1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Virus cripples CPU and redirects Ebay Login to phishing site

Discussion in 'Malware and Virus Removal Archive' started by macoons, 2010/04/03.

Page 3 of 3
  1. 2010/04/10
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    All looks clean.
    All those files are from quarantine folders, or restore points, so, harmless.
    Before we make another step....how is your computer doing at the moment?
     
    broni,
    #41
  2. 2010/04/10
    macoons

    macoons Inactive Thread Starter

    Joined:
    2010/03/31
    Messages:
    44
    Likes Received:
    0
    Performance is very much improved; it may be completely "normal" but that is a hard measure to quantify. When I set it next to my laptop which is running a Celeron M and 1G of ram and compare response times and CPU usages to program openings (i.e. opening Mircosoft Word, Moviemaker, Powerpoint, etc..) the two computers are very similar. It appears completely stable in standard mode.
     
    macoons,
    #42


  3. to hide this advert.

  4. 2010/04/10
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Very good :)
    Using OTM, which you already have on your computer....



    • Please double-click OTM to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
    • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    Code:
    :Processes

:Services

:Reg
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\domainprofile\Global lyOpenPorts\List]
 "65533:TCP "=-
 "52344:TCP "=-
 "4631:TCP "=-
 "7762:TCP "=-

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List]
 "65533:TCP "=-
 "52344:TCP "=-
 "4631:TCP "=-
 "7762:TCP "=-

:Files
      
:Commands
[purity]
[resethosts]
[emptytemp]
[Reboot]
    • Return to OTM, right click in the Paste Instructions for Items to be Movedwindow (under the yellow bar) and choose Paste.
    • Click the red Moveit! button.
    • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
    • Close OTM and reboot your PC.

    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
     
    broni,
    #43
  5. 2010/04/10
    macoons

    macoons Inactive Thread Starter

    Joined:
    2010/03/31
    Messages:
    44
    Likes Received:
    0
    All processes killed
    ========== PROCESSES ==========
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    Registry key HKEY_LOCAL_MACHINE\~\services\sharedaccess\parameters\firewallpolicy\domainprofile\Global lyOpenPorts\List not found.
    Registry key HKEY_LOCAL_MACHINE\~\services\sharedaccess\parameters\firewallpolicy\domainprofile\Global lyOpenPorts\List not found.
    Registry key HKEY_LOCAL_MACHINE\~\services\sharedaccess\parameters\firewallpolicy\domainprofile\Global lyOpenPorts\List not found.
    Registry key HKEY_LOCAL_MACHINE\~\services\sharedaccess\parameters\firewallpolicy\domainprofile\Global lyOpenPorts\List not found.
    Registry key HKEY_LOCAL_MACHINE\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List not found.
    Registry key HKEY_LOCAL_MACHINE\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List not found.
    Registry key HKEY_LOCAL_MACHINE\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List not found.
    Registry key HKEY_LOCAL_MACHINE\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List not found.
    ========== FILES ==========
    ========== COMMANDS ==========
    C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: All Users

    User: Aspen Coons
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Carolyn Coons
    ->Temp folder emptied: 41915273 bytes
    ->Temporary Internet Files folder emptied: 2861751 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 405 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Guest
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Jonathan Coons
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Mark Coons
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Owner

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 146173 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 6408016 bytes

    Total Files Cleaned = 49.00 mb


    OTM by OldTimer - Version 3.1.10.1 log created on 04102010_205151

    Files moved on Reboot...

    Registry entries deleted on Reboot...
     
    macoons,
    #44
  6. 2010/04/10
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    I hate this board glitch, which enters a space after so many characters. That's why the script didn't work.

