Infected EeePC

S

stine1

New member
I have to clean a netbook by one of my friends and it is highly infected and I am frustrated.
Avira is blocked,uninstall or install do not work either.

Malwarebyte does find some things but can't remove them.

DDS can not run, both versions.

Spybot does not start after installation :confused:
 
Yes, I still need help.

My biggest problem is, that I do not know the BIOS password and the guy I have this netbook from and who wants me to clean is, does not respond. Very nice guy... Without this, I can't get into the secured mode to scan deeper or make the darn thing boot from a flash drive to format it :-(
 
See if you can get a copy of malwarebytes and combofix on there.
If they wont run after a normal boot up you can try running them in safe mode.
to reach safe mode you woudl tap the f8 key during a computer restart, chose the first option form the list: safe mode.

There is a guide to read first before using combofix, use it first then malwarebytes:

Guide to using Combofix

Please download the free version of Malwarebytes to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.

Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded, select Perform FULL SCAN, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.

Be sure that everything is checked, and click *Remove Selected.*

*A restart of your computer may be required to remove some items. If prompted please restart your computer to complete the fix.*

When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
Post the log in your reply.
 
hi, thank you very much for your answer.


I did use both programs, but could not close Avira Antivir for Combofix. It does not show on the taskbar and task manager is blocked, only available for administrator - I do not have the password *sigh*

safe mode did work.

Combofix log:

ComboFix 11-01-02.04 - User 03.01.2011 17:39:37.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.49.1031.18.2039.1707 [GMT 1:00]
ausgeführt von:: f:\dokumente und einstellungen\User\Desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {11638345-E4FC-4BEE-BB73-EC754659C5F6}
FW: Avira Firewall *Enabled* {11638345-E4FC-4BEE-BB73-EC754659C5F6}
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

f:\windows\Alcmtr.exe

.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ABP470N5
-------\Service_abp470n5


((((((((((((((((((((((( Dateien erstellt von 2010-12-03 bis 2011-01-03 ))))))))))))))))))))))))))))))
.

2011-01-03 16:24 . 2011-01-03 16:24 -------- dc----w- f:\programme\MSXML 4.0
2010-12-29 17:09 . 2006-08-21 09:14 23040 -c----w- f:\windows\system32\dllcache\fltmc.exe
2010-12-29 17:09 . 2006-08-21 09:14 128896 -c----w- f:\windows\system32\dllcache\fltmgr.sys
2010-12-29 16:24 . 2010-12-29 16:24 -------- dc----w- f:\dokumente und einstellungen\User\Anwendungsdaten\Media Player Classic
2010-12-29 16:00 . 2010-12-31 15:55 -------- dc----w- f:\programme\Spybot - Search & Destroy
2010-12-29 13:43 . 2009-11-21 16:37 470528 -c----w- f:\windows\system32\dllcache\aclayers.dll
2010-12-29 13:43 . 2010-06-14 14:30 743936 -c----w- f:\windows\system32\dllcache\helpsvc.exe
2010-12-29 13:39 . 2010-02-12 10:03 367104 -c----w- f:\windows\system32\browserchoice.exe
2010-12-29 12:51 . 2010-12-29 12:51 -------- dc----w- f:\dokumente und einstellungen\User\Anwendungsdaten\Malwarebytes
2010-12-29 12:47 . 2010-12-20 17:09 38224 -c--a-w- f:\windows\system32\drivers\mbamswissarmy.sys
2010-12-29 12:47 . 2010-12-29 12:47 -------- dc----w- f:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2010-12-29 12:47 . 2010-12-20 17:08 20952 -c--a-w- f:\windows\system32\drivers\mbam.sys

