Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MSE continually detects js/iframeref trojan


  • This topic is locked This topic is locked
14 replies to this topic

#1 Jwitalka

Jwitalka

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:12 PM

Posted 10 April 2012 - 08:53 AM

Received a PC that has Microsoft Security Essentials installed thatcontinually detects a js/iframe trojan approximately every 20 minutes or so.
OS: Windows XP SP3
Steps taken:
Ran Malwarebytes > no problems found
Ran Super Anti Spyware > Detcted and removed Myweb
Ran TDDSKILLEr > No Problems found
Uninstalled and reinstalled Java
Cleared Java cache.

Jerry

BC AdBot (Login to Remove)

 


#2 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:07:12 PM

Posted 10 April 2012 - 09:47 AM

Can you copy and paste the details of the detected threat in your next post?

#3 Jwitalka

Jwitalka
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:12 PM

Posted 10 April 2012 - 10:38 AM

This is what the MSE details reports:
Category: Trojan

Description: This program is dangerous and executes commands from an attacker.

Recommended action: Remove this software immediately.

Security Essentials detected programs that may compromise your privacy or damage your computer. You can still access the files that these programs use without removing them (not recommended). To access these files, select the Allow action and click Apply actions. If this option is not available, log on as administrator or ask the security administrator for help.

Items:
file:C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\L9OY7Z13\fjdsof[1].htm

#4 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:07:12 PM

Posted 10 April 2012 - 11:47 AM

Network Service shouldnt have any temp internet files.

Post the logs to the other scans.

#5 Jwitalka

Jwitalka
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:12 PM

Posted 10 April 2012 - 12:54 PM

What scans?

#6 Jwitalka

Jwitalka
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:12 PM

Posted 10 April 2012 - 01:10 PM

Checked a clean PC with XP SP3 and Network Service has temp internet files as well.

Jerry

#7 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:07:12 PM

Posted 10 April 2012 - 01:10 PM

Received a PC that has Microsoft Security Essentials installed thatcontinually detects a js/iframe trojan approximately every 20 minutes or so.
OS: Windows XP SP3
Steps taken:
Ran Malwarebytes > no problems found
Ran Super Anti Spyware > Detcted and removed Myweb
Ran TDDSKILLEr > No Problems found
Uninstalled and reinstalled Java
Cleared Java cache.

Jerry



Those scans above.

#8 Jwitalka

Jwitalka
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:12 PM

Posted 10 April 2012 - 01:25 PM

Malwarebytes:

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.04.07.07

Windows XP Service Pack 3 x86 NTFS (Safe Mode)
Internet Explorer 8.0.6001.18702
Owner :: YOUR-FH1VWRVR0B [administrator]

4/7/2012 2:31:39 PM
mbam-log-2012-04-07 (14-31-39).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 314830
Time elapsed: 1 hour(s), 14 minute(s), 54 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Super Anti Spware:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/09/2012 at 04:02 PM

Application Version : 5.0.1146

Core Rules Database Version : 8429
Trace Rules Database Version: 6241

Scan type : Complete Scan
Total Scan Time : 00:55:14

Operating System Information
Windows XP Home Edition 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 439
Memory threats detected : 0
Registry items scanned : 34853
Registry threats detected : 127
File items scanned : 37710
File threats detected : 21