    Let's try again with correct script:

    Code:
    :Processes

:Services

:Reg
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\domainprofile\GloballyOpenPorts\List]
 "65533:TCP "=-
 "52344:TCP "=-
 "4631:TCP "=-
 "7762:TCP "=-

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
 "65533:TCP "=-
 "52344:TCP "=-
 "4631:TCP "=-
 "7762:TCP "=-

:Files
      
:Commands
[purity]
[resethosts]
[emptytemp]
[Reboot]
     
    broni,
    #45
  7. 2010/04/11
    macoons

    macoons Inactive Thread Starter

    Joined:
    2010/03/31
    Messages:
    44
    Likes Received:
    0
    All processes killed
    ========== PROCESSES ==========
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    Registry key HKEY_LOCAL_MACHINE\~\services\sharedaccess\parameters\firewallpolicy\domainprofile\Global lyOpenPorts\List not found.
    Registry key HKEY_LOCAL_MACHINE\~\services\sharedaccess\parameters\firewallpolicy\domainprofile\Global lyOpenPorts\List not found.
    Registry key HKEY_LOCAL_MACHINE\~\services\sharedaccess\parameters\firewallpolicy\domainprofile\Global lyOpenPorts\List not found.
    Registry key HKEY_LOCAL_MACHINE\~\services\sharedaccess\parameters\firewallpolicy\domainprofile\Global lyOpenPorts\List not found.
    Registry key HKEY_LOCAL_MACHINE\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List not found.
    Registry key HKEY_LOCAL_MACHINE\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List not found.
    Registry key HKEY_LOCAL_MACHINE\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List not found.
    Registry key HKEY_LOCAL_MACHINE\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List not found.
    ========== FILES ==========
    ========== COMMANDS ==========
    C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: All Users

    User: Aspen Coons
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Carolyn Coons
    ->Temp folder emptied: 99550 bytes
    ->Temporary Internet Files folder emptied: 1313498 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Guest
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Jonathan Coons
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Mark Coons
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Owner

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 96 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 1.00 mb


    OTM by OldTimer - Version 3.1.10.1 log created on 04102010_221628

    Files moved on Reboot...
    C:\Documents and Settings\Carolyn Coons\Local Settings\Temp\Google Toolbar\GoogleToolbarWelcome.log moved successfully.
    File C:\Documents and Settings\Carolyn Coons\Local Settings\Temp\~DF71AF.tmp not found!
    File C:\Documents and Settings\Carolyn Coons\Local Settings\Temp\~DF7B1.tmp not found!
    File C:\Documents and Settings\Carolyn Coons\Local Settings\Temp\~DF8E2.tmp not found!
    File C:\Documents and Settings\Carolyn Coons\Local Settings\Temp\~DF9D7.tmp not found!
    File C:\Documents and Settings\Carolyn Coons\Local Settings\Temp\~DFAE6.tmp not found!
    File C:\Documents and Settings\Carolyn Coons\Local Settings\Temp\~DFE3AF.tmp not found!
    C:\Documents and Settings\Carolyn Coons\Local Settings\Temporary Internet Files\Content.IE5\YVUMFYSP\iframescript[1].htm moved successfully.
    C:\Documents and Settings\Carolyn Coons\Local Settings\Temporary Internet Files\Content.IE5\UW3EIF28\iframescript[1].htm moved successfully.
    C:\Documents and Settings\Carolyn Coons\Local Settings\Temporary Internet Files\Content.IE5\UW3EIF28\iframescript[2].htm moved successfully.
    C:\Documents and Settings\Carolyn Coons\Local Settings\Temporary Internet Files\Content.IE5\QNQX8ZZ3\92247-active-virus-cripples-cpu-redirects-ebay-login-phishing-site-3[1].html moved successfully.
    C:\Documents and Settings\Carolyn Coons\Local Settings\Temporary Internet Files\Content.IE5\QNQX8ZZ3\iframescript[1].htm moved successfully.
    C:\Documents and Settings\Carolyn Coons\Local Settings\Temporary Internet Files\Content.IE5\27PGY6KF\iframescript[1].htm moved successfully.

    Registry entries deleted on Reboot...
     
    macoons,
    #46
  8. 2010/04/11
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    That's good news. It means, there are no open ports.

    Now I want you to turn computer off, reconnect it to the internet, restart it and see how it behaves.

    If everything seems to be fine...

    1. Download Temp File Cleaner (TFC)
    Double click on TFC.exe to run the program.
    Click on Start button to begin cleaning process.
    TFC will close all running programs, and it may ask you to restart computer.


