Virtumonde + WINFIXER

Status
Not open for further replies.
S

SkinArt

New member
Hello!,
please can anybody help me to fix Virtumonde on my pc, i got some popup that said you must install winantivirus and some other errorsafe.
i have try different program antispyware, include spybot s&d, but can't get rid off :(

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:45:02 AM, on 8/22/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\qwerty12.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ups.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: WebAssist - {85589B5D-D53D-4237-A677-46B82EA275F3} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O20 - Winlogon Notify: acctop - acctop.dll (file missing)
O20 - Winlogon Notify: memut8 - C:\WINDOWS\SYSTEM32\memut8.dll
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\System32\qwerty12.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx2\PXAgent.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe

--
End of file - 3222 bytes
 
Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
"BEFORE you POST" (READ this Procedure before Requesting Assistance)
http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.

1) Thanks to andymanchesta and anyone else who helped with the fix.

Download SDFix and save it to your Desktop.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.
Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

2) Thanks to sUBs and anyone else who helped with this fix.

Download ComboFix from Here or Here to your Desktop.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Post the report from SDFix, combofix log and a new HJT log.

Thanks
 
Hello pskelley, thanks a lot for repply, also helpful information.

i did everything what you said, here are three logs:

SDFix LOGS


SDFix: Version 1.99

Run by Administrator on Thu 08/23/2007 at 08:48 AM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Name:
DomainService

ImagePath:
C:\WINDOWS\System32\qwerty12.exe /service

DomainService - Deleted



Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\WINDOWS\SYSTEM32\EFCDB.EXE - Deleted
C:\WINDOWS\system32\tmp25.tmp.dll - Deleted
C:\WINDOWS\system32\tmp42.tmp.dll - Deleted
C:\WINDOWS\system32\tmp62.tmp.dll - Deleted
C:\WINDOWS\system32\system\klog.dat - Deleted
C:\WINDOWS\system32\qwerty12.exe - Deleted


Folder C:\WINDOWS\system32\system - Removed

Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip
Registry Backups: - C:\SDFix\backups\backupreg.zip
Full Registry Backup: - C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE

Files with Hidden Attributes:

C:\WINDOWS\system32\9A3D4FBA8E.sys
C:\WINDOWS\LastGood.Tmp\INF\oem10.inf
C:\WINDOWS\LastGood.Tmp\INF\oem10.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem11.inf
C:\WINDOWS\LastGood.Tmp\INF\oem11.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem9.inf
C:\WINDOWS\LastGood.Tmp\INF\oem9.PNF

Finished

ComboFIX LOGS

ComboFix 07-08-17.2 - "Albano" 2007-08-23 9:05:42.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.26 [GMT 2:00]


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\Albano\APPLIC~1\addon.dat
C:\DOCUME~1\Albano\APPLIC~1\tmp1.tmp.exe
C:\DOCUME~1\Albano\APPLIC~1\tmp10.tmp.exe
C:\DOCUME~1\Albano\APPLIC~1\tmp2.tmp.exe
C:\DOCUME~1\Albano\APPLIC~1\tmp3F.tmp.exe
C:\DOCUME~1\Albano\APPLIC~1\tmp40.tmp.exe
C:\DOCUME~1\Albano\APPLIC~1\tmp42.tmp.exe
C:\DOCUME~1\Albano\APPLIC~1\tmpF.tmp.exe
C:\WINDOWS\qpprtv.ini
C:\WINDOWS\system32\dn985ca620.dat
C:\WINDOWS\system32\memut8.dll
C:\WINDOWS\system32\mljgh.exe
C:\WINDOWS\system32\rqrss.exe
C:\WINDOWS\vtrppq.dll


((((((((((((((((((((((((( Files Created from 2007-07-23 to 2007-08-23 )))))))))))))))))))))))))))))))


