Jump to content


Photo
- - - - -

hello4


  • This topic is locked This topic is locked
47 replies to this topic

#21 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 21,126 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 21 July 2011 - 08:20 PM

Good job Posted Image

The following will implement some cleanup procedures as well as reset System Restore points:

For XP:
  • Click START run
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

For Vista / Windows 7
  • Click START Search
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

If you used DeFogger
To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled.


Here's my usual all clean post

To be on the safe side, I would also change all my passwords.

This infection appears to have been cleaned, but as the malware could be configured to run any program a remote attacker requires, it's impossible to be 100% sure that any machine is clean.


Log looks good :D


  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
    • Change the Download signed ActiveX controls to Prompt
    • Change the Download unsigned ActiveX controls to Disable
    • Change the Initialize and script ActiveX controls not marked as safe to Disable
    • Change the Installation of desktop items to Prompt
    • Change the Launching programs and files in an IFRAME to Prompt
    • Change the Navigate sub-frames across different domains to Prompt
    • When all these settings have been made, click on the OK button.
    • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week
    (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer.
    Without a firewall your computer is succeptible to being hacked and taken over.
    I am very serious about this and see it happen almost every day with my clients.
    Simply using a Firewall in its default configuration can lower your risk greatly.


  • Using a secure browser plugin M86 SecureBrowsing makes it safe to search, surf and socialize online. This free browser plug-in displays security icons next to links on search engines and social networking sites like Facebook, Twitter and LinkedIn, so you'll know which pages are safe and which ones to avoid.


    •Free browser plug-in for Internet Explorer and Firefox
    •Real-time safety ratings
    •Ideal for Facebook, Twitter and LinkedIn

  • JAVA Click this link and click on the Free JAVA Download

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly.
    This will ensure your computer has always the latest security updates available installed on your computer.
    If there are new updates to install, install them immediately, reboot your computer, and revisit the site
    until there are no more critical updates.

Only run one Anti-Virus and Firewall program.


I would suggest you read:
PC Safety and Security--What Do I Need?.
How to Prevent Malware:


The full version of Malwarebytes' Anti-Malware could have helped protect your computer against this threat.
We use different ways of protecting your computer(s):
  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention
Save yourself the hassle and get protected.
Larry Tate
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

#22 Camolot

Camolot

    New Member

  • Members
  • Pip
  • 27 posts

Posted 22 July 2011 - 12:36 AM

im still having the problem that i discribed earlier with the graying bar and unable to type in the browser until i can get it to stay blue. its taken me awhile just to be able to type this.

#23 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 21,126 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 22 July 2011 - 06:49 AM

Lets see if this is from a browser add-on

FireFox:
At the top of the Firefox windowOn the menu bar, click the Help menuFirefox button, go over to the Help menu and select Restart with Add-ons Disabled.... Firefox will start up with the Firefox Safe Mode dialog.
For Windows XP, click the Help menu and select Restart with Add-ons Disabled.... Firefox will start up with the Firefox Safe Mode dialog.

IE:
You can open Internet Explorer without add-ons in 2 ways. One way to open is to navigate to start menu-> All Programs-> Accessories-> System Tools-> Internet Explorer (no Add-ons). This opens up IE without ActiveX controls and browser extensions.


•Type iexplore –extoff in the Run box on the Start menu
•Click “Internet Explorer (No Add-ons)” under All Programs -> Accessories -> System Tools
•Right-clicking the IE icon on the Start Menu (if IE is your default browser) and selecting “Browse Without Add-Ons”
Larry Tate
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

#24 Camolot

Camolot

    New Member

  • Members
  • Pip
  • 27 posts

Posted 22 July 2011 - 12:24 PM

i opened firefox safe mode and disabled add-ons it is still occuring

#25 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 21,126 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 22 July 2011 - 12:38 PM

Please run a new MBAM scan being sure to check for updates before scanning and post the results.

Please don't attach the scans / logs for these tools, use "copy/paste".


Also please describe how your computer behaves at the moment.
Larry Tate
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

#26 Camolot

Camolot

    New Member

  • Members
  • Pip
  • 27 posts

Posted 22 July 2011 - 02:59 PM

i just went to open the start menu as the browser was doing what i described and the start would not open up and stay open it would imediatly close. i am assuming this part of the same thing. I got MBAM running. Ill post the log as soon as i get home from work. itll be in about 6 hrs

#27 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 21,126 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 22 July 2011 - 06:08 PM

We'll see wht MBAM finds but you might be having a Windows OS issue.
Larry Tate
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

