Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Need help removing a trojan/ unknown processes [RESOLVED]


  • This topic is locked This topic is locked

#16
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please do an online scan with Kaspersky WebScanner
(This scanner is for use with internet explorer only)
Click on "Accept"

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0

Advertisements


#17
archiep

archiep

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, February 23, 2008 3:20:01 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 23/02/2008
Kaspersky Anti-Virus database records: 576118
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
K:\
L:\
S:\

Scan Statistics:
Total number of scanned objects: 133835
Number of viruses found: 3
Number of infected objects: 63
Number of suspicious objects: 0
Duration of the scan process: 02:47:11

Infected Object Name / Virus Name / Last Action
C:\autorun.inf\lpt3.This folder was created by Flash_Disinfector Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2gjv0060.default\cert8.db Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2gjv0060.default\history.dat Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2gjv0060.default\key3.db Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2gjv0060.default\parent.lock Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2gjv0060.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2gjv0060.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SUPERANTISPYWARE.LOG Object is locked skipped
C:\Documents and Settings\Administrator\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Ahead\Nero Home\bl.db Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Ahead\Nero Home\is2.db Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\ApplicationHistory\cli.exe.c88dbd71.ini.inuse Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{88B20E01-8D70-41BB-87E4-3732587DA986}\Microsoft\Outlook Express\Folders.dbx Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{88B20E01-8D70-41BB-87E4-3732587DA986}\Microsoft\Outlook Express\Offline.dbx Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_360.wmdb Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\2gjv0060.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\2gjv0060.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\2gjv0060.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\2gjv0060.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012008022220080223\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\Perflib_Perfdata_171c.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\Perflib_Perfdata_1728.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\Perflib_Perfdata_22b8.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\Perflib_Perfdata_9b8.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\ZLT064b5.TMP Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\ZLT064f3.TMP Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\~DFEF91.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\My Documents\brave\SmitfraudFix\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Administrator\My Documents\My Music\iTunes\iTunes Library.itl Object is locked skipped
C:\Documents and Settings\Administrator\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Administrator\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp Object is locked skipped
C:\Documents and Settings\All Users\DRM\drmstore.hds Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Zune\ZuneNSSStore.sdf Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2008-02-21.02-19-22.log Object is locked skipped
C:\Program Files\Veoh Networks\Veoh\client.log Object is locked skipped
C:\Program Files\Veoh Networks\Veoh\upload.log Object is locked skipped
C:\Program Files\Yahoo!\Messenger\logs\billing_Administrator.log Object is locked skipped
C:\Program Files\Yahoo!\Messenger\logs\client_Administrator.log Object is locked skipped
C:\Program Files\Yahoo!\Messenger\logs\network_Administrator.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{175DF0A8-4500-4931-AC6E-7EA276B4416E}\RP94\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\ARCHIE.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd0269.sys Object is locked skipped
C:\WINDOWS\system32\drivers\vaxscsi.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000004-20021102}.CDF Object is locked skipped
F:\autorun.inf\lpt3.This folder was created by Flash_Disinfector Object is locked skipped
F:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\428ac44f90666536b4bf62ef98427d67_43fba08a-702f-4006-bb9e-dd0ed42d4ff0 Object is locked skipped
F:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ea0b310e4fd2a27fbcc223aca12badd6_43fba08a-702f-4006-bb9e-dd0ed42d4ff0 Object is locked skipped
F:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
F:\Documents and Settings\Archie\My Documents\ADOBE.PHOTOSHOP.CS2.ISO/Goodies/PROGRAMS & EXTRA STUFF/WinZip 9.0.6224-SR1.zip/WinZip 9.0.6224-SR1/WinZip-KEY-GEN.exe Infected: Trojan-Dropper.Win32.Delf.fl skipped
F:\Documents and Settings\Archie\My Documents\ADOBE.PHOTOSHOP.CS2.ISO/Goodies/PROGRAMS & EXTRA STUFF/WinZip 9.0.6224-SR1.zip Infected: Trojan-Dropper.Win32.Delf.fl skipped
F:\Documents and Settings\Archie\My Documents\ADOBE.PHOTOSHOP.CS2.ISO ISOimage: infected - 2 skipped
F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
G:\iPod_Control\Device\Accessories.exe Infected: Virus.Win32.VB.eg skipped
G:\iPod_Control\Music\F00.exe Infected: Virus.Win32.VB.eg skipped
G:\iPod_Control\Music\F01.exe Infected: Virus.Win32.VB.eg skipped
G:\iPod_Control\Music\F02.exe Infected: Virus.Win32.VB.eg skipped
G:\iPod_Control\Music\F03.exe Infected: Virus.Win32.VB.eg skipped
G:\iPod_Control\Music\F04.exe Infected: Virus.Win32.VB.eg skipped
G:\iPod_Control\Music\F05.exe Infected: Virus.Win32.VB.eg skipped
G:\iPod_Control\Music\F06.exe Infected: Virus.Win32.VB.eg skipped
G:\iPod_Control\Music\F07.exe Infected: Virus.Win32.VB.eg skipped
G:\iPod_Control\Music\F08.exe Infected: Virus.Win32.VB.eg skipped
G:\iPod_Control\Music\F09.exe Infected: Virus.Win32.VB.eg skipped
G:\iPod_Control\Music\F10.exe Infected: Virus.Win32.VB.eg skipped
G:\iPod_Control\Music\F11.exe Infected: Virus.Win32.VB.eg skipped
G:\iPod_Control\Music\F12.exe Infected: Virus.Win32.VB.eg skipped
G:\iPod_Control\Music\F13.exe Infected: Virus.Win32.VB.eg skipped
G:\iPod_Control\Music\F14.exe Infected: Virus.Win32.VB.eg skipped
G:\iPod_Control\Music\F15.exe Infected: Virus.Win32.VB.eg skipped
G:\iPod_Control\Music\F16.exe Infected: Virus.Win32.VB.eg skipped
G:\iPod_Control\Music\F17.exe Infected: Virus.Win32.VB.eg skipped
G:\iPod_Control\Music\F18.exe Infected: Virus.Win32.VB.eg skipped
G:\iPod_Control\Music\F19.exe Infected: Virus.Win32.VB.eg skipped
G:\iPod_Control\Music\F20.exe Infected: Virus.Win32.VB.eg skipped
G:\iPod_Control\Music\F21.exe Infected: Virus.Win32.VB.eg skipped
G:\iPod_Control\Music\F22.exe Infected: Virus.Win32.VB.eg skipped
G:\iPod_Control\Music\F23.exe Infected: Virus.Win32.VB.eg skipped
G:\iPod_Control\Music\F24.exe Infected: Virus.Win32.VB.eg skipped
G:\iPod_Control\Music\F25.exe Infected: Virus.Win32.VB.eg skipped
G:\iPod_Control\Music\F26.exe Infected: Virus.Win32.VB.eg skipped
G:\iPod_Control\Music\F27.exe Infected: Virus.Win32.VB.eg skipped
G:\iPod_Control\Music\F28.exe Infected: Virus.Win32.VB.eg skipped
G:\iPod_Control\Music\F29.exe Infected: Virus.Win32.VB.eg skipped
G:\iPod_Control\Music\F30.exe Infected: Virus.Win32.VB.eg skipped
G:\iPod_Control\Music\F31.exe Infected: Virus.Win32.VB.eg skipped
G:\iPod_Control\Music\F32.exe Infected: Virus.Win32.VB.eg skipped
G:\iPod_Control\Music\F33.exe Infected: Virus.Win32.VB.eg skipped
G:\iPod_Control\Music\F34.exe Infected: Virus.Win32.VB.eg skipped
G:\iPod_Control\Music\F35.exe Infected: Virus.Win32.VB.eg skipped
G:\iPod_Control\Music\F36.exe Infected: Virus.Win32.VB.eg skipped
G:\iPod_Control\Music\F37.exe Infected: Virus.Win32.VB.eg skipped
G:\iPod_Control\Music\F38.exe Infected: Virus.Win32.VB.eg skipped
G:\iPod_Control\Music\F39.exe Infected: Virus.Win32.VB.eg skipped
G:\iPod_Control\Music\F40.exe Infected: Virus.Win32.VB.eg skipped
G:\iPod_Control\Music\F41.exe Infected: Virus.Win32.VB.eg skipped
G:\iPod_Control\Music\F42.exe Infected: Virus.Win32.VB.eg skipped
G:\iPod_Control\Music\F43.exe Infected: Virus.Win32.VB.eg skipped
G:\iPod_Control\Music\F44.exe Infected: Virus.Win32.VB.eg skipped
G:\iPod_Control\Music\F45.exe Infected: Virus.Win32.VB.eg skipped
G:\iPod_Control\Music\F46.exe Infected: Virus.Win32.VB.eg skipped
G:\iPod_Control\Music\F47.exe Infected: Virus.Win32.VB.eg skipped
G:\iPod_Control\Music\F48.exe Infected: Virus.Win32.VB.eg skipped
G:\iPod_Control\Music\F49.exe Infected: Virus.Win32.VB.eg skipped
G:\iPod_Control\Device.exe Infected: Virus.Win32.VB.eg skipped
G:\iPod_Control\iTunes.exe Infected: Virus.Win32.VB.eg skipped
G:\iPod_Control\Music.exe Infected: Virus.Win32.VB.eg skipped
G:\iPod_Control\Artwork.exe Infected: Virus.Win32.VB.eg skipped
G:\iPod_Control.exe Infected: Virus.Win32.VB.eg skipped
G:\Contacts.exe Infected: Virus.Win32.VB.eg skipped
G:\Calendars.exe Infected: Virus.Win32.VB.eg skipped
G:\Notes.exe Infected: Virus.Win32.VB.eg skipped
G:\autorun.inf\lpt3.This folder was created by Flash_Disinfector Object is locked skipped