2007-08-23 09:03 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-23 08:46 <DIR> d-------- C:\WINDOWS\ERUNT
2007-08-22 08:42 <DIR> d-------- C:\Program Files\Trend Micro
2007-08-20 13:20 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
2007-08-20 12:34 <DIR> d-------- C:\Program Files\MSN Messenger
2007-08-20 12:04 <DIR> d-------- C:\DOCUME~1\Albano\Contacts
2007-08-20 12:03 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-08-19 18:37 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-08-18 14:33 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-08-18 01:26 272,896 --a------ C:\WINDOWS\system32\kerberos.dll
2007-08-18 01:20 1,129,472 --a------ C:\WINDOWS\system32\msxml3.dll
2007-08-18 01:14 95,232 --a------ C:\WINDOWS\system32\6to4svc.dll
2007-08-18 01:14 83,456 --a------ C:\WINDOWS\system32\netsh.exe
2007-08-18 01:14 70,656 --a------ C:\WINDOWS\system32\ws2_32.dll
2007-08-18 01:14 54,272 --a------ C:\WINDOWS\system32\ipv6mon.dll
2007-08-18 01:14 48,640 --a------ C:\WINDOWS\system32\ipv6.exe
2007-08-18 01:14 31,232 --a------ C:\WINDOWS\system32\inetmib1.dll
2007-08-18 01:14 203,008 --a------ C:\WINDOWS\system32\drivers\tcpip6.sys
2007-08-18 01:14 159,232 --a------ C:\WINDOWS\system32\xpob2res.dll
2007-08-18 01:14 13,312 --a------ C:\WINDOWS\system32\wship6.dll
2007-08-18 01:14 11,776 --a------ C:\WINDOWS\system32\drivers\tunmp.sys
2007-08-18 01:08 322,048 --a------ C:\WINDOWS\system32\drivers\srv.sys
2007-08-18 00:56 61,952 --a------ C:\WINDOWS\system32\webclnt.dll
2007-08-18 00:56 172,672 --a------ C:\WINDOWS\system32\drivers\mrxdav.sys
2007-08-18 00:39 115,976 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2007-08-18 00:28 1,797,120 --a------ C:\WINDOWS\system32\win32k.sys
2007-08-18 00:23 233,984 --a------ C:\WINDOWS\system32\tapisrv.dll
2007-08-18 00:16 87,552 --a------ C:\WINDOWS\system32\polstore.dll
2007-08-18 00:16 57,984 --a------ C:\WINDOWS\system32\drivers\ipsec.sys
2007-08-18 00:16 364,032 --a------ C:\WINDOWS\system32\ipsmsnap.dll
2007-08-18 00:16 332,800 --a------ C:\WINDOWS\system32\ipsecsnp.dll
2007-08-18 00:16 328,704 --a------ C:\WINDOWS\system32\oakley.dll
2007-08-18 00:16 25,600 --a------ C:\WINDOWS\system32\winipsec.dll
2007-08-18 00:16 155,648 --a------ C:\WINDOWS\system32\ipsecsvc.dll
2007-08-18 00:05 99,328 --a------ C:\WINDOWS\system32\win32spl.dll
2007-08-18 00:05 51,200 --a------ C:\WINDOWS\system32\spoolsv.exe
2007-08-17 23:31 1,018,368 --a------ C:\WINDOWS\system32\esent.dll
2007-08-17 23:15 68,608 --a------ C:\WINDOWS\system32\olecli32.dll
2007-08-17 23:15 64,512 --a------ C:\WINDOWS\system32\colbact.dll
2007-08-17 23:15 594,944 --a------ C:\WINDOWS\system32\catsrvut.dll
2007-08-17 23:15 499,712 --a------ C:\WINDOWS\system32\clbcatq.dll
2007-08-17 23:15 35,328 --a------ C:\WINDOWS\system32\olecnv32.dll