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AsusTray"="f:\programme\EeePC\ACPI\AsTray.exe" [2008-03-27 180224]
"AsusACPIServer"="f:\programme\EeePC\ACPI\AsAcpiSvr.exe" [2008-03-20 700416]
"IgfxTray"="f:\windows\system32\igfxtray.exe" [2006-10-08 167936]
"HotKeysCmds"="f:\windows\system32\hkcmd.exe" [2006-10-08 188416]
"Persistence"="f:\windows\system32\igfxpers.exe" [2006-10-08 176128]
"RTHDCPL"="RTHDCPL.EXE" [2008-03-06 16858112]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="f:\windows\system32\CTFMON.EXE" [2006-02-28 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"l:\\Skype\\Phone\\Skype.exe"=
"k:\\FirefoxPortable\\FirefoxPortable.exe"=
"f:\\WINDOWS\\RTHDCPL.EXE"=
"f:\\WINDOWS\\system32\\wuauclt.exe"=
"l:\\Programme\\Malwarebytes' Anti-Malware\\mbam.exe"=
"f:\\WINDOWS\\system32\\igfxext.exe"=
"f:\\WINDOWS\\system32\\igfxpers.exe"=
"f:\\WINDOWS\\system32\\WgaTray.exe"=
"f:\\Programme\\EeePC\\ACPI\\AsAcpiSvr.exe"=
"f:\\DOKUME~1\\User\\LOKALE~1\\Temp\\bwkah.exe"=
"f:\\DOKUME~1\\User\\LOKALE~1\\Temp\\acit.exe"=
"f:\\DOKUME~1\\User\\LOKALE~1\\Temp\\w77c52.exe"=
"f:\\DOKUME~1\\User\\LOKALE~1\\Temp\\msex.exe"=

R1 avfwot;avfwot;f:\windows\system32\drivers\avfwot.sys [27.03.2009 22:40 97608]
R3 avfwim;AvFw Packet Filter Miniport;f:\windows\system32\drivers\avfwim.sys [27.03.2009 22:40 69632]
S1 SBRE;SBRE;\??\f:\windows\system32\drivers\SBREdrv.sys --> f:\windows\system32\drivers\SBREdrv.sys [?]
S2 AntiVirFirewallService;Avira Firewall;f:\programme\Avira\AntiVir Desktop\avfwsvc.exe [27.03.2009 22:40 388865]
S2 AntiVirMailService;Avira AntiVir MailGuard;f:\programme\Avira\AntiVir Desktop\avmailc.exe [27.03.2009 22:40 194817]
S2 AntiVirSchedulerService;Avira AntiVir Planer;f:\programme\Avira\AntiVir Desktop\sched.exe [27.03.2009 22:40 108289]
S2 AntiVirWebService;Avira AntiVir WebGuard;f:\programme\Avira\AntiVir Desktop\avwebgrd.exe [27.03.2009 22:40 434945]
S3 brfilt;Brother MFC-Filtertreiber;f:\windows\system32\drivers\BrFilt.sys [04.03.2009 19:53 2944]
S3 BrSerWDM;Brother-Treiber (seriell);f:\windows\system32\drivers\BrSerWdm.sys [04.03.2009 19:53 60416]
S3 BrUsbMdm;Brother MFC-nur-Fax-Modem (USB);f:\windows\system32\drivers\BrUsbMdm.sys [04.03.2009 19:53 11008]
S3 cjusb;REINER SCT cyberJack pinpad/e-com USB;f:\windows\system32\drivers\cjusb.sys [10.04.2009 08:19 23040]
S3 hwusbdev;Huawei DataCard USB PNP Device;f:\windows\system32\DRIVERS\ewusbdev.sys --> f:\windows\system32\DRIVERS\ewusbdev.sys [?]

--- Andere Dienste/Treiber im Speicher ---

*NewlyCreated* - ABP470N5
.
Inhalt des "geplante Tasks" Ordners
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
LSP: f:\programme\Avira\AntiVir Desktop\avsda.dll
FF - ProfilePath - f:\dokumente und einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\co6so1uy.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - f:\programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

MSConfigStartUp-QuickTime Task - f:\programme\QuickTime\QTTask.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-03 17:54
Windows 5.1.2600 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'lsass.exe'(748)
f:\programme\Avira\AntiVir Desktop\avsda.dll

- - - - - - - > 'explorer.exe'(2568)
f:\windows\system32\shdoclc.dll
f:\windows\system32\WPDShServiceObj.dll
f:\windows\system32\PortableDeviceTypes.dll
f:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
f:\windows\System32\SCardSvr.exe
f:\windows\RTHDCPL.EXE
f:\windows\system32\igfxsrvc.exe
f:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
f:\programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe
f:\windows\system32\igfxext.exe
f:\windows\system32\NOTEPAD.EXE
f:\dokume~1\User\LOKALE~1\Temp\bwkah.exe
f:\dokume~1\User\LOKALE~1\Temp\acit.exe
f:\dokume~1\User\LOKALE~1\Temp\w77c52.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-01-03 18:04:38 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2011-01-03 17:04

Vor Suchlauf: 320.647.168 Bytes frei
Nach Suchlauf: 231.641.088 Bytes frei

WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 3950B805F18CB302E93E5F942B6CE854
Click to expand...