Scan process completed.
  • 0

#18
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
PLease have the F:\G:\ L:\ K:\ and S:\Drives plugged in during this process.
===================================================
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    F:\Documents and Settings\Archie\My Documents\ADOBE.PHOTOSHOP.CS2.ISO
    G:\iPod_Control\Device\Accessories.exe 
    G:\iPod_Control\Music\F00.exe 
    G:\iPod_Control\Music\F01.exe 
    G:\iPod_Control\Music\F02.exe 
    G:\iPod_Control\Music\F03.exe 
    G:\iPod_Control\Music\F04.exe 
    G:\iPod_Control\Music\F05.exe 
    G:\iPod_Control\Music\F06.exe 
    G:\iPod_Control\Music\F07.exe 
    G:\iPod_Control\Music\F08.exe 
    G:\iPod_Control\Music\F09.exe 
    G:\iPod_Control\Music\F10.exe 
    G:\iPod_Control\Music\F11.exe 
    G:\iPod_Control\Music\F12.exe 
    G:\iPod_Control\Music\F13.exe 
    G:\iPod_Control\Music\F14.exe
    G:\iPod_Control\Music\F15.exe 
    G:\iPod_Control\Music\F16.exe 
    G:\iPod_Control\Music\F17.exe 
    G:\iPod_Control\Music\F18.exe 
    G:\iPod_Control\Music\F19.exe 
    G:\iPod_Control\Music\F20.exe 
    G:\iPod_Control\Music\F21.exe 
    G:\iPod_Control\Music\F22.exe 
    G:\iPod_Control\Music\F23.exe 
    G:\iPod_Control\Music\F24.exe 
    G:\iPod_Control\Music\F25.exe 
    G:\iPod_Control\Music\F26.exe 
    G:\iPod_Control\Music\F27.exe 
    G:\iPod_Control\Music\F28.exe 
    G:\iPod_Control\Music\F29.exe 
    G:\iPod_Control\Music\F30.exe 
    G:\iPod_Control\Music\F31.exe 
    G:\iPod_Control\Music\F32.exe 
    G:\iPod_Control\Music\F33.exe 
    G:\iPod_Control\Music\F34.exe 
    G:\iPod_Control\Music\F35.exe 
    G:\iPod_Control\Music\F36.exe 
    G:\iPod_Control\Music\F37.exe 
    G:\iPod_Control\Music\F38.exe 
    G:\iPod_Control\Music\F39.exe 
    G:\iPod_Control\Music\F40.exe 
    G:\iPod_Control\Music\F41.exe 
    G:\iPod_Control\Music\F42.exe 
    G:\iPod_Control\Music\F43.exe 
    G:\iPod_Control\Music\F44.exe 
    G:\iPod_Control\Music\F45.exe
    G:\iPod_Control\Music\F46.exe 
    G:\iPod_Control\Music\F47.exe 
    G:\iPod_Control\Music\F48.exe 
    G:\iPod_Control\Music\F49.exe 
    G:\iPod_Control\Device.exe 
    G:\iPod_Control\iTunes.exe 
    G:\iPod_Control\Music.exe 
    G:\iPod_Control\Artwork.exe
    K:\auotrun.inf
    L:\suppress_explorer.exe
    S:\Autorun.exe
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • OTMoveit2 will create a log of moved files in the C:\_OTMoveIt\MovedFiles folder. The log's name will appear as the date and time it was created, with the format mmddyyyy_hhmmss.log. Open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
=======================================
PLease post hte OtMove it 2 log and a new Hijackthis log please.
  • 0