    2. Go to Kaspersky website and perform an online antivirus scan.

    1. Disable your active antivirus program.
    2. Read through the requirements and privacy statement and click on Accept button.
    3. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
    4. When the downloads have finished, click on Settings.
    5. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

    • Spyware, Adware, Dialers, and other potentially dangerous programs
      [*] Archives
      [*] Mail databases
    6. Click on My Computer under Scan.
    7. Once the scan is complete, it will display the results. Click on View Scan Report.
    8. You will see a list of infected items there. Click on Save Report As....
    9. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

    Post fresh HijackThis log as well.
     
    broni,
    #47
  9. 2010/04/11
    macoons

    macoons Inactive Thread Starter

    Joined:
    2010/03/31
    Messages:
    44
    Likes Received:
    0
    Had to switch to a difffenern't user profile (also had administrator privileges) to get Kaspersky to run. It kept saying that Java was being interupted. Anyway, here are the two logs:

    --------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER 7.0: scan report
    Sunday, April 11, 2010
    Operating system: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
    Kaspersky Online Scanner version: 7.0.26.13
    Last database update: Sunday, April 11, 2010 04:32:50
    Records in database: 3934127
    --------------------------------------------------------------------------------

    Scan settings:
    scan using the following database: extended
    Scan archives: yes
    Scan e-mail databases: yes

    Scan area - My Computer:
    C:\
    D:\
    E:\

    Scan statistics:
    Objects scanned: 207835
    Threats found: 4
    Infected objects found: 11
    Suspicious objects found: 0
    Scan duration: 04:47:45


    File name / Threat / Threats count
    C:\HelpAsst_backup\C\DOCUME~1\HELPAS~1.003\Local Settings\Temporary Internet Files\Content.IE5\5GFI91IJ\s002106201317r0409X94a5f477Ydf1d9782Z0100f080[1].pdf Infected: Exploit.JS.Pdfka.byp 1
    C:\HelpAsst_backup\C\DOCUME~1\HELPAS~1.003\Local Settings\Temporary Internet Files\Content.IE5\NV5AVA5J\n002106201r0409X94a5f474Ydf1d9782Z0100f080316P000001070[1] Infected: Packed.Win32.Katusha.j 1
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP179\A0015418.exe Infected: Packed.Win32.Katusha.j 1
    C:\_OTM\MovedFiles\04052010_074828\c_documents and settings\HelpAssistant\Local Settings\Temporary Internet Files\Content.IE5\BZK0QKEQ\s002106201317r0409X54993238Y1f2a5606Z0100f080[1].pdf Infected: Exploit.JS.Pdfka.byr 1
    C:\_OTM\MovedFiles\04052010_074828\c_documents and settings\HelpAssistant\Local Settings\Temporary Internet Files\Content.IE5\NOH8S0RS\oH9ae1f9c1V0100f080006R395ac1e6102Td1682193201l0409K7596584e317[1].pdf Infected: Exploit.JS.Pdfka.bqo 1
    C:\_OTM\MovedFiles\04072010_221357\C_Documents and Settings\HelpAssistant.MOMSDELL\Local Settings\Temporary Internet Files\Content.IE5\5GFI91IJ\s002106201317r0409X94a5f477Ydf1d9782Z0100f080[1].pdf Infected: Exploit.JS.Pdfka.byp 1
    C:\_OTM\MovedFiles\04072010_221357\C_Documents and Settings\HelpAssistant.MOMSDELL\Local Settings\Temporary Internet Files\Content.IE5\NV5AVA5J\n002106201r0409X94a5f474Ydf1d9782Z0100f080316P000001070[1] Infected: Packed.Win32.Katusha.j 1
    C:\_OTM\MovedFiles\04072010_221357\C_Documents and Settings\HelpAssistant.MOMSDELL.000\Local Settings\Temporary Internet Files\Content.IE5\5GFI91IJ\s002106201317r0409X94a5f477Ydf1d9782Z0100f080[1].pdf Infected: Exploit.JS.Pdfka.byp 1
    C:\_OTM\MovedFiles\04072010_221357\C_Documents and Settings\HelpAssistant.MOMSDELL.000\Local Settings\Temporary Internet Files\Content.IE5\NV5AVA5J\n002106201r0409X94a5f474Ydf1d9782Z0100f080316P000001070[1] Infected: Packed.Win32.Katusha.j 1
    C:\_OTM\MovedFiles\04072010_221357\C_Documents and Settings\HelpAssistant.MOMSDELL.001\Local Settings\Temporary Internet Files\Content.IE5\5GFI91IJ\s002106201317r0409X94a5f477Ydf1d9782Z0100f080[1].pdf Infected: Exploit.JS.Pdfka.byp 1
    C:\_OTM\MovedFiles\04072010_221357\C_Documents and Settings\HelpAssistant.MOMSDELL.001\Local Settings\Temporary Internet Files\Content.IE5\NV5AVA5J\n002106201r0409X94a5f474Ydf1d9782Z0100f080316P000001070[1] Infected: Packed.Win32.Katusha.j 1