#28 Camolot

Camolot

    New Member

  • Members
  • Pip
  • 27 posts

Posted 22 July 2011 - 08:59 PM

ComboFix 11-07-20.02 - Owner 07/21/2011 14:48:57.5.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.565 [GMT -4:00]
Running from: c:\documents and settings\Owner\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\My Documents\CFScript.txt
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Fast Browser SearchP
.
.
((((((((((((((((((((((((( Files Created from 2011-06-21 to 2011-07-21 )))))))))))))))))))))))))))))))
.
.
2011-07-18 15:36 . 2010-09-18 06:53 954368 -c----w- c:\windows\system32\dllcache\mfc40.dll
2011-07-18 06:36 . 2011-07-18 06:36 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2011-07-18 01:54 . 2011-07-18 01:54 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2011-07-18 01:53 . 2011-07-18 01:53 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache
2011-07-18 01:50 . 2011-07-18 01:50 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2011-07-18 01:12 . 2011-07-18 01:17 -------- d-----w- c:\documents and settings\Administrator\Application Data\HPAppData
2011-07-18 01:12 . 2011-07-18 01:12 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2011-07-18 01:11 . 2011-07-18 01:11 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2011-07-17 02:08 . 2011-07-17 02:08 -------- d-sh--w- c:\documents and settings\LocalService\IECompatCache
2011-07-16 22:46 . 2011-07-16 22:46 -------- d-sh--w- c:\documents and settings\NetworkService\IECompatCache
2011-07-16 18:05 . 2011-07-16 18:05 -------- d-----w- c:\documents and settings\Owner\Application Data\Skinux
2011-07-11 19:08 . 2011-07-11 19:08 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\AOL
2011-07-11 19:08 . 2011-07-11 19:08 -------- d-----w- c:\documents and settings\NetworkService\Application Data\FCTB000061649
2011-07-11 19:07 . 2011-07-11 19:08 -------- d-----w- c:\documents and settings\NetworkService\Application Data\HPAppData
2011-07-11 19:06 . 2011-07-17 18:57 -------- d-----w- c:\documents and settings\All Users\Application Data\WSTB
2011-07-08 17:21 . 2011-07-08 17:21 -------- d-----w- c:\program files\Apple Software Update
2011-07-08 17:18 . 2011-07-08 17:18 -------- d-----w- c:\program files\iPod
2011-07-08 17:18 . 2011-07-19 21:31 -------- d-----w- c:\program files\iTunes
2011-07-01 17:05 . 2011-07-01 17:05 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-25 00:04 . 2011-06-25 00:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Belkin
2011-06-25 00:01 . 2011-02-15 17:17 27072 ----a-w- c:\windows\system32\drivers\AFGSp50.sys
2011-06-25 00:00 . 2011-06-25 00:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Affinegy
2011-06-25 00:00 . 2011-06-25 00:00 -------- d-----w- c:\program files\Belkin
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-18 00:24 . 2005-04-13 18:50 45312 ----a-w- c:\windows\system32\drivers\ql12160.sys
2011-07-06 23:52 . 2009-04-01 01:10 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-06 23:52 . 2009-04-01 01:10 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-02 14:02 . 2005-04-13 16:56 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-26 10:44 . 2009-02-10 03:36 2516 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2011-05-26 10:44 . 2009-02-10 03:36 88 --sh--r- c:\documents and settings\All Users\Application Data\0170302121.sys
2011-05-02 15:31 . 2005-04-13 17:16 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2005-04-13 16:56 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2005-04-13 16:55 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-26 22:35 . 2011-04-26 22:35 1752543 ----a-w- C:\rgo_installer.exe
2011-04-26 11:07 . 2005-04-13 16:56 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-04-26 11:07 . 2005-04-13 16:55 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-04-25 16:11 . 2005-04-13 16:56 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11 . 2005-04-13 16:55 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11 . 2005-04-13 16:55 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2005-04-13 16:55 385024 ----a-w- c:\windows\system32\html.iec
.
<pre>
c:\program files\Adobe\Reader 9.0\Reader\Reader_sl .exe
c:\program files\AOL 9.1\AOL .exe
c:\program files\ATI Technologies\ATI Control Panel\atiptaxx .exe
c:\program files\Belkin\Router Setup and Monitor\BelkinRouterMonitor .exe
c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe
c:\program files\Common Files\AOL\1123289240\EE\AOLSoftware .exe
c:\program files\Common Files\AOL\1123289240\EE\SSCRun .exe
c:\program files\Common Files\AOL\ACS\AOLDial .exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier .exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon .exe
c:\program files\Common Files\Java\Java Update\jusched .exe
c:\program files\Common Files\Microsoft Shared\DW\dwtrig20 .exe
c:\program files\Corel\WordPerfect Office X4\Programs\QFSCHD140 .exe
c:\program files\CyberLink\PowerDVD\PDVDServ .exe
c:\program files\Digital Media Reader\shwiconem .exe
c:\program files\HP\HP Software Update\HPWuSchd2 .exe
c:\program files\iTunes\iTunesHelper .exe
c:\windows\ehome\ehtray .exe
c:\windows\SMINST\RECGUARD .exe
</pre>
.
((((((((((((((((((((((((((((( SnapShot_2011-07-20_18.21.10 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-07-21 19:01 . 2011-07-21 19:01 16384 c:\windows\temp\Perflib_Perfdata_74.dat
+ 2005-04-13 16:56 . 2010-08-27 05:57 99840 c:\windows\system32\srvsvc.dll
+ 2005-04-13 16:56 . 2010-08-27 05:57 99840 c:\windows\system32\dllcache\srvsvc.dll
+ 2005-08-06 00:43 . 2011-07-21 07:04 23040 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2005-08-06 00:43 . 2011-07-19 19:37 23040 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2005-08-06 00:43 . 2011-07-21 07:04 27136 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2005-08-06 00:43 . 2011-07-19 19:37 27136 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2005-08-06 00:43 . 2011-07-21 07:04 11264 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2005-08-06 00:43 . 2011-07-19 19:37 11264 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2005-08-06 00:43 . 2011-07-19 19:37 12288 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2005-08-06 00:43 . 2011-07-21 07:04 12288 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2005-08-06 00:43 . 2011-07-21 07:04 4096 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2005-08-06 00:43 . 2011-07-19 19:37 4096 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2005-04-13 16:55 . 2010-09-18 06:53 953856 c:\windows\system32\mfc40u.dll
+ 2005-04-13 16:55 . 2010-09-18 06:53 954368 c:\windows\system32\mfc40.dll
- 2005-04-13 16:55 . 2009-06-25 08:25 301568 c:\windows\system32\kerberos.dll
+ 2005-04-13 16:55 . 2010-12-22 12:34 301568 c:\windows\system32\kerberos.dll
+ 2005-04-13 16:55 . 2010-09-18 06:53 953856 c:\windows\system32\dllcache\mfc40u.dll
- 2005-04-13 16:55 . 2009-06-25 08:25 301568 c:\windows\system32\dllcache\kerberos.dll
+ 2005-04-13 16:55 . 2010-12-22 12:34 301568 c:\windows\system32\dllcache\kerberos.dll
+ 2010-09-24 01:02 . 2010-09-24 01:02 798208 c:\windows\Installer\26bb9ed.msp
- 2005-08-06 00:43 . 2011-07-19 19:37 409600 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2005-08-06 00:43 . 2011-07-21 07:04 409600 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2005-08-06 00:43 . 2011-07-21 07:04 286720 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2005-08-06 00:43 . 2011-07-19 19:37 286720 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2005-08-06 00:43 . 2011-07-21 07:04 249856 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2005-08-06 00:43 . 2011-07-19 19:37 249856 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2005-08-06 00:43 . 2011-07-19 19:37 794624 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2005-08-06 00:43 . 2011-07-21 07:04 794624 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2005-08-06 00:43 . 2011-07-21 07:04 135168 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2005-08-06 00:43 . 2011-07-19 19:37 135168 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2011-07-21 07:05 . 2011-07-21 07:05 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\4e3dd4d7f9aeda74a2fcefee036e5070\System.Web.Extensions.Design.ni.dll