PUP.MyWebSearch/FunWebProducts
HKU\S-1-5-21-1710070807-558906353-1255669031-1003\SOFTWARE\FunWebProducts
HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}\ProxyStubClsid
HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}\ProxyStubClsid32
HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}\TypeLib
HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}\TypeLib#Version
HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}
HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}\ProxyStubClsid
HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}\ProxyStubClsid32
HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}\TypeLib
HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}\TypeLib#Version
HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}
HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\ProxyStubClsid
HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\ProxyStubClsid32
HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\TypeLib
HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\TypeLib#Version
HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}
HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}\ProxyStubClsid
HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}\ProxyStubClsid32
HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}\TypeLib
HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}\TypeLib#Version
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid32
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib#Version
HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}
HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\ProxyStubClsid
HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\ProxyStubClsid32
HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\TypeLib
HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\TypeLib#Version
HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\ProxyStubClsid
HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\ProxyStubClsid32
HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\TypeLib
HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\TypeLib#Version
HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\ProxyStubClsid
HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\ProxyStubClsid32
HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\TypeLib
HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\TypeLib#Version
HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid
HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid32
HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib
HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib#Version
HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}
HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid
HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid32
HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib
HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib#Version
HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}
HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid
HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid32
HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib
HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib#Version
HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}
HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid
HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid32
HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib
HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib#Version
HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}
HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}\ProxyStubClsid
HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}\ProxyStubClsid32
HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}\TypeLib
HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}\TypeLib#Version
HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}
HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}\ProxyStubClsid
HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}\ProxyStubClsid32
HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}\TypeLib
HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}\TypeLib#Version
HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}
HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\ProxyStubClsid
HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\ProxyStubClsid32
HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\TypeLib
HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\TypeLib#Version
HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}
HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}\ProxyStubClsid
HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}\ProxyStubClsid32
HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}\TypeLib
HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}\TypeLib#Version
HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}
HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}\ProxyStubClsid
HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}\ProxyStubClsid32
HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}\TypeLib
HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}\TypeLib#Version
HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}
HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}\ProxyStubClsid
HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}\ProxyStubClsid32
HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}\TypeLib
HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}\TypeLib#Version
HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}
HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}\ProxyStubClsid
HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}\ProxyStubClsid32
HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}\TypeLib
HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}\TypeLib#Version
HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}
HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}\ProxyStubClsid
HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}\ProxyStubClsid32
HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}\TypeLib
HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}\TypeLib#Version
HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\ProxyStubClsid
HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\ProxyStubClsid32
HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\TypeLib
HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\TypeLib#Version
HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}
HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}\ProxyStubClsid
HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}\ProxyStubClsid32
HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}\TypeLib
HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}\TypeLib#Version
HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}
HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}\ProxyStubClsid
HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}\ProxyStubClsid32
HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}\TypeLib
HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}\TypeLib#Version
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#DeviceDesc

Rogue.Agent/Gen
HKLM\SOFTWARE\97420022
HKLM\SOFTWARE\97420022#FirstRun

Adware.Tracking Cookie
C:\Documents and Settings\Owner\Cookies\JPEAITN8.txt [ /advertising.com ]
C:\Documents and Settings\Owner\Cookies\AT9OZIJE.txt [ /apmebf.com ]
C:\Documents and Settings\Owner\Cookies\5YHEQEKL.txt [ /collective-media.net ]
C:\Documents and Settings\Owner\Cookies\0SVI9B3D.txt [ /atdmt.com ]
C:\Documents and Settings\Owner\Cookies\KXZUSQLQ.txt [ /synacorqwest.112.2o7.net ]
C:\Documents and Settings\Owner\Cookies\J510PACO.txt [ /mediaplex.com ]
C:\Documents and Settings\Owner\Cookies\IZXLSELN.txt [ /doubleclick.net ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.synacorqwest.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

Don't have log for TDDSKiller but it said no threats found.

#9 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:07:12 PM

Posted 10 April 2012 - 02:26 PM

GMER does not work in 64bit Mode!!!!!!

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.