MBAM log:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5415

Windows 5.1.2600 Service Pack 2 (Safe Mode)
Internet Explorer 6.0.2900.2180

03.01.2011 18:54:34
mbam-log-2011-01-03 (18-54-34).txt

Art des Suchlaufs: Vollständiger Suchlauf (F:\|K:\|L:\|)
Durchsuchte Objekte: 147491
Laufzeit: 30 Minute(n), 12 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 5
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (PUM.Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Click to expand...
 
ok so far so good.

task manager is blocked, only available for administrator
Click to expand...
Malware does this via a registry hack

should be ok now:
Policies\System\DisableTaskMgr
Click to expand...

In safe mode or after a normal boot up:
go to run>start and type in the run box:

%temp%
click ok or enter, delete whats in the temp folder

are you able to boot the computer normally now? If so: check malwarebytes for updates then do another scan with it.
Can you get DDS to produce a log?
 
DDS does work now, here the log and attachment. I will do MBAM scan now and reply again.

I can start normally now but it is still strange.
I connect to the internet via wi-fi now. But sometimes a window for dial-uo connection pops up.
Before I had started this thread, I had a programme called CounterSpy installed and when such a pop up came, it warned about a Trojan - 3 times with 3 different .exe files. Stupid me did not note down the file names.

I am telling you this as I still get the dial up pop ups :red:


DDS (Ver_10-12-12.02) - NTFSx86
Run by User at 18:55:02,76 on 05.01.2011
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.49.1031.18.2039.1642 [GMT 1:00]

AV: AntiVir Desktop *Enabled/Updated* {11638345-E4FC-4BEE-BB73-EC754659C5F6}
FW: Avira Firewall *Enabled*

============== Running Processes ===============

F:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
F:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\Explorer.EXE
F:\Programme\EeePC\ACPI\AsTray.exe
F:\Programme\EeePC\ACPI\AsAcpiSvr.exe
F:\WINDOWS\system32\igfxtray.exe
F:\WINDOWS\system32\igfxpers.exe
F:\WINDOWS\RTHDCPL.EXE
F:\WINDOWS\system32\igfxsrvc.exe
F:\WINDOWS\system32\igfxext.exe
svchost.exe
F:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
F:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe
F:\WINDOWS\system32\svchost.exe -k imgsvc
F:\Programme\Mozilla Firefox\firefox.exe
F:\DOKUME~1\User\LOKALE~1\Temp\vfuxux.exe
F:\Dokumente und Einstellungen\User\Eigene Dateien\Downloads\dds.scr
F:\DOKUME~1\User\LOKALE~1\Temp\cqdamb.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.de/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mRun: [AsusTray] f:\programme\eeepc\acpi\AsTray.exe
mRun: [AsusACPIServer] f:\programme\eeepc\acpi\AsAcpiSvr.exe
mRun: [IgfxTray] f:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] f:\windows\system32\hkcmd.exe
mRun: [Persistence] f:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
dRun: [CTFMON.EXE] f:\windows\system32\CTFMON.EXE
uPolicies-system: DisableTaskMgr = 1 (0x1)
uPolicies-system: DisableRegistryTools = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
LSP: f:\programme\avira\antivir desktop\avsda.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - f:\programme\gemeinsame dateien\microsoft shared\web folders\PKMCDO.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - f:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - f:\dokume~1\user\anwend~1\mozilla\firefox\profiles\co6so1uy.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - f:\programme\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