+ 2011-07-21 07:05 . 2011-07-21 07:05 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\4fb1c0c07f40248b463f2e33444b9477\System.Web.Entity.ni.dll
+ 2011-07-21 07:05 . 2011-07-21 07:05 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\4dfcffc6e6d02bdcdc185d5527a8097e\System.Web.Entity.Design.ni.dll
+ 2011-07-21 07:05 . 2011-07-21 07:05 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\4b921d1cffcd5e80ea14c51db967edd6\System.Web.DynamicData.ni.dll
+ 2010-08-05 14:57 . 2010-08-05 14:57 4066304 c:\windows\Installer\26bba22.msp
+ 2010-10-22 19:45 . 2010-10-22 19:45 8444928 c:\windows\Installer\26bba01.msp
+ 2011-07-21 07:05 . 2011-07-21 07:05 2405376 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\647bfe6da40e8160b967c41424901dc8\System.Web.Extensions.ni.dll
+ 2011-07-21 07:05 . 2011-07-21 07:05 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\ead07662976fb7094811461c568643d5\System.ServiceModel.Web.ni.dll
- 2009-08-09 07:10 . 2009-08-09 07:10 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2011-07-21 07:00 . 2011-07-21 07:01 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{8c49a3d1-585b-4eab-985d-6ad480b4f23d}"= "c:\program files\Kentucky Wildcats Toolbar\Helper.dll" [2010-02-06 242688]
.
[HKEY_CLASSES_ROOT\clsid\{8c49a3d1-585b-4eab-985d-6ad480b4f23d}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{763C8C3E-9677-474E-B4BD-6ABC7DDDE090}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2A118156-5307-4BFB-9548-B423FDF368A8}]
2010-02-06 22:47 1445888 ----a-w- c:\program files\Kentucky Wildcats Toolbar\Toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7EF32AD9-C8AC-44E3-A39F-913E777ADEEE}"= "c:\program files\Kentucky Wildcats Toolbar\Toolbar.dll" [2010-02-06 1445888]
.
[HKEY_CLASSES_ROOT\clsid\{7ef32ad9-c8ac-44e3-a39f-913e777adeee}]
[HKEY_CLASSES_ROOT\FCTB000061649.IEToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{880EC4BB-9C31-4429-9452-D6F388B0C230}]
[HKEY_CLASSES_ROOT\FCTB000061649.IEToolbar]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{7EF32AD9-C8AC-44E3-A39F-913E777ADEEE}"= "c:\program files\Kentucky Wildcats Toolbar\Toolbar.dll" [2010-02-06 1445888]
.
[HKEY_CLASSES_ROOT\clsid\{7ef32ad9-c8ac-44e3-a39f-913e777adeee}]
[HKEY_CLASSES_ROOT\FCTB000061649.IEToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{880EC4BB-9C31-4429-9452-D6F388B0C230}]
[HKEY_CLASSES_ROOT\FCTB000061649.IEToolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="" [N/A]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [N/A]
"AOL Fast Start"="c:\progra~1\AOL9~1.1\AOL.EXE" [N/A]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunKistEM"="c:\program files\Digital Media Reader\shwiconem.exe" [N/A]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [N/A]
"CHotkey"="zHotkey.exe" [2005-05-03 543232]
"SoundMan"="SOUNDMAN.EXE" [2005-04-15 77824]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2011-07-16 37380]
"HostManager"="c:\program files\Common Files\AOL\1123289240\ee\AOLSoftware.exe" [N/A]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [N/A]
"NapsterShell"="c:\program files\Napster\napster.exe" [2008-05-09 323216]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2005-08-06 26112]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [N/A]
"QuickFinder Scheduler"="c:\program files\Corel\WordPerfect Office X4\Programs\QFSCHD140.EXE" [N/A]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [N/A]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [N/A]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [N/A]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [N/A]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [N/A]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [N/A]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [N/A]
"InstaLAN"="c:\program files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [N/A]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [N/A]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [N/A]
.
c:\documents and settings\Owner\Start Menu\Programs\Startup\
KEYEXP.lnk - c:\documents and settings\Owner\My Documents\ben\KEYEXP.EXE [2003-11-7 838656]
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-9-12 384000]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2010-1-27 323584]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2006-6-27 122880]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1123289240\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/6/2010 5:14 PM 135664]
S3 APL531;OVT Scanner;c:\windows\system32\drivers\ov550i.sys [7/31/2006 8:44 AM 580992]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/6/2010 5:14 PM 135664]
S3 pelps2m;i8042 Keyboard & PS/2 Mouse Port Driver;c:\windows\system32\drivers\pelps2m.sys [2/24/2006 6:31 PM 19968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2011-07-21 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-01-15 19:09]
.
2011-07-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 21:14]
.
2011-07-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 21:14]
.
2011-07-21 c:\windows\Tasks\User_Feed_Synchronization-{D4193A7F-2282-4635-B799-C73E7C516306}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://facebook.com/
uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZSzim029YYUS&fl=0&ptb=3cfl_pRGo3kTXXCMNJ9.8g&url=http://www.ask.com/web&q={searchTerms}&l=zs&o=sb
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost;*.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: &AOL Toolbar Search - c:\documents and settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Open with WordPerfect - c:\program files\Corel\WordPerfect Office X4\Programs\WPLauncher.hta
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
Trusted Zone: intuit.com\ttlc
Trusted Zone: pogo.com\www
Trusted Zone: turbotax.com
TCP: DhcpNameServer = 192.168.2.1
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} - hxxp://clubgames.pogo.com/online2/pogop/mahjong_escape_ancient/PTGameLauncher.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\pxkpp7yw.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.facebook.com/
FF - prefs.js: keyword.URL - hxxp://search.internet-search-results.com/?sid=10101138100&s=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: LogMeIn, Inc. Remote Access Plugin: LogMeInClient@logmein.com - %profile%\extensions\LogMeInClient@logmein.com
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - user.js: browser.search.order.1 - Search
FF - user.js: keyword.URL - hxxp://search.internet-search-results.com/?sid=10101138100&s=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-21 15:02
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(604)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3224)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Common Files\aolshare\aolshcpy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\zHotkey.exe
c:\windows\SOUNDMAN.EXE
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Belkin\Router Setup and Monitor\BelkinService.exe
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\eHome\ehmsas.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2011-07-21 15:08:35 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-21 19:08
ComboFix2.txt 2011-07-21 17:44
ComboFix3.txt 2011-07-20 20:40
ComboFix4.txt 2011-07-20 18:30
ComboFix5.txt 2011-07-21 18:41
.
Pre-Run: 155,434,274,816 bytes free
Post-Run: 155,414,970,368 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 37F3341058A0F04ACBB6C2D9C114AC36