#10 Jwitalka

Jwitalka
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:12 PM

Posted 10 April 2012 - 04:45 PM

Gmer results

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-04-10 16:41:40
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 HDS722580VLAT20 rev.V32OA6EA
Running: 6s0bo0dg.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\afeyyuow.sys


---- Kernel code sections - GMER 1.0.15 ----

init C:\WINDOWS\system32\drivers\ALCXSENS.SYS entry point in "init" section [0xB9A0E510]
init C:\WINDOWS\System32\Drivers\sunkfilt.sys entry point in "init" section [0xF77F7300]

---- EOF - GMER 1.0.15 ----

#11 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:07:12 PM

Posted 10 April 2012 - 05:22 PM

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

#12 Jwitalka

Jwitalka
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:12 PM

Posted 10 April 2012 - 05:46 PM

Thanks for your assistance. Minitoolbox reults:

MiniToolBox by Farbar Version: 18-01-2012
Ran by Owner (administrator) on 10-04-2012 at 17:43:43
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration: ================================

Intel® PRO/100 VE Network Connection = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : your-fh1vwrvr0b

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Intel® PRO/100 VE Network Connection #2

Physical Address. . . . . . . . . : 00-0C-F1-F2-3D-93

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.8

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 192.168.1.1

Lease Obtained. . . . . . . . . . : Tuesday, April 10, 2012 4:42:32 PM

Lease Expires . . . . . . . . . . : Wednesday, April 11, 2012 4:42:32 PM

Server: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 74.125.159.100, 74.125.159.139, 74.125.159.138, 74.125.159.102
74.125.159.113, 74.125.159.101



Pinging google.com [74.125.47.102] with 32 bytes of data:



Reply from 74.125.47.102: bytes=32 time=39ms TTL=51

Reply from 74.125.47.102: bytes=32 time=39ms TTL=51



Ping statistics for 74.125.47.102:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 39ms, Maximum = 39ms, Average = 39ms

Server: UnKnown
Address: 192.168.1.1

Name: yahoo.com
Addresses: 209.191.122.70, 72.30.38.140, 98.139.183.24



Pinging yahoo.com [72.30.38.140] with 32 bytes of data:



Reply from 72.30.38.140: bytes=32 time=233ms TTL=52

Reply from 72.30.38.140: bytes=32 time=87ms TTL=52



Ping statistics for 72.30.38.140:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 87ms, Maximum = 233ms, Average = 160ms

Server: UnKnown
Address: 192.168.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x20003 ...00 0c f1 f2 3d 93 ...... Intel® PRO/100 VE Network Connection #2 - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.8 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.8 192.168.1.8 20
192.168.1.8 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.8 192.168.1.8 20
224.0.0.0 240.0.0.0 192.168.1.8 192.168.1.8 20
255.255.255.255 255.255.255.255 192.168.1.8 192.168.1.8 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (04/10/2012 02:33:48 PM) (Source: Application Hang) (User: )
Description: Hanging application 6s0bo0dg.exe, version 1.0.15.15641, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (04/07/2012 02:09:29 PM) (Source: Application Hang) (User: )
Description: Hanging application SZInit.Exe, version 5.0.98.115, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (04/07/2012 02:08:56 PM) (Source: Application Hang) (User: )
Description: Hanging application SZInit.Exe, version 5.0.98.115, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (04/04/2012 09:27:05 PM) (Source: Application Hang) (User: )
Description: Fault bucket 1180947459.

Error: (04/04/2012 09:27:00 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/13/2012 05:21:17 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 80240016, P2 begininstall, P3 install, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (03/12/2012 06:45:31 PM) (Source: Application Hang) (User: )
Description: Fault bucket 1180947459.

Error: (03/12/2012 06:45:28 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/12/2012 06:29:05 PM) (Source: Application Hang) (User: )
Description: Fault bucket 1180947459.

Error: (03/12/2012 06:28:58 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.


System errors:
=============
Error: (04/10/2012 02:42:12 PM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0

Error: (04/10/2012 02:42:00 PM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0

Error: (04/10/2012 02:41:57 PM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0

Error: (04/09/2012 06:31:06 PM) (Source: Service Control Manager) (User: )
Description: The SeaPort service failed to start due to the following error:
%%3

Error: (04/09/2012 05:47:45 PM) (Source: Service Control Manager) (User: )
Description: The SeaPort service failed to start due to the following error:
%%3

Error: (04/09/2012 02:58:42 PM) (Source: DCOM) (User: SYSTEM)
Description: The server {4EB61BAC-A3B6-4760-9581-655041EF4D69} did not register with DCOM within the required timeout.