============= SERVICES / DRIVERS ===============

R1 avfwot;avfwot;f:\windows\system32\drivers\avfwot.sys [2009-3-27 97608]
R1 avgio;avgio;f:\programme\avira\antivir desktop\avgio.sys [2009-3-27 11608]
R2 avgntflt;avgntflt;f:\windows\system32\drivers\avgntflt.sys [2009-3-27 55640]
R3 abp470n5;abp470n5;\??\f:\windows\system32\drivers\gihnfo.sys --> f:\windows\system32\drivers\gihnfo.sys [?]
R3 avfwim;AvFw Packet Filter Miniport;f:\windows\system32\drivers\avfwim.sys [2009-3-27 69632]
S1 SBRE;SBRE;\??\f:\windows\system32\drivers\sbredrv.sys --> f:\windows\system32\drivers\SBREdrv.sys [?]
S2 AntiVirFirewallService;Avira Firewall;f:\programme\avira\antivir desktop\avfwsvc.exe [2009-3-27 388865]
S2 AntiVirMailService;Avira AntiVir MailGuard;f:\programme\avira\antivir desktop\avmailc.exe [2009-3-27 194817]
S2 AntiVirSchedulerService;Avira AntiVir Planer;f:\programme\avira\antivir desktop\sched.exe [2009-3-27 108289]
S2 AntiVirService;Avira AntiVir Guard;f:\programme\avira\antivir desktop\avguard.exe [2009-3-27 185089]
S2 AntiVirWebService;Avira AntiVir WebGuard;f:\programme\avira\antivir desktop\avwebgrd.exe [2009-3-27 434945]
S3 brfilt;Brother MFC-Filtertreiber;f:\windows\system32\drivers\BrFilt.sys [2009-3-4 2944]
S3 BrSerWDM;Brother-Treiber (seriell);f:\windows\system32\drivers\BrSerWdm.sys [2009-3-4 60416]
S3 BrUsbMdm;Brother MFC-nur-Fax-Modem (USB);f:\windows\system32\drivers\BrUsbMdm.sys [2009-3-4 11008]
S3 cjusb;REINER SCT cyberJack pinpad/e-com USB;f:\windows\system32\drivers\cjusb.sys [2009-4-10 23040]
S3 hwusbdev;Huawei DataCard USB PNP Device;f:\windows\system32\drivers\ewusbdev.sys --> f:\windows\system32\drivers\ewusbdev.sys [?]

=============== Created Last 30 ================

2011-01-03 16:36:17 -------- dcsha-r- F:\cmdcons
2011-01-03 16:33:12 98816 -c--a-w- f:\windows\sed.exe
2011-01-03 16:33:12 89088 -c--a-w- f:\windows\MBR.exe
2011-01-03 16:33:12 256512 -c--a-w- f:\windows\PEV.exe
2011-01-03 16:33:12 161792 -c--a-w- f:\windows\SWREG.exe
2011-01-03 16:24:37 -------- dc----w- f:\programme\MSXML 4.0
2010-12-29 17:09:55 23040 -c----w- f:\windows\system32\dllcache\fltmc.exe
2010-12-29 17:09:54 128896 -c----w- f:\windows\system32\dllcache\fltmgr.sys
2010-12-29 16:00:07 -------- dc----w- f:\programme\Spybot - Search & Destroy
2010-12-29 13:43:26 470528 -c----w- f:\windows\system32\dllcache\aclayers.dll
2010-12-29 13:43:13 743936 -c----w- f:\windows\system32\dllcache\helpsvc.exe
2010-12-29 13:39:40 367104 -c----w- f:\windows\system32\browserchoice.exe
2010-12-29 12:51:50 -------- dc----w- f:\dokume~1\user\anwend~1\Malwarebytes
2010-12-29 12:47:38 38224 -c--a-w- f:\windows\system32\drivers\mbamswissarmy.sys
2010-12-29 12:47:35 -------- dc----w- f:\dokume~1\alluse~1\anwend~1\Malwarebytes
2010-12-29 12:47:32 20952 -c--a-w- f:\windows\system32\drivers\mbam.sys

==================== Find3M ====================


============= FINISH: 19:02:08,93 ===============
Click to expand...
 
MBAM log:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5464

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

05.01.2011 19:43:13
mbam-log-2011-01-05 (19-43-08).txt

Art des Suchlaufs: Vollständiger Suchlauf (F:\|K:\|L:\|)
Durchsuchte Objekte: 148996
Laufzeit: 8 Minute(n), 44 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 5
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (PUM.Hijack.Regedit) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Click to expand...
 
ok lets get another download to use. Its called combofix, there is a guide to read first before you use it. Read through the guide then apply the directions on your own machine. Post the combofix log.