    Selected area has been scanned.



    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 8:54:05 PM, on 4/11/2010
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\rundll32.exe
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O1 - Hosts: ÿþ127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe "
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe "
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Typer%20Shark/Images/stg_drm.ocx
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
    O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

    --
    End of file - 6453 bytes
     
    macoons,
    #48
  10. 2010/04/11
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    How is the computer doing overall?

    Please download OTM

    • Save it to your desktop.
    • Please double-click OTM to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
    • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    Code:
    :Processes

:Services

:Reg

:Files
C:\HelpAsst_backup\C\DOCUME~1\HELPAS~1.003\Local Settings\Temporary Internet Files\Content.IE5\5GFI91IJ\s002106201317r0409X94a5f477Ydf1d9782Z0100f080[1].pdf 
C:\HelpAsst_backup\C\DOCUME~1\HELPAS~1.003\Local Settings\Temporary Internet Files\Content.IE5\NV5AVA5J\n002106201r0409X94a5f474Ydf1d9782Z0100f080316P00 0001070[1]
      
:Commands
[purity]
[resethosts]
[emptytemp]
[Reboot]
    • Return to OTM, right click in the Paste Instructions for Items to be Movedwindow (under the yellow bar) and choose Paste.
    • Click the red Moveit! button.
    • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
    • Close OTM and reboot your PC.

    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
     
    broni,
    #49
  11. 2010/04/12
    macoons

    macoons Inactive Thread Starter

    Joined:
    2010/03/31
    Messages:
    44
    Likes Received:
    0
    Performance is good, system is stable.


    All processes killed
    ========== PROCESSES ==========
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    C:\HelpAsst_backup\C\DOCUME~1\HELPAS~1.003\Local Settings\Temporary Internet Files\Content.IE5\5GFI91IJ\s002106201317r0409X94a5f477Ydf1d9782Z0100f080[1].pdf moved successfully.
    File/Folder C:\HelpAsst_backup\C\DOCUME~1\HELPAS~1.003\Local Settings\Temporary Internet Files\Content.IE5\NV5AVA5J\n002106201r0409X94a5f474Ydf1d9782Z0100f080316P00 0001070[1] not found.
    ========== COMMANDS ==========
    C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: All Users

    User: Aspen Coons
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Carolyn Coons
    ->Temp folder emptied: 5122064 bytes
    ->Temporary Internet Files folder emptied: 4053582 bytes
    ->Java cache emptied: 5400 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Guest
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Jonathan Coons
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Mark Coons
    ->Temp folder emptied: 104197180 bytes
    ->Temporary Internet Files folder emptied: 2233075 bytes
    ->Java cache emptied: 128094 bytes
    ->Flash cache emptied: 405 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Owner

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 192 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 110.00 mb