#19
archiep

archiep

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
F:\Documents and Settings\Archie\My Documents\ADOBE.PHOTOSHOP.CS2.ISO moved successfully.
G:\iPod_Control\Device\Accessories.exe moved successfully.
G:\iPod_Control\Music\F00.exe moved successfully.
G:\iPod_Control\Music\F01.exe moved successfully.
G:\iPod_Control\Music\F02.exe moved successfully.
G:\iPod_Control\Music\F03.exe moved successfully.
G:\iPod_Control\Music\F04.exe moved successfully.
G:\iPod_Control\Music\F05.exe moved successfully.
G:\iPod_Control\Music\F06.exe moved successfully.
G:\iPod_Control\Music\F07.exe moved successfully.
G:\iPod_Control\Music\F08.exe moved successfully.
G:\iPod_Control\Music\F09.exe moved successfully.
G:\iPod_Control\Music\F10.exe moved successfully.
G:\iPod_Control\Music\F11.exe moved successfully.
G:\iPod_Control\Music\F12.exe moved successfully.
G:\iPod_Control\Music\F13.exe moved successfully.
G:\iPod_Control\Music\F14.exe moved successfully.
G:\iPod_Control\Music\F15.exe moved successfully.
G:\iPod_Control\Music\F16.exe moved successfully.
G:\iPod_Control\Music\F17.exe moved successfully.
G:\iPod_Control\Music\F18.exe moved successfully.
G:\iPod_Control\Music\F19.exe moved successfully.
G:\iPod_Control\Music\F20.exe moved successfully.
G:\iPod_Control\Music\F21.exe moved successfully.
G:\iPod_Control\Music\F22.exe moved successfully.
G:\iPod_Control\Music\F23.exe moved successfully.
G:\iPod_Control\Music\F24.exe moved successfully.
G:\iPod_Control\Music\F25.exe moved successfully.
G:\iPod_Control\Music\F26.exe moved successfully.
G:\iPod_Control\Music\F27.exe moved successfully.
G:\iPod_Control\Music\F28.exe moved successfully.
G:\iPod_Control\Music\F29.exe moved successfully.
G:\iPod_Control\Music\F30.exe moved successfully.
G:\iPod_Control\Music\F31.exe moved successfully.
G:\iPod_Control\Music\F32.exe moved successfully.
G:\iPod_Control\Music\F33.exe moved successfully.
G:\iPod_Control\Music\F34.exe moved successfully.
G:\iPod_Control\Music\F35.exe moved successfully.
G:\iPod_Control\Music\F36.exe moved successfully.
G:\iPod_Control\Music\F37.exe moved successfully.
G:\iPod_Control\Music\F38.exe moved successfully.
G:\iPod_Control\Music\F39.exe moved successfully.
G:\iPod_Control\Music\F40.exe moved successfully.
G:\iPod_Control\Music\F41.exe moved successfully.
G:\iPod_Control\Music\F42.exe moved successfully.
G:\iPod_Control\Music\F43.exe moved successfully.
G:\iPod_Control\Music\F44.exe moved successfully.
G:\iPod_Control\Music\F45.exe moved successfully.
G:\iPod_Control\Music\F46.exe moved successfully.
G:\iPod_Control\Music\F47.exe moved successfully.
G:\iPod_Control\Music\F48.exe moved successfully.
G:\iPod_Control\Music\F49.exe moved successfully.
G:\iPod_Control\Device.exe moved successfully.
G:\iPod_Control\iTunes.exe moved successfully.
G:\iPod_Control\Music.exe moved successfully.
G:\iPod_Control\Artwork.exe moved successfully.
File/Folder K:\auotrun.inf not found.
File move failed. L:\suppress_explorer.exe scheduled to be moved on reboot.
File move failed. S:\Autorun.exe scheduled to be moved on reboot.

