 ----a-w- c:\windows\system32\d3dx10_36.dll
2011-03-23 00:12:32 1374232 ----a-w- c:\windows\system32\D3DCompiler_36.dll
2011-03-23 00:12:24 3734536 ----a-w- c:\windows\system32\d3dx9_36.dll
2011-03-23 00:12:15 267112 ----a-w- c:\windows\system32\xactengine2_9.dll
2011-03-23 00:12:06 444776 ----a-w- c:\windows\system32\d3dx10_35.dll
2011-03-23 00:12:06 1358192 ----a-w- c:\windows\system32\D3DCompiler_35.dll
2011-03-23 00:11:58 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll
2011-03-23 00:11:49 266088 ----a-w- c:\windows\system32\xactengine2_8.dll
2011-03-23 00:11:49 17928 ----a-w- c:\windows\system32\X3DAudio1_2.dll
2011-03-23 00:11:40 443752 ----a-w- c:\windows\system32\d3dx10_34.dll
2011-03-23 00:11:40 1124720 ----a-w- c:\windows\system32\D3DCompiler_34.dll
2011-03-23 00:11:31 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll
2011-03-23 00:11:23 81768 ----a-w- c:\windows\system32\xinput1_3.dll
2011-03-23 00:11:14 261480 ----a-w- c:\windows\system32\xactengine2_7.dll
2011-03-23 00:11:05 443752 ----a-w- c:\windows\system32\d3dx10_33.dll
2011-03-23 00:11:05 1123696 ----a-w- c:\windows\system32\D3DCompiler_33.dll
2011-03-23 00:06:13 -------- d-----w- c:\program files\Microsoft DirectX SDK (June 2010)
2011-03-23 00:05:16 111960 ----a-w- c:\windows\dxsdkuninst.exe
2011-03-22 18:55:43 -------- d-sh--w- c:\documents and settings\user\IECompatCache
2011-03-22 17:24:49 69976 ----a-w- c:\windows\system32\drivers\sbapifs.sys
2011-03-22 17:24:48 21464 ----a-w- c:\windows\system32\drivers\sbaphd.sys
2011-03-22 17:15:28 -------- d-----w- c:\docume~1\user\applic~1\Sunbelt
2011-03-22 17:14:01 -------- d-----w- c:\docume~1\alluse~1\applic~1\Sunbelt
2011-03-22 17:02:35 212568 ----a-w- c:\windows\system32\drivers\sbtis.sys
2011-03-22 17:02:28 -------- d-----w- c:\program files\Sunbelt Software
2011-03-22 00:14:11 -------- d-----w- c:\docume~1\user\applic~1\f-secure
2011-03-22 00:14:00 -------- d-----w- c:\docume~1\alluse~1\applic~1\F-Secure
2011-03-21 23:54:21 -------- d-----w- c:\windows\system32\appmgmt
2011-03-21 19:13:56 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-03-21 19:13:56 215920 ----a-w- c:\windows\system32\muweb.dll
2011-03-21 19:13:56 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2011-03-21 03:23:32 -------- d-----w- c:\windows\RegisteredPackages
2011-03-21 03:20:57 -------- d-----w- c:\docume~1\user\locals~1\applic~1\Temp
2011-03-21 02:25:33 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2011-03-21 02:25:32 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2011-03-21 02:25:07 -------- d-----w- c:\windows\Logs
2011-03-21 02:24:56 -------- d-----w- c:\program files\Winamp Detect
2011-03-21 02:24:53 819200 ----a-w- c:\program files\windows media player\wmsetsdk.exe
2011-03-21 02:24:53 47616 ----a-w- c:\program files\windows media player\msoobci.dll
2011-03-21 02:06:41 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2011-03-21 02:06:32 -------- d-----w- c:\program files\SpywareBlaster
2011-03-21 01:02:38 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2011-03-21 00:52:28 6792528 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2011-03-21 00:50:37 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-03-21 00:45:25 -------- d-----w- c:\program files\Microsoft Security Client
2011-03-21 00:30:08 -------- d-----w- c:\program files\Microsoft ASP.NET
2011-03-21 00:30:00 -------- d-----w- c:\program files\IIS
2011-03-21 00:29:45 561792 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\vwdexpress\10.0\1033\ResourceCache.dll
2011-03-20 23:53:36 112832 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\vcexpress\10.0\1033\ResourceCache.dll
2011-03-20 23:52:30 -------- d-----w- c:\program files\common files\Merge Modules
2011-03-20 23:33:31 205984 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\vbexpress\10.0\1033\ResourceCache.dll