2007-08-17 23:15 284,672 --a------ C:\WINDOWS\system32\rpcss.dll
2007-08-17 23:15 226,816 --a------ C:\WINDOWS\system32\es.dll
2007-08-17 23:15 225,280 --a------ C:\WINDOWS\system32\catsrv.dll
2007-08-17 23:15 1,258,496 --a------ C:\WINDOWS\system32\ole32.dll
2007-08-17 23:15 1,194,496 --a------ C:\WINDOWS\system32\comsvcs.dll
2007-08-17 22:57 200,064 --a------ C:\WINDOWS\system32\drivers\rmcast.sys
2007-08-17 22:39 154,112 --a------ C:\WINDOWS\system32\netman.dll
2007-08-17 22:35 332,928 --a------ C:\WINDOWS\system32\drivers\tcpip.sys
2007-08-17 22:28 68,096 --a------ C:\WINDOWS\system32\mscms.dll
2007-08-17 22:15 557,056 --a------ C:\WINDOWS\system32\comctl32.dll
2007-08-17 21:48 277,504 --a------ C:\WINDOWS\system32\winsrv.dll
2007-08-17 21:48 15,872 --a------ C:\WINDOWS\system32\linkinfo.dll
2007-08-17 21:39 257,536 --a------ C:\WINDOWS\system32\gdi32.dll
2007-08-17 21:11 594,432 --a------ C:\WINDOWS\system32\xpsp2res.dll
2007-08-17 20:59 107,008 --a------ C:\WINDOWS\system32\umpnpmgr.dll
2007-08-17 20:46 64,512 --a------ C:\WINDOWS\system32\mtxclu.dll
2007-08-17 10:35 <DIR> d-------- C:\Program Files\Symantec
2007-08-17 10:34 <DIR> d-------- C:\Program Files\Symantec AntiVirus
2007-08-17 10:34 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2007-08-16 19:06 440,064 --a------ C:\WINDOWS\system32\drivers\mrxsmb.sys
2007-08-16 19:06 170,112 --a------ C:\WINDOWS\system32\drivers\rdbss.sys
2007-08-16 13:20 884,736 --a------ C:\WINDOWS\system32\msimsg.dll
2007-08-16 13:20 77,312 --a------ C:\WINDOWS\system32\msiexec.exe
2007-08-16 13:20 44,032 --a------ C:\WINDOWS\system32\msisip.dll
2007-08-16 13:20 331,264 --a------ C:\WINDOWS\system32\msihnd.dll
2007-08-16 13:20 2,797,056 --a------ C:\WINDOWS\system32\msi.dll
2007-08-16 13:16 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2007-08-16 11:56 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-08-16 11:21 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
2007-08-16 11:20 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee.com
2007-08-16 10:34 524,288 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-08-16 09:43 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-08-15 09:23 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Prevx
2007-08-15 09:22 77,312 --a------ C:\WINDOWS\ua2.dll
2007-08-14 13:30 28,672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys
2007-08-12 14:54 <DIR> d-------- C:\Program Files\Cyberlink
2007-08-04 20:13 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll
2007-08-04 20:13 8,192 --a------ C:\WINDOWS\system32\kbdkor.dll
2007-08-04 20:13 6,144 --a------ C:\WINDOWS\system32\kbd106.dll
2007-08-04 20:13 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll
2007-08-04 20:13 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll
2007-08-04 20:13 5,632 --a------ C:\WINDOWS\system32\kbd103.dll