OTMoveIt2 v1.0.20 log created on 02232008_135011
  • 0

#20
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please go to Start>Run type in Notepad.
Copy what is in the code box below into the open Notepad window.
Change the "Save As Type" to "All Files". Save it as fixthis.bat on your Desktop.
@Echo off
attrib -s -r -h "L:\suppress_explorer.exe"
del /q "L:\suppress_explorer.exe"
attrib -s -r -h "S:\Autorun.exe "
del /q "S:\Autorun.exe "
quit
Don't do anything with this yet.
=====================
*Reboot your computer into SafeMode.
You can do this by restarting your computer and continually tapping the F8 key until a menu appears.
Use your up arrow key to highlight SafeMode then hit enter.

Then please double click on fixthis.bat a window will open and close quickly.This is normal.


After that please reboot into normal windows and post a new Hijackthis log and check those drives to see if those files are still present.
  • 0

#21
archiep

archiep

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
Logfile of HijackThis v1.99.1
Scan saved at 2:04:29 PM, on 2/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
C:\windows\System32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\windows\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\MsPMSPSv.exe
c:\windows\system32\ZuneBusEnum.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\wscntfy.exe
C:\windows\Explorer.EXE
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\windows\system32\CTHELPER.EXE
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\ATI Multimedia\main\launchpd.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
C:\Program Files\iTunes\iTunes.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\hijack\show.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://start.earthlink.net/AL/Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.earthlink.net/AL/Search
R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\ElnIE.dll
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - ~EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.0 RC 16\RivaTuner.exe" /S
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O4 - Startup: MEMonitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: EarthLink Google Search - res://C:\Program Files\EarthLink TotalAccess\Toolbar\SearchUI.dll/search.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.att.net
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1190602144718
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1190602136046
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A495B349-F9C1-41DA-97A4-08CF9B44E62D}: NameServer = 64.105.132.250,64.105.166.122
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\windows\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: EarthLink Monitor Service (EarthLinkMonitor) - Boingo Wireless, Inc. - C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)
  • 0

#22
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Can yo check and see if these files are present please :
S:\Autorun.exe
L:\suppress_explorer.exe
  • 0

#23
archiep

archiep

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
yes those are present and its a mounted image of a cd pretty much its under a virtual drive
  • 0

#24
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please submit the following files to one of these online file scanners.
(All you have to do is copy and paste them in one at a time)

S:\Autorun.exe
L:\suppress_explorer.exe


Jotti File Scan
VirusTotal File Scan

This will produce a report after the scan is complete, please copy and paste those results in your next post.
  • 0