Guide to using Combofix


I still get the dial up pop ups
Click to expand...
This is a windows popup trying to get your old school modem to dial out a connection?
 
shelf life said:
This is a windows popup trying to get your old school modem to dial out a connection?
Click to expand...

Yes it is.

Here is the Combofix log. I am still not able to run, close or deinstall Avira Antivir:

ComboFix 11-01-06.01 - User 06.01.2011 18:39:03.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.49.1031.18.2039.1595 [GMT 1:00]
ausgeführt von:: f:\dokumente und einstellungen\User\Eigene Dateien\Downloads\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {11638345-E4FC-4BEE-BB73-EC754659C5F6}
FW: Avira Firewall *Enabled* {11638345-E4FC-4BEE-BB73-EC754659C5F6}
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ABP470N5
-------\Service_abp470n5


((((((((((((((((((((((( Dateien erstellt von 2010-12-06 bis 2011-01-06 ))))))))))))))))))))))))))))))
.

2011-01-03 16:24 . 2011-01-03 16:24 -------- dc----w- f:\programme\MSXML 4.0
2010-12-29 17:09 . 2006-08-21 09:14 23040 -c----w- f:\windows\system32\dllcache\fltmc.exe
2010-12-29 17:09 . 2006-08-21 09:14 128896 -c----w- f:\windows\system32\dllcache\fltmgr.sys
2010-12-29 16:24 . 2010-12-29 16:24 -------- dc----w- f:\dokumente und einstellungen\User\Anwendungsdaten\Media Player Classic
2010-12-29 13:43 . 2009-11-21 16:37 470528 -c----w- f:\windows\system32\dllcache\aclayers.dll
2010-12-29 13:43 . 2010-06-14 14:30 743936 -c----w- f:\windows\system32\dllcache\helpsvc.exe
2010-12-29 13:39 . 2010-02-12 10:03 367104 -c----w- f:\windows\system32\browserchoice.exe
2010-12-29 12:51 . 2010-12-29 12:51 -------- dc----w- f:\dokumente und einstellungen\User\Anwendungsdaten\Malwarebytes
2010-12-29 12:47 . 2010-12-20 17:09 38224 -c--a-w- f:\windows\system32\drivers\mbamswissarmy.sys
2010-12-29 12:47 . 2010-12-29 12:47 -------- dc----w- f:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2010-12-29 12:47 . 2010-12-20 17:08 20952 -c--a-w- f:\windows\system32\drivers\mbam.sys

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

------- Sigcheck -------

[7] 2009-08-06 . 62BB79160F86CD962F312C68C6239BFD . 53472 . . [7.4.7600.226] . . f:\windows\ERDNT\cache\wuauclt.exe
[-] 2009-08-06 . 9F6802B4DBD0B87D72A4C72D9D4AF957 . 127200 . . [7.4.7600.226] . . f:\windows\system32\wuauclt.exe
[7] 2009-08-06 . 62BB79160F86CD962F312C68C6239BFD . 53472 . . [7.4.7600.226] . . f:\windows\system32\dllcache\wuauclt.exe
[-] 2008-04-14 . 65E60C18DDB0215C201FF75E32D564C8 . 111616 . . [5.4.3790.5512] . . f:\windows\SoftwareDistribution\Download\353532c428eb23a15c972081863622b7\wuauclt.exe