2011-03-20 23:29:00 50200 ----a-w- c:\windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2011-03-20 23:28:50 79896 ----a-w- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
2011-03-20 23:28:04 -------- d-----w- c:\windows\system32\RsFx
2011-03-20 23:24:37 -------- d-----w- c:\program files\Microsoft SQL Server
2011-03-20 23:24:10 -------- d-----w- c:\program files\Microsoft Synchronization Services
2011-03-20 23:24:10 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2011-03-20 23:23:55 188128 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\vcsexpress\10.0\1033\ResourceCache.dll
2011-03-20 23:22:40 -------- d-----w- c:\program files\Microsoft Help Viewer
2011-03-20 23:22:39 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0
2011-03-20 22:47:30 -------- d-----w- c:\docume~1\user\applic~1\OpenOffice.org
2011-03-20 22:07:36 -------- d-----w- c:\docume~1\user\locals~1\applic~1\Identities
2011-03-20 21:37:37 -------- d-----w- c:\program files\OpenOffice.org 3
2011-03-20 21:37:23 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2011-03-20 03:00:50 -------- d-----w- c:\docume~1\user\locals~1\applic~1\Apple
2011-03-20 03:00:41 -------- d-----w- c:\docume~1\user\locals~1\applic~1\Apple Computer
2011-03-20 02:17:39 -------- d-sh--w- c:\documents and settings\user\PrivacIE
2011-03-20 02:16:50 -------- d-sh--w- c:\documents and settings\user\IETldCache
2011-03-20 01:52:00 -------- d-----w- c:\docume~1\user\applic~1\Clearwire
2011-03-20 01:51:58 -------- d-----w- c:\program files\Skyhook Wireless
2011-03-20 01:51:36 -------- d-----w- c:\program files\Clearwire
2011-03-20 01:51:36 -------- d-----w- c:\docume~1\alluse~1\applic~1\Clearwire
2011-03-19 16:48:34 7680 -c----w- c:\windows\system32\dllcache\iecompat.dll
2011-03-19 16:48:18 -------- d-----w- c:\windows\ie8updates
2011-03-19 16:48:12 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-03-19 16:48:11 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-03-19 16:48:11 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2011-03-19 16:48:11 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-03-19 16:48:11 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-03-19 16:48:11 1991680 -c----w- c:\windows\system32\dllcache\iertutil.dll
2011-03-19 16:48:11 11080704 -c----w- c:\windows\system32\dllcache\ieframe.dll
2011-03-19 16:46:41 -------- dc-h--w- c:\windows\ie8
2011-03-19 16:40:28 221184 ----a-w- c:\windows\system32\wmpns.dll
2011-03-19 16:35:07 -------- d-----w- C:\HyperPhysics
2011-03-19 16:33:54 -------- d-----w- c:\program files\WinHTTrack
2011-03-19 15:53:58 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-03-19 15:51:47 272128 ------w- c:\windows\system32\drivers\bthport.sys
2011-03-19 15:50:51 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2011-03-19 15:50:51 -------- d-----w- c:\windows\system32\PreInstall
2011-03-19 15:50:50 -------- d--h--w- c:\windows\$hf_mig$
2011-03-19 15:48:19 21728 ----a-w- c:\windows\system32\wucltui.dll.mui
2011-03-19 15:48:18 17632 ----a-w- c:\windows\system32\wuaueng.dll.mui
2011-03-19 15:48:18 15072 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2011-03-19 15:48:18 15064 ----a-w- c:\windows\system32\wuapi.dll.mui
2011-03-19 15:48:18 -------- d-----w- c:\windows\system32\SoftwareDistribution
2011-03-19 15:29:21 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-03-19 15:29:21 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-19 15:26:44 -------- d-----w- c:\docume~1\user\locals~1\applic~1\Adobe
2011-03-19 15:23:49 232448 ----a-w- c:\windows\system32\mp3fhg.acm
2011-03-19 15:23:49 165376 ----a-w- c:\windows\system32\unrar.dll
2011-03-19 15:23:48 810496 ----a-w- c:\windows\system32\xvidcore.dll
2011-03-19 15:23:48 237568 ----a-w- c:\windows\system32\yv12vfw.dll
2011-03-19 15:23:48 183808 ----a-w- c:\windows\system32\xvidvfw.dll
2011-03-19 15:23:48 151552 ----a-w- c:\windows\system32\ac3acm.acm