Error: (04/09/2012 02:58:00 PM) (Source: Service Control Manager) (User: )
Description: The SeaPort service failed to start due to the following error:
%%3

Error: (04/09/2012 01:40:13 PM) (Source: DCOM) (User: SYSTEM)
Description: The server {4EB61BAC-A3B6-4760-9581-655041EF4D69} did not register with DCOM within the required timeout.

Error: (04/07/2012 03:49:31 PM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (04/07/2012 03:49:25 PM) (Source: DCOM) (User: Owner)
Description: DCOM got error "%%1084" attempting to start the service netman with arguments ""
in order to run the server:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}


Microsoft Office Sessions:
=========================
Error: (04/10/2012 02:33:48 PM) (Source: Application Hang)(User: )
Description: 6s0bo0dg.exe1.0.15.15641hungapp0.0.0.000000000

Error: (04/07/2012 02:09:29 PM) (Source: Application Hang)(User: )
Description: SZInit.Exe5.0.98.115hungapp0.0.0.000000000

Error: (04/07/2012 02:08:56 PM) (Source: Application Hang)(User: )
Description: SZInit.Exe5.0.98.115hungapp0.0.0.000000000

Error: (04/04/2012 09:27:05 PM) (Source: Application Hang)(User: )
Description: 1180947459

Error: (04/04/2012 09:27:00 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (03/13/2012 05:21:17 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry80240016begininstallinstall3.0.8402.0mpsigdwn.dll3.0.8402.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)NILNILNIL

Error: (03/12/2012 06:45:31 PM) (Source: Application Hang)(User: )
Description: 1180947459

Error: (03/12/2012 06:45:28 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (03/12/2012 06:29:05 PM) (Source: Application Hang)(User: )
Description: 1180947459

Error: (03/12/2012 06:28:58 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000