[7] 2008-12-19 . 15E8A89499741D5CF59A9CF6463A4339 . 634024 . . [7.00.6000.20978] . . f:\windows\SoftwareDistribution\Download\16035e76e7a72d3a2285fb1603a86010\SP2QFE\iexplore.exe
[7] 2008-12-19 . 030D78FE84A086ED376EFCBD2D72C522 . 634024 . . [7.00.6000.16791] . . f:\windows\SoftwareDistribution\Download\16035e76e7a72d3a2285fb1603a86010\SP2GDR\iexplore.exe
[7] 2008-08-23 . E8305C30D35E85D6657ED3E9934CB302 . 635848 . . [7.00.6000.20900] . . f:\windows\SoftwareDistribution\Download\d53a19238e3664857cfe3ba9425b011d\SP2QFE\iexplore.exe
[7] 2008-08-23 . 1F03216084447F990AE797317D0A6E70 . 635848 . . [7.00.6000.16735] . . f:\windows\ie7updates\KB961260-IE7\iexplore.exe
[7] 2008-08-23 . 1F03216084447F990AE797317D0A6E70 . 635848 . . [7.00.6000.16735] . . f:\windows\SoftwareDistribution\Download\d53a19238e3664857cfe3ba9425b011d\SP2GDR\iexplore.exe
[-] 2008-04-14 . 3BFE49B4CDFAC83B0F3C79412895A179 . 93184 . . [6.00.2900.5512] . . f:\windows\SoftwareDistribution\Download\353532c428eb23a15c972081863622b7\iexplore.exe
[7] 2006-02-28 . B39A6AF04A431E317C85BF061719E705 . 93184 . . [6.00.2900.2180] . . f:\windows\ERDNT\cache\iexplore.exe

.
((((((((((((((((((((((((((((( SnapShot@2011-01-03_16.52.44 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-01-06 17:51 . 2011-01-06 17:51 16384 f:\windows\temp\Perflib_Perfdata_dc4.dat
+ 2006-02-28 12:00 . 2006-02-28 12:00 414720 f:\windows\system32\zipfldr.dll
+ 2006-02-28 12:00 . 2006-02-28 12:00 210432 f:\windows\system32\taskmgr.exe
+ 2006-02-28 12:00 . 2006-02-28 12:00 107520 f:\windows\system32\rundll32.exe
+ 2008-12-29 12:10 . 2006-10-08 05:11 241664 f:\windows\system32\igfxtray.exe
+ 2008-12-29 12:10 . 2006-10-08 05:10 249856 f:\windows\system32\igfxpers.exe
+ 2008-12-29 12:10 . 2006-10-08 05:13 270336 f:\windows\system32\hkcmd.exe
+ 2006-02-28 12:00 . 2006-02-28 12:00 117248 f:\windows\system32\grpconv.exe
+ 2006-02-28 12:00 . 2006-02-28 12:00 135680 f:\windows\system32\cleanmgr.exe
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AsusTray"="f:\programme\EeePC\ACPI\AsTray.exe" [2008-03-27 258048]
"AsusACPIServer"="f:\programme\EeePC\ACPI\AsAcpiSvr.exe" [2008-03-20 700416]
"IgfxTray"="f:\windows\system32\igfxtray.exe" [2006-10-08 241664]
"HotKeysCmds"="f:\windows\system32\hkcmd.exe" [2006-10-08 270336]
"Persistence"="f:\windows\system32\igfxpers.exe" [2006-10-08 249856]
"RTHDCPL"="RTHDCPL.EXE" [2008-03-06 16858112]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="f:\windows\system32\CTFMON.EXE" [2006-02-28 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"l:\\Skype\\Phone\\Skype.exe"=
"k:\\FirefoxPortable\\FirefoxPortable.exe"=
"f:\\WINDOWS\\RTHDCPL.EXE"=
"f:\\WINDOWS\\system32\\wuauclt.exe"=
"l:\\Programme\\Malwarebytes' Anti-Malware\\mbam.exe"=
"f:\\WINDOWS\\system32\\igfxext.exe"=
"f:\\WINDOWS\\system32\\igfxpers.exe"=
"f:\\WINDOWS\\system32\\WgaTray.exe"=
"f:\\Programme\\EeePC\\ACPI\\AsAcpiSvr.exe"=
"f:\\DOKUME~1\\User\\LOKALE~1\\Temp\\wingwbtl.exe"=