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-22 10:28 --------- d-------- C:\Program Files\Google
2007-08-21 08:37 --------- d-------- C:\DOCUME~1\Albano\APPLIC~1\Google
2007-08-12 14:55 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-07-25 15:55 --------- d-------- C:\DOCUME~1\Albano\APPLIC~1\Real
2007-07-19 09:13 --------- d-------- C:\Program Files\Chopper XP
2004-11-27 16:43:20 152 -csh--r C:\WINDOWS\system32\9A3D4FBA8E.sys


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{85589B5D-D53D-4237-A677-46B82EA275F3}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-20 13:18]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"=0 (0x0)
"NoClose"=0 (0x0)
"NoFileMenu"=0 (0x0)
"NoCommonGroups"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acctop]
acctop.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LG SyncManager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\LG SyncManager.lnk
backup=C:\WINDOWS\pss\LG SyncManager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMuleAutoStart]
D:\Program Files\eMule\emule.exe -AutoStart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
C:\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MOD]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrevxOne]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RavTimeXP]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Synchronization Manager]
%SystemRoot%\system32\mobsync.exe /logon

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemOptimizer]
rundll32.exe "C:\WINDOWS\vtrppq.dll",forkonce

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

R0 ppa;Iomega Parallel Port Filter Driver;C:\WINDOWS\System32\DRIVERS\ppa.sys
R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver;C:\WINDOWS\System32\DRIVERS\fetnd5.sys
R3 G200;G200;C:\WINDOWS\System32\DRIVERS\G200m.sys
S3 iteio;iteio;\??\C:\WINDOWS\System32\drivers\iteio.sys
S3 U81xbus;LGE U8XXX driver (WDM);C:\WINDOWS\System32\DRIVERS\U81xbus.sys
S3 U81xmdfl;LGE U8XXX USB WMC Modem Filter;C:\WINDOWS\System32\DRIVERS\U81xmdfl.sys
S3 U81xmdm;LGE U8XXX USB WMC Modem Driver;C:\WINDOWS\System32\DRIVERS\U81xmdm.sys
S3 U81xmgmt;LGE U8XXX USB WMC Device Management Drivers (WDM);C:\WINDOWS\System32\DRIVERS\U81xmgmt.sys
S3 U81xobex;LGE U8XXX USB WMC OBEX Interface;C:\WINDOWS\System32\DRIVERS\U81xobex.sys


Contents of the 'Scheduled Tasks' folder
2007-08-22 22:00:00 C:\WINDOWS\Tasks\At1.job - C:\WINDOWS\System32\H06s36DU.exe
2007-08-23 07:00:01 C:\WINDOWS\Tasks\At10.job - C:\WINDOWS\System32\H06s36DU.exe
2007-08-22 08:00:03 C:\WINDOWS\Tasks\At11.job
2007-08-22 09:00:01 C:\WINDOWS\Tasks\At12.job - C:\WINDOWS\System32\H06s36DU.exe
2007-08-22 10:00:04 C:\WINDOWS\Tasks\At13.job - C:\WINDOWS\System32\H06s36DU.exe
2007-08-22 11:00:01 C:\WINDOWS\Tasks\At14.job - C:\WINDOWS\System32\H06s36DU.exe
2007-08-21 12:00:02 C:\WINDOWS\Tasks\At15.job - C:\WINDOWS\System32\H06s36DU.exe
2007-08-18 13:00:05 C:\WINDOWS\Tasks\At16.job
2007-08-18 14:00:04 C:\WINDOWS\Tasks\At17.job - C:\WINDOWS\System32\H06s36DU.exe
2007-08-18 15:00:03 C:\WINDOWS\Tasks\At18.job - C:\WINDOWS\System32\H06s36DU.exe
2007-08-21 16:00:00 C:\WINDOWS\Tasks\At19.job
2007-08-22 23:00:00 C:\WINDOWS\Tasks\At2.job - C:\WINDOWS\System32\H06s36DU.exe
2007-08-21 17:00:01 C:\WINDOWS\Tasks\At20.job - C:\WINDOWS\System32\H06s36DU.exe
2007-08-22 18:00:00 C:\WINDOWS\Tasks\At21.job - C:\WINDOWS\System32\H06s36DU.exe
2007-08-22 19:00:00 C:\WINDOWS\Tasks\At22.job - C:\WINDOWS\System32\H06s36DU.exe
2007-08-22 20:00:00 C:\WINDOWS\Tasks\At23.job - C:\WINDOWS\System32\H06s36DU.exe
2007-08-22 21:00:00 C:\WINDOWS\Tasks\At24.job - C:\WINDOWS\System32\H06s36DU.exe
2007-08-23 00:00:00 C:\WINDOWS\Tasks\At3.job
2007-08-23 01:00:00 C:\WINDOWS\Tasks\At4.job - C:\WINDOWS\System32\H06s36DU.exe
2007-08-23 02:00:00 C:\WINDOWS\Tasks\At5.job - C:\WINDOWS\System32\H06s36DU.exe
2007-08-23 03:00:00 C:\WINDOWS\Tasks\At6.job - C:\WINDOWS\System32\H06s36DU.exe
2007-08-23 04:00:00 C:\WINDOWS\Tasks\At7.job
2007-08-23 05:00:00 C:\WINDOWS\Tasks\At8.job - C:\WINDOWS\System32\H06s36DU.exe
2007-08-23 06:00:00 C:\WINDOWS\Tasks\At9.job
2006-03-26 10:12:21 C:\WINDOWS\Tasks\UPS System Shutdown Program.job