#29 Camolot

Camolot

    New Member

  • Members
  • Pip
  • 27 posts

Posted 22 July 2011 - 09:02 PM

Sorry didnt realize it didnt copy right. here is the MBAM

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7232

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/22/2011 6:01:02 PM
mbam-log-2011-07-22 (18-01-01).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 354319
Time elapsed: 2 hour(s), 56 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#30 Camolot

Camolot

    New Member

  • Members
  • Pip
  • 27 posts

Posted 22 July 2011 - 10:11 PM

looking through my processes i got one im wondering about. as far as i can tell it only showed up on my first combofix run. It is running 5 times and almost all the time the number in the cpu colum equals 100. my cpu is staying at 100.

2011-07-17 01:32:01 113152 ----a-w- c:\documents and settings\all users\application data\6QEoebUl.exe

#31 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 21,126 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 23 July 2011 - 03:43 AM

Please go to http://www.virustotal.com/, click on Browse, and upload the following file for analysis:

c:\documents and settings\all users\application data\6QEoebUl.exe



Then click Submit. Allow the file to be scanned, and then please copy and paste the results here for me to see.


If virustotal is too busy you can try these.

http://virusscan.jotti.org

http://www.kaspersky...anforvirus.html
Larry Tate
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

#32 Camolot

Camolot

    New Member

  • Members
  • Pip
  • 27 posts

Posted 23 July 2011 - 08:49 AM

virusscan.jotti.org

Filename: 6QEoebUl.exe
Status:
Scan finished. 9 out of 20 scanners reported malware.
Scan taken on: Sat 23 Jul 2011 15:47:23 (CET) Permalink

Scanners
[ArcaVir]
2011-07-23 Found nothing
[F-Secure Anti-Virus]
2011-07-23 Gen:Variant.Kazy.25302
[Avast! antivirus]
2011-07-23 Found nothing
[G DATA]
2011-07-23 Gen:Variant.Kazy.25302
[Grisoft AVG Anti-Virus]
2011-07-23 Found nothing
[Ikarus]
2011-07-23 Gen.Variant.Kates
[Avira AntiVir]
2011-07-22 TR/Dropper.Gen
[Kaspersky Anti-Virus]
2011-07-23 Found nothing
[Softwin BitDefender]
2011-07-23 Gen:Variant.Kazy.25302
[ESET NOD32]
2011-07-23 Win32/Kryptik.QLX
[ClamAV]
2011-07-23 Found nothing
[Panda Antivirus]
2011-07-23 Found nothing
[CPsecure]
2011-07-23 Found nothing
[Quick Heal]
2011-07-22 Found nothing
[Dr.Web]
2011-07-23 Found nothing
[Sophos]
2011-07-23 Sus/UnkPack-C
[Emsisoft Anti-Malware]
2011-07-23 Gen.Variant.Kates!IK
[VirusBlokAda VBA32]
2011-07-22 Malware-Cryptor.Limpopo
[Frisk F-Prot Antivirus]
2011-07-22 Found nothing
[VirusBuster]
2011-07-22 Found nothing

#33 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 21,126 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 24 July 2011 - 04:46 AM

First:

You need to update Java.

Posted Image
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
  • Download the latest version of Java Runtime Environment (JRE) 26 and save it to your desktop.
  • Scroll down to where it says JDK 6 Update 26 (JDK or JRE)
  • Click the Download JRE button to the right
  • Select the Windows platform from the dropdown menu.
  • Read the License Agreement and then check the box that says: "I agree to the Java SE Runtime Environment 6u20 with JavaFX 1 License Agreement". Click on Continue.The page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add or Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java™ 6) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u20-windows-i586-p.exe to install the newest version.
  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked[list]Applications and Applets
      Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.

Next:

Copy/paste the text in the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Take your mouse, and place your cursor at the beginning of the text in the box below, then click and hold the left mouse button, while pulling your mouse over the text. This should highlight the text. Now release the left mouse button. Now, with the cursor over the highlighted text, right click the mouse for options, and select 'copy'. Now over the empty Notepad box, right click your mouse again, and select 'paste' and you will have copied and pasted the text.

KillAll::

File::
c:\documents and settings\all users\application data\6QEoebUl.exe 

RenV::
c:\program files\Adobe\Reader 9.0\Reader\Reader_sl .exe 
c:\program files\AOL 9.1\AOL .exe 
c:\program files\ATI Technologies\ATI Control Panel\atiptaxx .exe 
c:\program files\Belkin\Router Setup and Monitor\BelkinRouterMonitor .exe 
c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe 
c:\program files\Common Files\AOL\1123289240\EE\AOLSoftware .exe 
c:\program files\Common Files\AOL\1123289240\EE\SSCRun .exe 
c:\program files\Common Files\AOL\ACS\AOLDial .exe 
c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier .exe 
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon .exe 
c:\program files\Common Files\Java\Java Update\jusched .exe 
c:\program files\Common Files\Microsoft Shared\DW\dwtrig20 .exe 
c:\program files\Corel\WordPerfect Office X4\Programs\QFSCHD140 .exe 
c:\program files\CyberLink\PowerDVD\PDVDServ .exe 
c:\program files\Digital Media Reader\shwiconem .exe 
c:\program files\HP\HP Software Update\HPWuSchd2 .exe 
c:\program files\iTunes\iTunesHelper .exe 
c:\windows\ehome\ehtray .exe 
c:\windows\SMINST\RECGUARD .exe 

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:
1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...


Posted Image

Drag CFScript.txt into ComboFix.exe


Then post the results log using Copy / Paste


Also please describe how your computer behaves at the moment.
Larry Tate
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

#34 Camolot

Camolot

    New Member

  • Members
  • Pip
  • 27 posts

Posted 24 July 2011 - 08:06 PM

when i was rebooting from deleteing the java stuff the hello4 showed up as nonresponsive again during the shut down.