R1 avfwot;avfwot;f:\windows\system32\drivers\avfwot.sys [27.03.2009 22:40 97608]
R3 avfwim;AvFw Packet Filter Miniport;f:\windows\system32\drivers\avfwim.sys [27.03.2009 22:40 69632]
S1 SBRE;SBRE;\??\f:\windows\system32\drivers\SBREdrv.sys --> f:\windows\system32\drivers\SBREdrv.sys [?]
S2 AntiVirFirewallService;Avira Firewall;f:\programme\Avira\AntiVir Desktop\avfwsvc.exe [27.03.2009 22:40 388865]
S2 AntiVirMailService;Avira AntiVir MailGuard;f:\programme\Avira\AntiVir Desktop\avmailc.exe [27.03.2009 22:40 194817]
S2 AntiVirSchedulerService;Avira AntiVir Planer;f:\programme\Avira\AntiVir Desktop\sched.exe [27.03.2009 22:40 108289]
S2 AntiVirWebService;Avira AntiVir WebGuard;f:\programme\Avira\AntiVir Desktop\avwebgrd.exe [27.03.2009 22:40 434945]
S3 brfilt;Brother MFC-Filtertreiber;f:\windows\system32\drivers\BrFilt.sys [04.03.2009 19:53 2944]
S3 BrSerWDM;Brother-Treiber (seriell);f:\windows\system32\drivers\BrSerWdm.sys [04.03.2009 19:53 60416]
S3 BrUsbMdm;Brother MFC-nur-Fax-Modem (USB);f:\windows\system32\drivers\BrUsbMdm.sys [04.03.2009 19:53 11008]
S3 cjusb;REINER SCT cyberJack pinpad/e-com USB;f:\windows\system32\drivers\cjusb.sys [10.04.2009 08:19 23040]
S3 hwusbdev;Huawei DataCard USB PNP Device;f:\windows\system32\DRIVERS\ewusbdev.sys --> f:\windows\system32\DRIVERS\ewusbdev.sys [?]

--- Andere Dienste/Treiber im Speicher ---

*NewlyCreated* - ABP470N5
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
LSP: f:\programme\Avira\AntiVir Desktop\avsda.dll
FF - ProfilePath - f:\dokumente und einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\co6so1uy.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - f:\programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-06 18:51
Windows 5.1.2600 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'lsass.exe'(748)
f:\programme\Avira\AntiVir Desktop\avsda.dll

- - - - - - - > 'explorer.exe'(2592)
f:\windows\system32\shdoclc.dll
f:\windows\system32\WPDShServiceObj.dll
f:\windows\system32\PortableDeviceTypes.dll
f:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
f:\windows\System32\SCardSvr.exe
f:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
f:\windows\RTHDCPL.EXE
f:\windows\system32\igfxsrvc.exe
f:\programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe
f:\windows\system32\igfxext.exe
f:\dokume~1\User\LOKALE~1\Temp\wingwbtl.exe
f:\dokume~1\User\LOKALE~1\Temp\wintxsw.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-01-06 18:56:53 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2011-01-06 17:56
ComboFix2.txt 2011-01-03 17:04

Vor Suchlauf: 269.037.568 Bytes frei
Nach Suchlauf: 289.955.840 Bytes frei

- - End Of File - - 7346000123FCCE5E46F0DA168E324C47
Click to expand...
 
hi,

do you want to uninstall Avira antivirus?
If so there is a removal tool under the support tool downloads here. avira removal tool

you dont use a dial up modem to get on the internet, correct?
 
Hey there,
I will try to uninstall it tomorrwo - can't work on the Netbook today - thanks for the tool. It is just strange that I can't see it in the task bar (bottom left), deinstall it or simply delete the files. Probably blocked by the viruses.


And yes, I do connect via wi-fi. But the owner sometimes uses a USB modem to connect via her mobile phone. And tjhe trojan/virus triggers this connection.
 
To help show all files you can do this:

FOr XP: on the desktop double click my computer,at the top click on> tools>folder options>view> then select "show hidden files and folders", then UNcheck "hide protected operating system files " also UNcheck "hide extensions for known file types" click apply to all folders, apply then ok

Next using explorer navigate to:

f:\\DOKUME~1\\User\\LOKALE~1\\Temp\\wingwbtl.exe"
f:\\DOKUME~1\\User\\LOKALE~1\\Temp\\bwkah.exe"=
"f:\\DOKUME~1\\User\\LOKALE~1\\Temp\\acit.exe"=
"f:\\DOKUME~1\\User\\LOKALE~1\\Temp\\w77c52.exe"=
"f:\\DOKUME~1\\User\\LOKALE~1\\Temp\\msex.exe"=

Thats; documents and settings\user\local settings\temp
Delete all of the above .exe inside the temp folder

next:
Go to Start > Run and type:cleanmgr. Windows will scan. When done check these 3 and press *ok* to remove:

Temporary Files
Temporary Internet Files
Recycle Bin

Go to start>run again and type in %temp%
delete what you can out of that folder

Run malwarebytes again and this time when malwarebytes is done reboot your computer at the prompt. It looks like you didnt reboot last time you ran it?