2011-03-19 15:23:47 80896 ----a-w- c:\windows\system32\ff_vfw.dll
2011-03-19 15:23:45 -------- d-----w- c:\program files\K-Lite Codec Pack
2011-03-19 15:17:14 -------- d-----w- c:\windows\system32\Lang
2011-03-19 15:17:07 139264 ----a-w- c:\windows\system32\igfxres.dll
2011-03-19 15:15:30 -------- d-----w- c:\windows\pss
2011-03-19 14:53:19 20160 ----a-w- c:\windows\system32\drivers\ADM8511.SYS
2011-03-19 14:21:53 346112 ----a-r- c:\windows\system\QTIM32.DLL
2011-03-19 14:16:24 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-03-19 14:16:24 -------- d-----w- c:\windows\system32\wbem\AutoRecover
2011-03-19 14:16:20 -------- d-----w- c:\windows\system32\wbem\Performance
2011-03-19 14:15:35 33792 ----a-w- c:\program files\messenger\custsat.dll
2011-03-19 14:13:41 81920 ----a-w- c:\windows\system32\drivers\Rtenicxp.sys
2011-03-19 14:13:09 69714 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\ctor.dll
2011-03-19 14:13:09 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iscript.dll
2011-03-19 14:13:09 184320 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iuser.dll
2011-03-19 14:13:08 753664 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iKernel.dll
2011-03-19 14:13:08 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\DotNetInstaller.exe
2011-03-19 14:13:08 331908 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\setup.dll
2011-03-19 14:13:08 200836 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iGdi.dll
2011-03-19 14:13:06 -------- d-----w- C:\Realtek Lan.temp
2011-03-19 14:11:34 -------- d-sh--w- c:\documents and settings\user\UserData
2011-03-19 14:10:02 89541 ----a-w- c:\windows\agrsmmsg.exe
2011-03-19 14:10:02 77824 ----a-w- c:\windows\system32\tosmreg.exe
2011-03-19 14:10:02 68096 ------w- c:\windows\agrsmdel.exe
2011-03-19 14:10:02 45056 ----a-w- c:\windows\system32\csellang.dll
2011-03-19 14:10:02 110592 ----a-w- c:\windows\system32\cselect.exe
2011-03-19 14:10:02 -------- d-----w- c:\program files\ltmoh
2011-03-19 14:09:57 -------- d-----w- c:\windows\Options
2011-03-19 14:09:54 -------- d-----w- C:\Modem.temp
2011-03-19 14:08:29 -------- d-----w- C:\Intel Display.temp
2011-03-19 14:06:37 -------- d-----w- c:\windows\system32\ReinstallBackups
2011-03-19 14:06:29 -------- d-----w- C:\Intel Chipset.temp
2011-03-19 14:03:02 -------- d-----w- c:\program files\Toshiba
2011-03-19 14:02:44 -------- d-----w- C:\Bluetooth Stack.temp
2011-03-19 14:02:04 561152 ----a-w- c:\windows\system32\NETw3c32.dll
2011-03-19 14:02:04 2732032 ----a-w- c:\windows\system32\NETw3r32.dll
2011-03-19 14:02:04 1706752 ----a-w- c:\windows\system32\drivers\NETw3x32.sys
2011-03-19 14:02:02 -------- d-----w- C:\Intel PCIe Driver.temp
2011-03-19 14:00:59 69632 ----a-w- c:\windows\Alcmtr.exe
2011-03-19 13:57:42 356352 ----a-w- c:\windows\EMCRI.dll
2011-03-19 13:57:30 -------- d-----w- C:\Card Reader.temp
2011-03-19 08:20:21 -------- d-----w- c:\docume~1\user\locals~1\applic~1\Help
.
==================== Find3M ====================
.
2011-03-04 19:44:14 59888 ------w- c:\windows\system32\pxwma.dll
2011-03-04 19:44:14 133616 ------w- c:\windows\system32\pxafs.dll
2011-03-04 19:44:12 126448 ------w- c:\windows\system32\pxinsi64.exe
2011-03-04 19:44:12 123888 ------w- c:\windows\system32\pxcpyi64.exe
2011-02-20 07:01:14 743760 ----a-w- c:\windows\system32\msvcp100d.dll
2011-02-20 07:01:14 1505104 ----a-w- c:\windows\system32\msvcr100d.dll
2011-02-20 06:56:00 7124304 ----a-w- c:\windows\system32\mfc100ud.dll
2011-02-20 06:56:00 7055696 ----a-w- c:\windows\system32\mfc100d.dll
2011-02-20 06:56:00 105296 ----a-w- c:\windows\system32\mfcm100ud.dll
2011-02-20 06:56:00 103760 ----a-w- c:\windows\system32\mfcm100d.dll
2011-02-20 06:49:46 87888 ----a-w- c:\windows\system32\vcomp100d.dll
2011-02-19 05:40:50 773968 ----a-w- c:\windows\system32\msvcr100.dll
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 20:29:02.23 ===============