ComboFix 11-07-20.02 - Owner 07/24/2011 20:36:17.6.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.406 [GMT -4:00]
Running from: c:\documents and settings\Owner\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\My Documents\CFScript.txt
.
FILE ::
"c:\documents and settings\all users\application data\6QEoebUl.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\all users\application data\6QEoebUl.exe
c:\windows\Tasks\At1.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At2.job
.
.
((((((((((((((((((((((((( Files Created from 2011-06-25 to 2011-07-25 )))))))))))))))))))))))))))))))
.
.
2011-07-25 00:06 . 2011-07-25 00:05 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-07-24 09:01 . 2011-07-24 09:01 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Yahoo
2011-07-24 02:14 . 2011-07-24 02:14 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2011-07-23 07:25 . 2011-07-23 07:25 -------- d-----w- c:\windows\system32\%APPDATA%
2011-07-18 15:36 . 2010-09-18 06:53 954368 -c----w- c:\windows\system32\dllcache\mfc40.dll
2011-07-18 06:36 . 2011-07-18 06:36 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2011-07-18 01:54 . 2011-07-18 01:54 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2011-07-18 01:53 . 2011-07-18 01:53 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache
2011-07-18 01:50 . 2011-07-18 01:50 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2011-07-18 01:12 . 2011-07-18 01:17 -------- d-----w- c:\documents and settings\Administrator\Application Data\HPAppData
2011-07-18 01:12 . 2011-07-18 01:12 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2011-07-18 01:11 . 2011-07-18 01:11 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2011-07-17 02:08 . 2011-07-17 02:08 -------- d-sh--w- c:\documents and settings\LocalService\IECompatCache
2011-07-16 22:46 . 2011-07-16 22:46 -------- d-sh--w- c:\documents and settings\NetworkService\IECompatCache
2011-07-16 18:05 . 2011-07-16 18:05 -------- d-----w- c:\documents and settings\Owner\Application Data\Skinux
2011-07-11 19:08 . 2011-07-11 19:08 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\AOL
2011-07-11 19:08 . 2011-07-11 19:08 -------- d-----w- c:\documents and settings\NetworkService\Application Data\FCTB000061649
2011-07-11 19:07 . 2011-07-25 00:06 -------- d-----w- c:\documents and settings\NetworkService\Application Data\HPAppData
2011-07-11 19:06 . 2011-07-17 18:57 -------- d-----w- c:\documents and settings\All Users\Application Data\WSTB
2011-07-08 17:21 . 2011-07-08 17:21 -------- d-----w- c:\program files\Apple Software Update
2011-07-08 17:18 . 2011-07-08 17:18 -------- d-----w- c:\program files\iPod
2011-07-08 17:18 . 2011-07-25 00:36 -------- d-----w- c:\program files\iTunes
2011-07-01 17:05 . 2011-07-01 17:05 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-25 00:05 . 2010-08-05 02:05 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-07-18 00:24 . 2005-04-13 18:50 45312 ----a-w- c:\windows\system32\drivers\ql12160.sys
2011-07-06 23:52 . 2009-04-01 01:10 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-06 23:52 . 2009-04-01 01:10 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-02 14:02 . 2005-04-13 16:56 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-26 10:44 . 2009-02-10 03:36 2516 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2011-05-26 10:44 . 2009-02-10 03:36 88 --sh--r- c:\documents and settings\All Users\Application Data\0170302121.sys
2011-05-02 15:31 . 2005-04-13 17:16 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2005-04-13 16:56 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2005-04-13 16:55 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-26 22:35 . 2011-04-26 22:35 1752543 ----a-w- C:\rgo_installer.exe
2011-04-26 11:07 . 2005-04-13 16:56 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-04-26 11:07 . 2005-04-13 16:55 33280 ----a-w- c:\windows\system32\csrsrv.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2011-07-20_18.21.10 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-07-25 00:51 . 2011-07-25 00:51 16384 c:\windows\temp\Perflib_Perfdata_850.dat
+ 2005-04-13 16:56 . 2010-08-27 05:57 99840 c:\windows\system32\srvsvc.dll
+ 2005-04-13 16:56 . 2010-08-27 05:57 99840 c:\windows\system32\dllcache\srvsvc.dll
+ 2005-08-06 00:43 . 2011-07-21 07:04 23040 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2005-08-06 00:43 . 2011-07-19 19:37 23040 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2005-08-06 00:43 . 2011-07-19 19:37 27136 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2005-08-06 00:43 . 2011-07-21 07:04 27136 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2005-08-06 00:43 . 2011-07-21 07:04 11264 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2005-08-06 00:43 . 2011-07-19 19:37 11264 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2005-08-06 00:43 . 2011-07-19 19:37 12288 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2005-08-06 00:43 . 2011-07-21 07:04 12288 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2005-08-06 00:43 . 2011-07-21 07:04 4096 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2005-08-06 00:43 . 2011-07-19 19:37 4096 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2005-04-13 16:55 . 2010-09-18 06:53 953856 c:\windows\system32\mfc40u.dll
+ 2005-04-13 16:55 . 2010-09-18 06:53 954368 c:\windows\system32\mfc40.dll
+ 2005-04-13 16:55 . 2010-12-22 12:34 301568 c:\windows\system32\kerberos.dll
- 2005-04-13 16:55 . 2009-06-25 08:25 301568 c:\windows\system32\kerberos.dll
- 2011-04-04 11:06 . 2011-02-03 01:40 157472 c:\windows\system32\javaws.exe
+ 2011-07-25 00:06 . 2011-07-25 00:05 157472 c:\windows\system32\javaws.exe
+ 2011-07-25 00:06 . 2011-07-25 00:05 145184 c:\windows\system32\javaw.exe
- 2011-04-04 11:06 . 2011-02-03 01:40 145184 c:\windows\system32\javaw.exe
+ 2011-07-25 00:06 . 2011-07-25 00:05 145184 c:\windows\system32\java.exe
- 2011-04-04 11:06 . 2011-02-03 01:40 145184 c:\windows\system32\java.exe
+ 2005-04-13 16:55 . 2010-09-18 06:53 953856 c:\windows\system32\dllcache\mfc40u.dll
- 2005-04-13 16:55 . 2009-06-25 08:25 301568 c:\windows\system32\dllcache\kerberos.dll
+ 2005-04-13 16:55 . 2010-12-22 12:34 301568 c:\windows\system32\dllcache\kerberos.dll
+ 2002-09-14 06:42 . 2002-09-14 06:42 212992 c:\windows\SMINST\RECGUARD.exe
+ 2011-07-25 00:05 . 2011-07-25 00:05 675840 c:\windows\Installer\c1278.msi
+ 2010-09-24 01:02 . 2010-09-24 01:02 798208 c:\windows\Installer\26bb9ed.msp
+ 2005-08-06 00:43 . 2011-07-21 07:04 409600 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2005-08-06 00:43 . 2011-07-19 19:37 409600 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2005-08-06 00:43 . 2011-07-21 07:04 286720 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2005-08-06 00:43 . 2011-07-19 19:37 286720 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2005-08-06 00:43 . 2011-07-21 07:04 249856 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2005-08-06 00:43 . 2011-07-19 19:37 249856 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2005-08-06 00:43 . 2011-07-21 07:04 794624 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2005-08-06 00:43 . 2011-07-19 19:37 794624 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2005-08-06 00:43 . 2011-07-19 19:37 135168 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2005-08-06 00:43 . 2011-07-21 07:04 135168 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2011-07-21 07:05 . 2011-07-21 07:05 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\4e3dd4d7f9aeda74a2fcefee036e5070\System.Web.Extensions.Design.ni.dll
+ 2011-07-21 07:05 . 2011-07-21 07:05 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\4fb1c0c07f40248b463f2e33444b9477\System.Web.Entity.ni.dll