If you uninstalled Avira I wouldnt be to long with out a antivirus installed and updated.
 
Last edited:
shelf life said:
To help show all files you can do this:

FOr XP: on the desktop double click my computer,at the top click on> tools>folder options>view> then select "show hidden files and folders", then UNcheck "hide protected operating system files " also UNcheck "hide extensions for known file types" click apply to all folders, apply then ok
Click to expand...

Done.

shelf life said:
Next using explorer navigate to:

f:\\DOKUME~1\\User\\LOKALE~1\\Temp\\wingwbtl.exe"
f:\\DOKUME~1\\User\\LOKALE~1\\Temp\\bwkah.exe"=
"f:\\DOKUME~1\\User\\LOKALE~1\\Temp\\acit.exe"=
"f:\\DOKUME~1\\User\\LOKALE~1\\Temp\\w77c52.exe"=
"f:\\DOKUME~1\\User\\LOKALE~1\\Temp\\msex.exe"=

Thats; documents and settings\user\local settings\temp
Delete all of the above .exe inside the temp folder
Click to expand...

I can't find the folder "Temp". All other folders are there, but no Temp folder visible although I have ENABLED everything - it should be there!
Searching for these exe files with the Windows search function freezes the PC.

shelf life said:
next:
Go to Start > Run and type:cleanmgr. Windows will scan. When done check these 3 and press *ok* to remove:

Temporary Files
Temporary Internet Files
Recycle Bin
Click to expand...
Done, 32 kb removed...

shelf life said:
Go to start>run again and type in %temp%
delete what you can out of that folder
Click to expand...
Only a few .bin files

shelf life said:
Run malwarebytes again and this time when malwarebytes is done reboot your computer at the prompt. It looks like you didnt reboot last time you ran it?
Click to expand...
I DID restart every time, but MBAM does not delete the threats and does show them in every scan again.

shelf life said:
If you uninstalled Avira I wouldnt be to long with out a antivirus installed and updated.
Click to expand...

I still cannot uninstall Avira. It is still blocked.



I will give you the latest MBAM log when the scan is finished.
 
Latest MBAM log:


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5531

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

16.01.2011 10:36:23
mbam-log-2011-01-16 (10-36-23).txt

Art des Suchlaufs: Vollständiger Suchlauf (F:\|K:\|L:\|)
Durchsuchte Objekte: 150001
Laufzeit: 10 Minute(n), 12 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 5
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (PUM.Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
f:\Dokumente und Einstellungen\User\Lokale Einstellungen\temp\wineduxfo.exe (Spyware.PWS) -> Delete on reboot.
f:\Dokumente und Einstellungen\User\Lokale Einstellungen\temp\gmhu.exe (Spyware.PWS) -> Delete on reboot.
f:\dokumente und einstellungen\User\lokale einstellungen\temp\w71e72.exe (Trojan.Agent) -> Delete on reboot.
Click to expand...
 
ok. We will do two things. Get another download to use and run combofix again.

First:
Please download TDSS Killer.exe and save it to your desktop
Double click to launch the utility. After it initializes click the start scan button.

Once the scan completes you can click the continue button.

"The utility will automatically select an action (Cure or Delete) for known malcious objects. A suspicious object will be skipped by default."

"After clicking Next, the utility applies selected actions and outputs the result."

"A reboot might require after disinfection."

A report will be found in your Root drive Local Disk (C) as TDSSKiller.2.4.12.0_02.01.2011_17.32.21_log.txt (name, version, date, time, log.txt)
Please post the log report

-------------------------------
Last:
Run Combofix like you did before. If you are prompted for a update let it update. Post the new combofix log
 
This thread has been closed due to inactivity.

If you still require help, please start a new topic and include a DDS log with a link to your previous thread, or in this particular case, send a PM to your helper. :)

Applies only to the original poster, anyone else with similar problems please start your own topic.
 
You must log in or register to reply here.
Back
Top