Heres the GMER Log

GMER 1.0.15.15570 - http://www.gmer.net
Rootkit scan 2011-03-26 22:28:23
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD1600BEVT-22A23T0 rev.01.01A01
Running: gmer.exe; Driver: C:\DOCUME~1\User\LOCALS~1\Temp\kgrdrpog.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\WINDOWS\system32\Drivers\PROCMON20.SYS ZwClose [0xA92A57EA]
SSDT \??\C:\WINDOWS\system32\Drivers\PROCMON20.SYS ZwCreateKey [0xA92A55E0]
SSDT \??\C:\WINDOWS\system32\Drivers\PROCMON20.SYS ZwDeleteKey [0xA92A5488]
SSDT \??\C:\WINDOWS\system32\Drivers\PROCMON20.SYS ZwDeleteValueKey [0xA92A54CE]
SSDT \??\C:\WINDOWS\system32\Drivers\PROCMON20.SYS ZwEnumerateKey [0xA92A53CE]
SSDT \??\C:\WINDOWS\system32\Drivers\PROCMON20.SYS ZwEnumerateValueKey [0xA92A532A]
SSDT \??\C:\WINDOWS\system32\Drivers\PROCMON20.SYS ZwFlushKey [0xA92A5422]
SSDT \??\C:\WINDOWS\system32\Drivers\PROCMON20.SYS ZwLoadKey [0xA92A594E]
SSDT \??\C:\WINDOWS\system32\Drivers\PROCMON20.SYS ZwOpenKey [0xA92A57AC]
SSDT \??\C:\WINDOWS\system32\Drivers\PROCMON20.SYS ZwQueryKey [0xA92A501A]
SSDT \??\C:\WINDOWS\system32\Drivers\PROCMON20.SYS ZwQueryValueKey [0xA92A50B2]
SSDT \??\C:\WINDOWS\system32\Drivers\PROCMON20.SYS ZwSetValueKey [0xA92A51D6]
SSDT \??\C:\WINDOWS\system32\Drivers\PROCMON20.SYS ZwUnloadKey [0xA92A5A9E]

Code \??\C:\DOCUME~1\User\LOCALS~1\Temp\catchme.sys pIofCallDriver

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwYieldExecution + DA 804E4934 4 Bytes JMP FDA92A57
? C:\DOCUME~1\User\LOCALS~1\Temp\catchme.sys The system cannot find the file specified. !
? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS The system cannot find the file specified. !
? C:\WINDOWS\system32\Drivers\PROCMON20.SYS The system cannot find the file specified. !
? C:\DOCUME~1\User\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\internet explorer\iexplore.exe[488] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215501 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[488] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB6C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[488] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E502F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[488] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F61 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[488] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4FCC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[488] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4E32 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[488] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E94 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[488] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5092 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[488] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EF6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3164] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215501 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3164] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9B15 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3164] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD16D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3164] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB6C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3164] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254666 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3164] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E502F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3164] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F61 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3164] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4FCC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3164] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4E32 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3164] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E94 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3164] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5092 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3164] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EF6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3164] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDBC8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3164] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E53B0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Mup \Dfs pfmfs_359.sys (System Extension/Pismo Technic Inc.)

AttachedDevice \Driver\Tcpip \Device\Ip sbtis.sys (Sunbelt TDI Inspection System/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp sbtis.sys (Sunbelt TDI Inspection System/Sunbelt Software, Inc.)

Device \FileSystem\Mup \Device\Mup pfmfs_359.sys (System Extension/Pismo Technic Inc.)

AttachedDevice \Driver\Tcpip \Device\Udp sbtis.sys (Sunbelt TDI Inspection System/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp sbtis.sys (Sunbelt TDI Inspection System/Sunbelt Software, Inc.)

Device \FileSystem\Mup \Device\WinDfs\Root pfmfs_359.sys (System Extension/Pismo Technic Inc.)

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@RequireSignedAppInit_DLLs 1

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\VD806LIX\index[1].htm 37694 bytes

---- EOF - GMER 1.0.15 ----

EDIT: Posts merged ~BP

Edited by Budapest, 27 March 2011 - 04:33 PM.
Moved to log forum. ~ OB


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:50 PM

Posted 03 April 2011 - 08:42 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.
If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system.
If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.


Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • In the custom scan box paste the following:
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    wininit.exe
    hlp.dat
    /md5stop
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:50 PM

Posted 09 April 2011 - 11:22 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users