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-23 09:12:46
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-23 9:16:04 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-23 09:15

--- E O F ---

Hijackthis LOGS

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:19:17 AM, on 8/23/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Hijackthis\HiJackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: WebAssist - {85589B5D-D53D-4237-A677-46B82EA275F3} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O20 - Winlogon Notify: acctop - acctop.dll (file missing)
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx2\PXAgent.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe

--
End of file - 2828 bytes
 
Thanks for returning your information and it looks like the tools did a great job for you.

It Looks like the infection scheduled a lot of junk in your scheduled tasks folder, look near the end of the combofix log. What I want you to do is open that folder:
C:\WINDOWS\Tasks\ <<< and delete all of the tasks that are numbered like this one >> At1.job
You may leave this one if you set it: C:\WINDOWS\Tasks\UPS System Shutdown Program.job

Then do this:

Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: WebAssist - {85589B5D-D53D-4237-A677-46B82EA275F3} - (no file)
O20 - Winlogon Notify: acctop - acctop.dll (file missing)

Close all programs but HJT and all browser windows, then click on "Fix Checked"

Run Clean Manager
http://spyware-free.us/tutorials/cleanmgr/

Post a new HJT log and tell me how the computer is running now.

Thanks

Are you aware this program is running and using resrouces in your services?
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx2\PXAgent.exe (file missing)
If you have removed this program from your computer, I suggest you disable it in services.
 
thank you and your time is really appreciated very much man, yeah looks like virtumonde it's gone now since the tools did a lot of great work. i'll check of what you said now, and i be back with logs.

for the moment after removed virtumonde, really looks more better and a bit more faster than before with spyware active.

i used to install prevx antispyware, but installing not completed ok at the end, and when finished installation program opened with some errors, so i deceide to remove it, but looks some things of it aren't removed.

i'll look on service to disable it, but please help me a little here,
i found on Services/PrevX Agent with right click of mouse only "Start" is Active the rest are disable options like Pause, Stop, Start and Resume. I not want to have prevx on pc since i not have program anymore. so let me know how to fix this one too.

i'll be back later with the rest of logs.
thanks a million!
cheers.

ps. oh sorry for any mistake on english writter, isin't my primary language.
 
If you only wish to disable the service:

Disable the ServiceClick Start > Run and type services.msc
Scroll down to Prevx Agent and right click on it.
Click Properties and under Service Status click Stop, then under Startup Type change it to Disabled.


If you wish to delete the Service

Open HijackThis and click Config -> Misc Tools -> Delete an NT service.
In the Delete window, type (PREVXAgent) and press OK.
OK any prompts, close HijackThis, and restart your computer.

Thanks
 
removed things on C:\WINDOWS\TASKS
i leave only: C:\WINDOWS\Tasks\UPS System Shutdown Program.job

run cleanmgr and cleaned things there as well.
and here are logs of Hijackthis.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:57:19 PM, on 8/23/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\internet explorer\iexplore.exe
D:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Hijackthis\HiJackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "d:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx2\PXAgent.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 3014 bytes

let me know about PrevX, i want to remove that one, but hijackthis can't fix it, i selected and hit fix but program can't remove from list, also is another missing file

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)

it's ok to remove this one or is not problem if staying.

now my pc is superior faster than before,
thank you very much for everthing.

also thanks a lot authors of tools
1) Thanks to andymanchesta and anyone else who helped with the fix.
2) Thanks to sUBs and anyone else who helped with this fix.
 
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
Leave that item alone, that file is not missing just a glitch in HJT. That is a valid NT Service!!

http://www.processlibrary.com/directory/files/aspnet_state

Delete C:\SDFix\backups\backups.zip completely for your computer, also delete combofix...make sure you delete C:\combofix\Qoobox\quarantine\ also.

Then do this:
Run this online scan using Internet Explorer:
Kaspersky Online Scanner from http://www.kaspersky.com/virusscanner

Next Click on Launch Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

* The program will launch and then begin downloading the latest definition files:
* Once the files have been downloaded click on NEXT
* Now click on Scan Settings
* In the scan settings make that the following are selected:
* Scan using the following Anti-Virus database:
* Standard
* Scan Options:
* Scan Archives
* Scan Mail Bases
* Click OK
* Now under select a target to scan:
* Select My Computer
* This will program will start and scan your system.
* The scan will take a while so be patient and let it run.
* Once the scan is complete it will display if your system has been infected.
* Now click on the Save as Text button:
* Save the file to your desktop.

Then post it here.

Thanks
 
hello pskelley
i run Kaspersky Online Scanner and found...

here are logs,

KASPERSKY ONLINE SCANNER REPORT
Friday, August 24, 2007 12:06:56 PM
Operating System: Microsoft Windows XP Professional, Service Pack 1 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 24/08/2007
Kaspersky Anti-Virus database records: 364462


Scan Settings
Scan using the following antivirus database standard
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\
E:\
F:\

Scan Statistics
Total number of scanned objects 32571
Number of viruses found 1
Number of infected objects 1
Number of suspicious objects 0
Duration of the scan process 02:07:22

Infected Object Name Virus Name Last Action
C:\Documents and Settings\Albano\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Albano\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Albano\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Albano\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Albano\Local Settings\Temp\~DFF9E4.tmp Object is locked skipped

C:\Documents and Settings\Albano\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Albano\ntuser.dat Object is locked skipped

C:\Documents and Settings\Albano\NTUSER.DAT.LOG Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\PowerDVD\Language\Language.exe Infected: Trojan.Win32.Patched.af skipped

C:\System Volume Information\_restore{D62E5C95-6E2C-46F2-B191-3692417052C1}\RP2\change.log Object is locked skipped

C:\WINDOWS\Debug\oakley.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\Internet Logs\FINNVOX.ldb Object is locked skipped

C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped

C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped

C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped

C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat Object is locked skipped

C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\WINDOWS\system32\drivers\fidbox.dat Object is locked skipped

C:\WINDOWS\system32\drivers\fidbox.idx Object is locked skipped

C:\WINDOWS\system32\drivers\fidbox2.dat Object is locked skipped

C:\WINDOWS\system32\drivers\fidbox2.idx Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\TEMP\ZLT07dc8.TMP Object is locked skipped

C:\WINDOWS\TEMP\ZLT07dd5.TMP Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.
 
KASPERSKY ONLINE SCANNER REPORT Friday, August 24, 2007 12:06:56 PM
Number of infected objects 1

C:\PowerDVD\Language\Language.exe Infected: Trojan.Win32.Patched.af skipped
Kaspersky finds the file in red is infected, if you want to scan the file as a doublecheck, here are free online scans:

http://virusscan.jotti.org/
http://www.virustotal.com/

I would remove that file, then finish up like this:

System Restore does not know the good files from the bad. In case bad stuff has gotten into your System Restore files, follow the instructions in this link to get clean System Restore files. Turn it off, reboot then turn it back on:
http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/mcgill1.mspx

Some good information for you:
http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html

Here is some great information from experts in this field that will help you stay clean and safe online.
http://users.telenet.be/bluepatchy/miekiemoes/prevention.html
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml

Thanks...pskelley
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.
 
i'll try all that you said.
thanks a lot for everything pskelley, thanks Safer Networking Forums, and all who work to help everyone here on this forum.!!

you guys are very helpful!, fast with information, and suggestion.
thank you!

i'll donate a few $ for the cause, for your help and time that you dedicated to me.
 
As the problem appears to be resolved this topic has been closed.

If you need it re-opened please send me or a forum staff member a private message (pm) and provide a link to the thread; this applies only to the original topic starter.

Anyone else with similar problems please start a new topic.

Thanks
 
Status
Not open for further replies.
Back
Top