+ 2011-07-21 07:05 . 2011-07-21 07:05 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\4dfcffc6e6d02bdcdc185d5527a8097e\System.Web.Entity.Design.ni.dll
+ 2011-07-21 07:05 . 2011-07-21 07:05 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\4b921d1cffcd5e80ea14c51db967edd6\System.Web.DynamicData.ni.dll
+ 2010-08-05 14:57 . 2010-08-05 14:57 4066304 c:\windows\Installer\26bba22.msp
+ 2010-10-22 19:45 . 2010-10-22 19:45 8444928 c:\windows\Installer\26bba01.msp
+ 2011-07-21 07:05 . 2011-07-21 07:05 2405376 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\647bfe6da40e8160b967c41424901dc8\System.Web.Extensions.ni.dll
+ 2011-07-21 07:05 . 2011-07-21 07:05 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\ead07662976fb7094811461c568643d5\System.ServiceModel.Web.ni.dll
+ 2011-07-21 07:00 . 2011-07-21 07:01 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
- 2009-08-09 07:10 . 2009-08-09 07:10 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{8c49a3d1-585b-4eab-985d-6ad480b4f23d}"= "c:\program files\Kentucky Wildcats Toolbar\Helper.dll" [2010-02-06 242688]
.
[HKEY_CLASSES_ROOT\clsid\{8c49a3d1-585b-4eab-985d-6ad480b4f23d}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{763C8C3E-9677-474E-B4BD-6ABC7DDDE090}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2A118156-5307-4BFB-9548-B423FDF368A8}]
2010-02-06 22:47 1445888 ----a-w- c:\program files\Kentucky Wildcats Toolbar\Toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7EF32AD9-C8AC-44E3-A39F-913E777ADEEE}"= "c:\program files\Kentucky Wildcats Toolbar\Toolbar.dll" [2010-02-06 1445888]
.
[HKEY_CLASSES_ROOT\clsid\{7ef32ad9-c8ac-44e3-a39f-913e777adeee}]
[HKEY_CLASSES_ROOT\FCTB000061649.IEToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{880EC4BB-9C31-4429-9452-D6F388B0C230}]
[HKEY_CLASSES_ROOT\FCTB000061649.IEToolbar]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{7EF32AD9-C8AC-44E3-A39F-913E777ADEEE}"= "c:\program files\Kentucky Wildcats Toolbar\Toolbar.dll" [2010-02-06 1445888]
.
[HKEY_CLASSES_ROOT\clsid\{7ef32ad9-c8ac-44e3-a39f-913e777adeee}]
[HKEY_CLASSES_ROOT\FCTB000061649.IEToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{880EC4BB-9C31-4429-9452-D6F388B0C230}]
[HKEY_CLASSES_ROOT\FCTB000061649.IEToolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AOL Fast Start"="c:\progra~1\AOL9~1.1\AOL.EXE" [2008-11-06 50472]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunKistEM"="c:\program files\Digital Media Reader\shwiconem.exe" [2004-11-15 135168]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-18 339968]
"CHotkey"="zHotkey.exe" [2005-05-03 543232]
"SoundMan"="SOUNDMAN.EXE" [2005-04-15 77824]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"HostManager"="c:\program files\Common Files\AOL\1123289240\ee\AOLSoftware.exe" [2008-06-24 41824]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768]
"NapsterShell"="c:\program files\Napster\napster.exe" [2008-05-09 323216]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2005-08-06 26112]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216]
"QuickFinder Scheduler"="c:\program files\Corel\WordPerfect Office X4\Programs\QFSCHD140.EXE" [2008-03-21 83232]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"InstaLAN"="c:\program files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2011-02-25 1770400]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe" [2010-11-24 233936]
.
c:\documents and settings\Owner\Start Menu\Programs\Startup\
KEYEXP.lnk - c:\documents and settings\Owner\My Documents\ben\KEYEXP.EXE [2003-11-7 838656]
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-9-12 384000]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2010-1-27 323584]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2006-6-27 122880]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1123289240\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/6/2010 5:14 PM 135664]
S3 APL531;OVT Scanner;c:\windows\system32\drivers\ov550i.sys [7/31/2006 8:44 AM 580992]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/6/2010 5:14 PM 135664]
S3 pelps2m;i8042 Keyboard & PS/2 Mouse Port Driver;c:\windows\system32\drivers\pelps2m.sys [2/24/2006 6:31 PM 19968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2011-07-25 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-01-15 19:09]
.
2011-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 21:14]
.
2011-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 21:14]
.
2011-07-24 c:\windows\Tasks\User_Feed_Synchronization-{D4193A7F-2282-4635-B799-C73E7C516306}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://facebook.com/
uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZSzim029YYUS&fl=0&ptb=3cfl_pRGo3kTXXCMNJ9.8g&url=http://www.ask.com/web&q={searchTerms}&l=zs&o=sb
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost;*.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: &AOL Toolbar Search - c:\documents and settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Open with WordPerfect - c:\program files\Corel\WordPerfect Office X4\Programs\WPLauncher.hta
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
Trusted Zone: intuit.com\ttlc
Trusted Zone: pogo.com\www
Trusted Zone: turbotax.com
TCP: DhcpNameServer = 192.168.2.1
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} - hxxp://clubgames.pogo.com/online2/pogop/mahjong_escape_ancient/PTGameLauncher.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\pxkpp7yw.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.facebook.com/
FF - prefs.js: keyword.URL - hxxp://search.internet-search-results.com/?sid=10101138100&s=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: LogMeIn, Inc. Remote Access Plugin: LogMeInClient@logmein.com - %profile%\extensions\LogMeInClient@logmein.com
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - user.js: browser.search.order.1 - Search
FF - user.js: keyword.URL - hxxp://search.internet-search-results.com/?sid=10101138100&s=
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Aim6 - (no file)
HKCU-Run-WMPNSCFG - c:\program files\Windows Media Player\WMPNSCFG.exe
HKLM-Run-Verizon_McciTrayApp - c:\program files\Verizon\McciTrayApp.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-24 20:52
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,02,61,5a,af,58,61,f4,40,97,28,40,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,02,61,5a,af,58,61,f4,40,97,28,40,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(604)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2148)
c:\windows\system32\WININET.dll
c:\documents and settings\Owner\My Documents\ben\KYX95HK.DLL
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Common Files\aolshare\aolshcpy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\zHotkey.exe
c:\windows\SOUNDMAN.EXE
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Belkin\Router Setup and Monitor\BelkinService.exe
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\progra~1\AOL9~1.1\waol.exe
c:\windows\eHome\ehSched.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Belkin\Router Setup and Monitor\BelkinSetup.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\dllhost.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\eHome\ehmsas.exe
c:\windows\system32\wscntfy.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\progra~1\AOL9~1.1\shellmon.exe
.
**************************************************************************
.
Completion time: 2011-07-24 21:01:24 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-25 01:01
ComboFix2.txt 2011-07-21 19:08
ComboFix3.txt 2011-07-21 17:44
ComboFix4.txt 2011-07-20 20:40
ComboFix5.txt 2011-07-25 00:26
.
Pre-Run: 155,965,509,632 bytes free
Post-Run: 155,972,915,200 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 14691DC6C689A96A48F852EBA91F3365

#35 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 21,126 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 25 July 2011 - 06:35 AM

Using Internet Explorer or Firefox, visit Kaspersky On-line Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.
2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
3. Click Run at the Security prompt.
The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.

    Posted Image
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

Larry Tate
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

#36 Camolot

Camolot

    New Member

  • Members
  • Pip
  • 27 posts

Posted 25 July 2011 - 12:59 PM

im still getting this error when going to the website.

404 - File or directory not found.
The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.

#37 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 21,126 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 25 July 2011 - 01:15 PM

We shal try a different one.

Please download Dr.Web CureIt . Save it to your desktop:
  • Doubleclick the drweb-cureit.exe file and click Scan to run express scan. Click OK in the pop-up window to allow the scan.
  • This will scan the files currently running in memory and if something is found, click the Yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, select Complete scan.
  • Click the green arrow Posted Image at the right, and the scan will start.
  • Click Yes to all if it asks if you want to cure/move the file.
  • When the scan has finished, in the menu, click File and choose Save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Note:this report may need to be renamed to Dr.Web.txt in order to post it on the forum.
  • Please post the Dr.Web.txt report in your next reply
  • Close Dr.Web Cureit.
    Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
NOTE. During the scan, pop-up window will open asking for full version purchase. Simply close the window by clicking on the X in the upper right corner.
Larry Tate
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