=========================== Installed Programs ============================

Acrobat.com (Version: 0.0.0)
Acrobat.com (Version: 1.1.377)
Actiontec Gateway
Adobe AIR (Version: 1.0.4990)
Adobe AIR (Version: 1.0.8.4990)
Adobe Flash Player 10 Plugin (Version: 10.0.22.87)
Adobe Flash Player 11 ActiveX (Version: 11.1.102.62)
Adobe Reader 9.5.0 (Version: 9.5.0)
Adobe Shockwave Player 11.5 (Version: 11.5.6.606)
Apple Software Update (Version: 2.1.0.110)
Auslogics Disk Defrag (Version: version 3.1)
Bing Bar Platform (Version: 5.0.1355.0)
Citrix ICA Web Client
Critical Update for Windows Media Player 11 (KB959772)
Digital Media Reader (Version: 1.08)
Google Chrome (Version: 18.0.1025.152)
Google Update Helper (Version: 1.3.21.111)
Intel® Extreme Graphics Driver
Intel® Network Connections Drivers
Intel® PROSet (Version: 6.04.0001)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 31 (Version: 6.0.310)
Junk Mail filter update (Version: 14.0.8089.726)
Learn2 Player (Uninstall Only)
Lexmark Photo Center (Version: 1.05)
Lexmark Z700-P700 Series
LogMeIn (Version: 4.0.982)
LogMeIn (Version: 4.1.1578)
Malwarebytes Anti-Malware version 1.60.1.1000 (Version: 1.60.1.1000)
Masque Casino Games
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Antimalware (Version: 3.0.8402.2)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2004 (Version: 12.0.50)
Microsoft Money 2004 System Pack (Version: 12.0.80)
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Professional (Version: 9.00.2720)
Microsoft Search Enhancement Pack (Version: 3.0.126.0)
Microsoft Security Client (Version: 2.1.1116.0)
Microsoft Security Essentials (Version: 2.1.1116.0)
Microsoft Silverlight (Version: 4.1.10111.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Works (Version: 08.04.0623)
Mozilla Firefox (3.0.10) (Version: 3.0.10 (en-US))
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6.0 Parser (KB933579) (Version: 6.10.1200.0)
MysticForest (Version: 1.00.0000)
PowerDVD
QuickConnect (Version: 4.1)
Qwest QuickAssist Desktop Tools (Version: 23)
Qwest Quickcare 2.6 (Version: 2.6.0906.0212)
Qwest Windows Live Toolbar Buttons (Version: 2.0.0.0)
RealPlayer Basic
Segoe UI (Version: 14.0.4327.805)
Soft Data Fax Modem with SmartCP
SUPERAntiSpyware (Version: 5.0.1146)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB2447568) (Version: 1)
Update for Windows Internet Explorer 8 (KB971930) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB976749) (Version: 1)
Update for Windows Internet Explorer 8 (KB980182) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB961503) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Viewpoint Media Player
WebEx
WebFldrs XP (Version: 9.50.6513)
Windows Backup Utility (Version: 5.1)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.7.0018.5)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Imaging Component (Version: 3.0.0.0)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live Communications Platform (Version: 14.0.8098.930)
Windows Live Essentials (Version: 14.0.8089.0726)
Windows Live Essentials (Version: 14.0.8089.726)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Windows Live Mail (Version: 14.0.8089.0726)
Windows Live Photo Gallery (Version: 14.0.8081.709)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live Toolbar (Version: 14.0.8064.206)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Media Format 11 runtime
Windows Movie Maker 2.0 (Version: 2.0.0000)
Windows Presentation Foundation (Version: 3.0.6920.0)
Windows XP Service Pack 3 (Version: 20080414.031525)
XML Paper Specification Shared Components Pack 1.0

========================= Memory info: ===================================

Percentage of memory in use: 39%
Total physical RAM: 1270.73 MB
Available physical RAM: 768.5 MB
Total Pagefile: 1498.34 MB
Available Pagefile: 1110.18 MB
Total Virtual: 2047.88 MB
Available Virtual: 1971.27 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:57.26 GB) (Free:40.57 GB) NTFS

========================= Users: ========================================

User accounts for \\YOUR-FH1VWRVR0B

Administrator ASPNET Guest
HelpAssistant LogMeInRemoteUser Owner
SUPPORT_388945a0

========================= Minidump Files ==================================

No minidump file found

**** End of log ****

#13 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:07:12 PM

Posted 10 April 2012 - 11:14 PM

Based upon this file having nothing in Google, I am going to recommend you to the MRL Team:

Error: (04/10/2012 02:33:48 PM) (Source: Application Hang)(User: )
Description: 6s0bo0dg.exe1.0.15.15641hungapp0.0.0.000000000


Please follow the instructions in ==>Malware Removal and Log Section Preparation Guide<==.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include the link to this topic in your new topic and a description of your computer issues and what you have done to resolve them.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Once you have created the new topic, please reply back here with a link to the new topic.

Most importantly please be patient till you get a reply to your topic. If you receive a reply from the HelpBot, then please follow the instructions outlined in the helpbot's post.

#14 Jwitalka

Jwitalka
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:12 PM

Posted 11 April 2012 - 10:12 AM

Thanks again for your efforts. I opened a new post in the Forum you gave me here:
http://www.bleepingcomputer.com/forums/topic449695.html

Jerry

#15 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,917 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:12 PM

Posted 11 April 2012 - 11:33 AM

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRL Team member is already assisting you and not open the thread to respond.

The current wait time is 1 - 5 days and ALL logs are answered.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

To avoid confusion, I am closing this top
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users