#25
archiep

archiep

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
File Autorun.exe received on 02.26.2008 12:49:39 (CET)
Antivirus Version Last Update Result
AhnLab-V3 2008.2.22.0 2008.02.26 -
AntiVir 7.6.0.67 2008.02.26 -
Authentium 4.93.8 2008.02.26 -
Avast 4.7.1098.0 2008.02.25 -
AVG 7.5.0.516 2008.02.26 -
BitDefender 7.2 2008.02.26 -
CAT-QuickHeal 9.50 2008.02.26 -
ClamAV 0.92.1 2008.02.26 -
DrWeb 4.44.0.09170 2008.02.26 -
eSafe 7.0.15.0 2008.02.26 -
eTrust-Vet 31.3.5564 2008.02.26 -
Ewido 4.0 2008.02.25 -
FileAdvisor 1 2008.02.26 -
Fortinet 3.14.0.0 2008.02.26 -
F-Prot 4.4.2.54 2008.02.25 -
F-Secure 6.70.13260.0 2008.02.26 -
Ikarus T3.1.1.20 2008.02.26 -
Kaspersky 7.0.0.125 2008.02.26 -
McAfee 5237 2008.02.25 -
Microsoft 1.3204 2008.02.26 -
NOD32v2 2902 2008.02.26 -
Norman 5.80.02 2008.02.25 -
Panda 9.0.0.4 2008.02.25 -
Prevx1 V2 2008.02.26 -
Rising 20.33.12.00 2008.02.26 -
Sophos 4.27.0 2008.02.26 -
Sunbelt 3.0.893.0 2008.02.23 -
Symantec 10 2008.02.26 -
TheHacker 6.2.9.229 2008.02.25 -
VirusBuster 4.3.26:9 2008.02.25 -
Webwasher-Gateway 6.6.2 2008.02.26 -
Additional information
File size: 180224 bytes
MD5: 359ed5104d78dec90e0ceef4d32f749d
SHA1: 6ee451b304a00e3d05ec28858dfa9177ed1d12dc
PEiD: -









File suppress_explorer.exe received on 02.26.2008 13:00:46 (CET)
Antivirus Version Last Update Result
AhnLab-V3 2008.2.22.0 2008.02.26 -
AntiVir 7.6.0.67 2008.02.26 -
Authentium 4.93.8 2008.02.26 -
Avast 4.7.1098.0 2008.02.25 -
AVG 7.5.0.516 2008.02.26 -
BitDefender 7.2 2008.02.26 -
CAT-QuickHeal 9.50 2008.02.26 -
ClamAV 0.92.1 2008.02.26 -
DrWeb 4.44.0.09170 2008.02.26 -
eSafe 7.0.15.0 2008.02.26 -
eTrust-Vet 31.3.5564 2008.02.26 -
Ewido 4.0 2008.02.26 -
FileAdvisor 1 2008.02.26 -
Fortinet 3.14.0.0 2008.02.26 -
F-Prot 4.4.2.54 2008.02.25 -
F-Secure 6.70.13260.0 2008.02.26 -
Ikarus T3.1.1.20 2008.02.26 -
Kaspersky 7.0.0.125 2008.02.26 -
McAfee 5237 2008.02.25 -
Microsoft 1.3204 2008.02.26 -
NOD32v2 2902 2008.02.26 -
Norman 5.80.02 2008.02.25 -
Panda 9.0.0.4 2008.02.25 -
Prevx1 V2 2008.02.26 -
Rising 20.33.12.00 2008.02.26 -
Sophos 4.27.0 2008.02.26 -
Sunbelt 3.0.893.0 2008.02.23 -
Symantec 10 2008.02.26 -
TheHacker 6.2.9.229 2008.02.25 -
VBA32 3.12.6.2 2008.02.26 -
VirusBuster 4.3.26:9 2008.02.25 -
Webwasher-Gateway 6.6.2 2008.02.26 -
Additional information
File size: 81920 bytes
MD5: ecd87e69a4cfcbf6ea205d037185e363
SHA1: 44d9c99ee0a49f54a2179dc29fffa370da12e9c9
PEiD: -