#38 Camolot

Camolot

    New Member

  • Members
  • Pip
  • 27 posts

Posted 26 July 2011 - 02:29 PM

msmsgs.exe;c:\program files\messenger;Probably Trojan.Packed;Incurable.Deleted.;
config.000;C:\Documents and Settings\All Users\Application Data\AOL Downloads\ssc_suite_installer_1.10.7.1;Probably BACKDOOR.Trojan;Incurable.Deleted.;
inst.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4028;Probably BACKDOOR.Trojan;Incurable.Deleted.;
ppctl.dll;C:\Program Files\Common Files\AOL\1123289240\EE\services\antispyware\ver2_4_9_1\resources;Probably DLOADER.Trojan;Incurable.Deleted.;
GTDownAO_106.ocx;C:\Program Files\Common Files\AolCoach\en_en;Adware.Gdown;Incurable.Deleted.;
ppctl.dll;C:\Program Files\Common Files\Scanner;Probably DLOADER.Trojan;Incurable.Deleted.;
mbam.exe;C:\Program Files\Malwarebytes' Anti-Malware;Probably Trojan.Packed;Incurable.Deleted.;
mirc.exe;C:\Program Files\mIRC;Program.mIRC.621;Incurable.Deleted.;
Launch.exe;C:\Program Files\Oberon Media\Lottso! Deluxe;Trojan.DownLoader1.5776;Incurable.Moved.;
Launch.exe;C:\Program Files\Oberon Media\Tri Peaks 2 Quest For The Ruby Ring;Trojan.DownLoader1.5776;Incurable.Moved.;
6QEoebUl.exe.vir;C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data;Trojan.DownLoad2.31585;Deleted.;
6QEoebUl.exe_.vir;C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data;Probably Trojan.Packed.116;Incurable.Deleted.;
OctoshapeClient .exe.vir;C:\Qoobox\Quarantine\C\Documents and Settings\Owner\Application Data\Octoshape\Octoshape Streaming Services;Probably Trojan.Packed;Incurable.Deleted.;
OctoshapeClient.exe.vir;C:\Qoobox\Quarantine\C\Documents and Settings\Owner\Application Data\Octoshape\Octoshape Streaming Services;Probably Trojan.Packed;Incurable.Deleted.;
Reader_sl.exe.vir;C:\Qoobox\Quarantine\C\Program Files\Adobe\Reader 9.0\Reader;Probably Trojan.Packed;Incurable.Deleted.;
atiptaxx.exe.vir;C:\Qoobox\Quarantine\C\Program Files\ATI Technologies\ATI Control Panel;Probably Trojan.Packed;Incurable.Deleted.;
BelkinRouterMonitor.exe.vir;C:\Qoobox\Quarantine\C\Program Files\Belkin\Router Setup and Monitor;Probably Trojan.Packed;Incurable.Deleted.;
AdobeARM.exe.vir;C:\Qoobox\Quarantine\C\Program Files\Common Files\Adobe\ARM\1.0;Probably Trojan.Packed;Incurable.Deleted.;
AOLSoftware.exe.vir;C:\Qoobox\Quarantine\C\Program Files\Common Files\AOL\1123289240\EE;Probably Trojan.Packed;Incurable.Deleted.;
SSCRun.exe.vir;C:\Qoobox\Quarantine\C\Program Files\Common Files\AOL\1123289240\EE;Probably Trojan.Packed;Incurable.Deleted.;
AOLSP Scheduler.exe.vir;C:\Qoobox\Quarantine\C\Program Files\Common Files\AOL\1123289240\EE\services\safetyCore\ver210_5_2_1;Probably Trojan.Packed;Incurable.Deleted.;
AOLDial.exe.vir;C:\Qoobox\Quarantine\C\Program Files\Common Files\AOL\ACS;Probably Trojan.Packed;Incurable.Deleted.;
AppleSyncNotifier.exe.vir;C:\Qoobox\Quarantine\C\Program Files\Common Files\Apple\Mobile Device Support;Probably Trojan.Packed;Incurable.Deleted.;
ACDaemon.exe.vir;C:\Qoobox\Quarantine\C\Program Files\Common Files\ArcSoft\Connection Service\Bin;Probably Trojan.Packed;Incurable.Deleted.;
jusched.exe.vir;C:\Qoobox\Quarantine\C\Program Files\Common Files\Java\Java Update;Probably Trojan.Packed;Incurable.Deleted.;
QFSCHD140.EXE.vir;C:\Qoobox\Quarantine\C\Program Files\Corel\WordPerfect Office X4\Programs;Probably Trojan.Packed;Incurable.Deleted.;
PDVDServ.exe.vir;C:\Qoobox\Quarantine\C\Program Files\CyberLink\PowerDVD;Probably Trojan.Packed;Incurable.Deleted.;
shwiconem.exe.vir;C:\Qoobox\Quarantine\C\Program Files\Digital Media Reader;Probably Trojan.Packed;Incurable.Deleted.;
HPWuSchd2.exe.vir;C:\Qoobox\Quarantine\C\Program Files\HP\HP Software Update;Probably Trojan.Packed;Incurable.Deleted.;
iTunesHelper.exe.vir;C:\Qoobox\Quarantine\C\Program Files\iTunes;Probably Trojan.Packed;Incurable.Deleted.;
mcvsescn.exe.vir;C:\Qoobox\Quarantine\C\Program Files\McAfee.com\antivirus;Probably Trojan.Packed;Incurable.Deleted.;
oasclnt.exe.vir;C:\Qoobox\Quarantine\C\Program Files\McAfee.com\antivirus;Probably Trojan.Packed;Incurable.Deleted.;
MPfTray.exe.vir;C:\Qoobox\Quarantine\C\Program Files\McAfee.com\personal firewall;Probably Trojan.Packed;Incurable.Deleted.;
QTTask .exe.vir;C:\Qoobox\Quarantine\C\Program Files\QuickTime;Probably Trojan.Packed;Incurable.Deleted.;
QTTask.exe.vir;C:\Qoobox\Quarantine\C\Program Files\QuickTime;Probably Trojan.Packed;Incurable.Deleted.;
McciTrayApp.exe.vir;C:\Qoobox\Quarantine\C\Program Files\Verizon;Probably Trojan.Packed;Incurable.Deleted.;
WMPNSCFG.exe.vir;C:\Qoobox\Quarantine\C\Program Files\Windows Media Player;Probably Trojan.Packed;Incurable.Deleted.;
AOL.EXE.vir;C:\Qoobox\Quarantine\C\PROGRA~1\AOL9~1.1;Probably Trojan.Packed;Incurable.Deleted.;
dwtrig20.exe.vir;C:\Qoobox\Quarantine\C\PROGRA~1\COMMON~1\MICROS~1\DW;Probably Trojan.Packed;Incurable.Deleted.;
ICO.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Probably Trojan.Packed;Incurable.Deleted.;
nAQATYM6.exe_.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Probably Trojan.Packed.116;Incurable.Deleted.;
A0020854.EXE;C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP15;Probably Trojan.Packed;Incurable.Deleted.;
A0020861.exe;C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP15;Trojan.DownLoad2.31585;Deleted.;
A0020992.exe;C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP18;Probably Trojan.Packed;Incurable.Deleted.;
A0020993.exe;C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP19;Trojan.DownLoader1.5776;Incurable.Moved.;
A0020994.exe;C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP19;Trojan.DownLoader1.5776;Incurable.Moved.;
A0012092.exe;C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP2;Probably Trojan.Packed;Incurable.Deleted.;
A0012093.exe;C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP2;Probably Trojan.Packed;Incurable.Deleted.;
A0012131.exe;C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP3;Probably Trojan.Packed;Incurable.Deleted.;
A0012132.exe;C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP3;Probably Trojan.Packed;Incurable.Deleted.;
A0013139.exe;C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP3;Probably Trojan.Packed.116;Incurable.Deleted.;
A0019334.exe;C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP8;Probably BACKDOOR.Trojan;Incurable.Deleted.;
A0019802.EXE;C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP9;Probably Trojan.Packed;Incurable.Deleted.;
CouponPrinter.ocx;C:\WINDOWS;Adware.Coupons.34;Incurable.Deleted.;
AOLicon.EXE;C:\WINDOWS\OPTIONS;Trojan.MulDrop2.17815;Incurable.Moved.;
recovery_guide_em_eng_9532288.exe;D:\i386\Apps\App00398;Trojan.MulDrop2.14884;Incurable.Moved.;

#39 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 21,126 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 26 July 2011 - 02:43 PM

How's it running?
Larry Tate
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

#40 Camolot

Camolot

    New Member

  • Members
  • Pip
  • 27 posts

Posted 26 July 2011 - 04:48 PM

it seems like everything is running right except the system idle thingie that pops up when you press alt,ctrl,delete. only thing that pops up is a window with the processes running. i dont have the tabs that let me switch to programs anymore. it doesnt tell me the cpu usage at the bottom like it did. and i have no menu bar at the top of it either anymore. started doing this saturday night.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users