    OTM by OldTimer - Version 3.1.10.1 log created on 04112010_221553

    Files moved on Reboot...
    C:\Documents and Settings\Carolyn Coons\Local Settings\Temp\Google Toolbar\GoogleToolbarWelcome.log moved successfully.
    File C:\Documents and Settings\Carolyn Coons\Local Settings\Temp\~DF1712.tmp not found!
    File C:\Documents and Settings\Carolyn Coons\Local Settings\Temp\~DF316D.tmp not found!
    File C:\Documents and Settings\Carolyn Coons\Local Settings\Temp\~DF3196.tmp not found!
    File C:\Documents and Settings\Carolyn Coons\Local Settings\Temp\~DF324F.tmp not found!
    File C:\Documents and Settings\Carolyn Coons\Local Settings\Temp\~DF3278.tmp not found!
    File C:\Documents and Settings\Carolyn Coons\Local Settings\Temp\~DFB96C.tmp not found!
    C:\Documents and Settings\Carolyn Coons\Local Settings\Temporary Internet Files\Content.IE5\PCPY0YRR\iframescript[1].htm moved successfully.
    C:\Documents and Settings\Carolyn Coons\Local Settings\Temporary Internet Files\Content.IE5\5F60N4AO\92247-active-virus-cripples-cpu-redirects-ebay-login-phishing-site-4[1].html moved successfully.

    Registry entries deleted on Reboot...
     
    macoons,
    #50
  12. 2010/04/12
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Very good :)

    Please download OTC to your desktop. It'll remove most tools and logs we used so far. If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

    • Double-click OTC.exe to run it. (Vista and 7 users, please right click on OTC and select "Run as an Administrator ")
    • Click on the CleanUp! button and follow the prompts.
    • You will be asked to reboot the machine to finish the Cleanup process, choose Yes. If it doesn't ask you to reboot, restart computer manually.
    • After the reboot all the tools we used should be gone.
    • The tool will delete itself once it finishes.


    I'm checking your final HJT log and I'll post with next set of instructions in a moment.
     
    broni,
    #51
  13. 2010/04/12
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Verify your Java version here: http://www.java.com/en/download/installed.jsp
    Update, if necessary.
    Uninstall all previous Java versions, through Add\Remove (Programs & Features in Vista).

    ================================================================

    Print this post out, since you won't have an access to it, at some point.

    1. Open HijackThis.

    2. Close all windows, except for HijackThis.

    3. Put checkmarks next to the following HijackThis entries:

    O1 - Hosts: ÿþ127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll


    4. You should also checkmark following entries (these are unnecessary startups; no actual programs will be removed):

    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe "


    5. Click on Fix checked button.

    6. Restart computer.

    7. Post new HijackThis log.
     
    broni,
    #52
  14. 2010/04/12
    macoons

    macoons Inactive Thread Starter

    Joined:
    2010/03/31
    Messages:
    44
    Likes Received:
    0
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 7:22:17 AM, on 4/12/2010
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\System32\svchost.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (file missing)
    O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe "
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Typer%20Shark/Images/stg_drm.ocx
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
    O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

    --
    End of file - 5777 bytes
     
    macoons,
    #53
  15. 2010/04/12
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Your computer is clean :)

    1. Turn off System Restore:

    - Windows XP:
    1. Click Start.
    2. Right-click the My Computer icon, and then click Properties.
    3. Click the System Restore tab.
    4. Check "Turn off System Restore ".
    5. Click Apply.
    6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
    7. Click OK.
    - Windows Vista and 7:
    1. Click Start.
    2. Right-click the Computer icon, and then click Properties.
    3. Click on System Protection under the Tasks column on the left side
    4. Click on Continue on the "User Account Control" window that pops up
    5. Under the System Protection tab, find Available Disks
    6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C: ")
    7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
    8. Click OK

    2. Restart computer.

    3. Turn System Restore on.

    4. Make sure, Windows Updates are current.

    5. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    7. Run defrag at your convenience.

    8. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    9. Please, let me know, how is your computer doing.
     
    broni,
    #54
  16. 2010/04/12
    macoons

    macoons Inactive Thread Starter

    Joined:
    2010/03/31
    Messages:
    44
    Likes Received:
    0
    Running great. Thanks so much for your help!
     
    macoons,
    #55
  17. 2010/04/12
    macoons

    macoons Inactive Thread Starter

    Joined:
    2010/03/31
    Messages:
    44
    Likes Received:
    0
    Ok, how do I mark this as Resolved?!?!
     
    macoons,
    #56
  18. 2010/04/12
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Wow!
    I assume, we're BOTH relieved....hehehehe
    Great news!

    In this forum, only I can mark it "Resolved ", which I'll be very glad to do :)

    I don't want to see you here anymore with any HelpAssistant infection...never....LOL...just kidding
    Stay safe :)
     
    broni,
    #57
Page 3 of 3

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...