Antivirus Version Last Update Result
AhnLab-V3 2008.2.22.0 2008.02.26 -
AntiVir 7.6.0.67 2008.02.26 -
Authentium 4.93.8 2008.02.26 -
Avast 4.7.1098.0 2008.02.25 -
AVG 7.5.0.516 2008.02.26 -
BitDefender 7.2 2008.02.26 -
CAT-QuickHeal 9.50 2008.02.26 -
ClamAV 0.92.1 2008.02.26 -
DrWeb 4.44.0.09170 2008.02.26 -
eSafe 7.0.15.0 2008.02.26 -
eTrust-Vet 31.3.5564 2008.02.26 -
Ewido 4.0 2008.02.26 -
FileAdvisor 1 2008.02.26 -
Fortinet 3.14.0.0 2008.02.26 -
F-Prot 4.4.2.54 2008.02.25 -
F-Secure 6.70.13260.0 2008.02.26 -
Ikarus T3.1.1.20 2008.02.26 -
Kaspersky 7.0.0.125 2008.02.26 -
McAfee 5237 2008.02.25 -
Microsoft 1.3204 2008.02.26 -
NOD32v2 2902 2008.02.26 -
Norman 5.80.02 2008.02.25 -
Panda 9.0.0.4 2008.02.25 -
Prevx1 V2 2008.02.26 -
Rising 20.33.12.00 2008.02.26 -
Sophos 4.27.0 2008.02.26 -
Sunbelt 3.0.893.0 2008.02.23 -
Symantec 10 2008.02.26 -
TheHacker 6.2.9.229 2008.02.25 -
VBA32 3.12.6.2 2008.02.26 -
VirusBuster 4.3.26:9 2008.02.25 -
Webwasher-Gateway 6.6.2 2008.02.26 -

Additional information
File size: 81920 bytes
MD5: ecd87e69a4cfcbf6ea205d037185e363
SHA1: 44d9c99ee0a49f54a2179dc29fffa370da12e9c9
PEiD: -
  • 0

Advertisements


#26
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Those are funy names but they are not infected so we will leave them.
==================
Fix these 2 entries with Hijackthis:
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - ~EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

================================================================
  • Make sure you have an Internet Connection.
  • Double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Click on the CleanUp! button
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OtMoveit2 to rech the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.
=======
Uninstall MalwareBytes antimalware and anything else we used exceopt for the anti virus program.
===========================================================
Then I will need you to reset your System Restore points.

How to Turn On and Turn Off System Restore in Windows XP
http://support.micro...kb/310405/en-us
=====================================================================
Let me know how things are running ?
  • 0

#27
archiep

archiep

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
heres the hicjack log hope it looks good


Logfile of HijackThis v1.99.1
Scan saved at 3:25:49 AM, on 2/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
C:\windows\System32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\windows\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\MsPMSPSv.exe
c:\windows\system32\ZuneBusEnum.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\windows\system32\CTHELPER.EXE
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\wscntfy.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\hijack\show.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://start.earthlink.net/AL/Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.earthlink.net/AL/Search
R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\ElnIE.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.0 RC 16\RivaTuner.exe" /S
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O4 - Startup: MEMonitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: EarthLink Google Search - res://C:\Program Files\EarthLink TotalAccess\Toolbar\SearchUI.dll/search.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.att.net
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1190602144718
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1190602136046
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A495B349-F9C1-41DA-97A4-08CF9B44E62D}: NameServer = 64.105.132.250,64.105.166.122
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\windows\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: EarthLink Monitor Service (EarthLinkMonitor) - Boingo Wireless, Inc. - C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)

Edited by archiep, 28 February 2008 - 05:26 AM.

  • 0

#28
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Your log is clean. :)

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein ->Here

================================================
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If your the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0

#29
archiep

archiep

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
thanks
  • 0

#30
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP