Jump to content

blee0125

Members
  • Posts

    3
  • Joined

  • Last visited

Everything posted by blee0125

  1. A couple days ago, one of my business websites suffered from Cross Scripting and other malicious code that I suspect was inserted via one of the Forms we have on our page. As a result, when I visited the homepage (unaware of the issue), I was redirected to the following websites: freedotsite dot ru tagteamexpo dot ru buzznet-com dot babylon dot com dot youdao-com dot tagteamexpo dot ru:8080 where an auto download of the following programs/viruses/malware (possibly more) began: ShopAtHome Toolbar winesm32.exe rootkit.tdss FlvPLayer.exe I was using Firefox 3.5 or 3.6 (can't remember) to browse at the time and quickly blocked the new scripts using NoScript but I guess the damage had already been done. Norton flagged a few of these and I tried to use Spybot Search and Destroy, SuperAntiSpyware, MalwareBytes, and Norton Antivirus to scan and remove. Many different trojans, malware, and Virtumonde were found and supposedly removed. I attempted a System Restore but was unable and eventually I turned off and turned back on System Restore. I thought everything was successfully removed however while the computer suddenly unexpectedly shutdown during a browsing session in Internet Explorer. Upon reboot, the computer remained in a continuous boot cycle and would not boot up normally or into any form of Safe Mode. Since then, I have used a Windows XP Professional SP2 disc to run a repair and am now able to successfully boot into Windows normally. However, the system runs incredibly slowly and immediately upon startup the following programs try to install: PhotoGallery Document Viewer When I hit cancel, I receive a Microsoft .NET Framework message saying: "an unhandled exception has occurred in a component in your application. Click continue and application will ignore this error and attempt to continue." The first time this happened, I accidently hit continue after trying to cancel numerous times. The computer went into another reboot cycle as described above and I once again used the XP SP2 cd to repair. Norton and MalwareBytes Scans have both come up clean but I'm afraid I still have a serious problem on hand. After completing and saving the GMER file as ark.txt, the computer slowed to a crawl so badly that I had to restart. (Hopefully this doesn't have too much bearing on the repair process) I have followed all directions to the best of my ability given the state of the crippled system to use DeFogger and posted/attached the requested DDS, GMER, and MBAM logs for help. Ark.txt and Attach.txt are zipped up together in Attach.zip. Thank you in advance for your help. MALWAREBYTES LOG Malwarebytes' Anti-Malware 1.44 Database version: 3809 Windows 5.1.2600 Service Pack 2 Internet Explorer 6.0.2900.2180 3/1/2010 7:48:59 PM mbam-log-2010-03-01 (19-48-59).txt Scan type: Quick Scan Objects scanned: 124495 Time elapsed: 8 minute(s), 3 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) DDS.TXT DDS (Ver_09-12-01.01) - NTFSx86 Run by Administrator at 15:43:43.23 on Mon 03/01/2010 Internet Explorer: 6.0.2900.2180 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.360 [GMT -5:00] AV: Norton AntiVirus *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\brss01a.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Microsoft LifeCam\MSCamS32.exe C:\Program Files\Norton AntiVirus\Engine\17.5.0.127\ccSvcHst.exe C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Norton AntiVirus\Engine\17.5.0.127\ccSvcHst.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SMINST\Scheduler.exe C:\WINDOWS\vVX6000.exe C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Administrator\Desktop\Defogger.exe C:\Documents and Settings\Administrator\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=smb&pf=desktop uInternet Settings,ProxyOverride = *.local BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll BHO: {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - No File BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\17.5.0.127\IPSBHO.DLL BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_01\bin\ssv.dll BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7} - No File BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No File TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe" uRun: [Google Update] "c:\documents and settings\administrator\local settings\application data\google\update\GoogleUpdate.exe" /c mRun: [setRefresh] c:\program files\compaq\setrefresh\SetRefresh.exe mRun: [Recguard] c:\windows\sminst\Recguard.exe mRun: [Reminder] c:\windows\creator\Remind_XP.exe mRun: [scheduler] c:\windows\sminst\Scheduler.exe mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [VX6000] c:\windows\vVX6000.exe mRun: [sSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot mRun: [RoxioDragToDisc] "c:\program files\roxio\drag-to-disc\DrgToDsc.exe" mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe" mRun: [indexSearch] c:\program files\scansoft\paperport\IndexSearch.exe mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [ControlCenter2.0] c:\program files\brother\controlcenter2\brctrcen.exe /autorun mRun: [Adobe_ID0EYTHM] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe" mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-us\local\search.html IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe" Hosts: 127.0.0.1 www.spywareinfo.com ============= SERVICES / DRIVERS =============== R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nav\1105000.07f\SymDS.sys [2010-2-25 328752] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1105000.07f\SymEFA.sys [2010-2-25 172592] R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.5.0.127\definitions\bashdefs\20100211.001\BHDrvx86.sys [2010-2-11 536112] R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nav\1105000.07f\cchpx86.sys [2010-2-25 501888] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-17 66632] R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nav\1105000.07f\Ironx86.sys [2010-2-25 116272] R2 NAV;Norton AntiVirus;c:\program files\norton antivirus\engine\17.5.0.127\ccSvcHst.exe [2010-2-25 126392] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-2-25 102448] R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.5.0.127\definitions\ipsdefs\20100224.002\IDSXpx86.sys [2010-2-26 329592] R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.5.0.127\definitions\virusdefs\20100301.016\NAVENG.SYS [2010-3-1 84912] R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.5.0.127\definitions\virusdefs\20100301.016\NAVEX15.SYS [2010-3-1 1324720] R3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\drivers\VX6000Xp.sys [2010-2-9 2074464] S0 wpvtcnti;wpvtcnti;c:\windows\system32\drivers\celfsq.sys --> c:\windows\system32\drivers\celfsq.sys [?] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-10 135664] S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872] =============== Created Last 30 ================ 2010-03-01 20:42:10 20 ----a-w- c:\documents and settings\administrator\defogger_reenable 2010-03-01 19:24:24 118784 ----a-w- c:\windows\system32\chg.exe 2010-02-27 22:20:20 155648 ----a-w- c:\windows\system32\igfxres.dll 2010-02-27 22:09:04 31232 -c--a-w- c:\windows\system32\dllcache\weitekp9.sys 2010-02-27 22:09:03 41600 -c--a-w- c:\windows\system32\dllcache\weitekp9.dll 2010-02-27 22:09:02 9216 -c--a-w- c:\windows\system32\dllcache\wamps51.dll 2010-02-27 22:09:02 53248 -c--a-w- c:\windows\system32\dllcache\wamreg51.dll 2010-02-27 22:09:01 76800 -c--a-w- c:\windows\system32\dllcache\wam51.dll 2010-02-27 22:09:01 363520 -c--a-w- c:\windows\system32\dllcache\w3svc.dll 2010-02-27 22:09:00 73728 -c--a-w- c:\windows\system32\dllcache\w3ext.dll 2010-02-27 22:09:00 5632 -c--a-w- c:\windows\system32\dllcache\w3svapi.dll 2010-02-27 22:09:00 48256 -c--a-w- c:\windows\system32\dllcache\w32.dll 2010-02-27 22:09:00 4608 -c--a-w- c:\windows\system32\dllcache\w3ctrs51.dll 2010-02-27 22:07:59 53248 -c--a-w- c:\windows\system32\dllcache\nextlink.dll 2010-02-27 22:06:59 7680 -c--a-w- c:\windows\system32\dllcache\ftpctrs2.dll 2010-02-27 22:05:59 76800 -c--a-w- c:\windows\system32\dllcache\logui.ocx 2010-02-27 22:04:03 488 ---ha-r- c:\windows\system32\logonui.exe.manifest 2010-02-27 22:03:55 749 ---ha-r- c:\windows\WindowsShell.Manifest 2010-02-27 22:03:55 749 ---ha-r- c:\windows\system32\wuaucpl.cpl.manifest 2010-02-27 22:03:55 749 ---ha-r- c:\windows\system32\sapi.cpl.manifest 2010-02-27 22:03:55 749 ---ha-r- c:\windows\system32\nwc.cpl.manifest 2010-02-27 22:03:55 749 ---ha-r- c:\windows\system32\ncpa.cpl.manifest 2010-02-27 22:03:16 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe 2010-02-27 22:02:58 32768 -c--a-w- c:\windows\system32\dllcache\icwdl.dll 2010-02-27 21:44:54 70144 -c--a-w- c:\windows\system32\dllcache\pintlphr.exe 2010-02-27 21:43:48 57398 -c--a-w- c:\windows\system32\dllcache\imjpdadm.exe 2010-02-27 21:42:59 1086058 ----a-r- c:\windows\SET51.tmp 2010-02-27 21:42:57 1042903 ----a-r- c:\windows\SET4E.tmp 2010-02-27 21:16:17 12664 ----a-w- c:\windows\system32\wpa.bak 2010-02-27 20:52:20 20480 -c--a-w- c:\windows\system32\dllcache\inetwiz.exe 2010-02-27 20:52:17 86016 -c--a-w- c:\windows\system32\dllcache\icwconn2.exe 2010-02-27 20:30:55 7334 -c--a-w- c:\windows\system32\dllcache\wmerrenu.cat 2010-02-27 20:30:50 13753 ----a-r- c:\windows\SET58.tmp 2010-02-27 20:30:47 1086058 ----a-r- c:\windows\SET4C.tmp 2010-02-27 20:30:45 1042903 ----a-r- c:\windows\SET49.tmp 2010-02-27 20:27:14 0 ----a-w- c:\windows\SET69.tmp 2010-02-27 20:26:44 0 ----a-w- c:\windows\SET68.tmp 2010-02-27 20:26:43 0 ----a-w- c:\windows\SET67.tmp 2010-02-27 20:26:43 0 ----a-w- c:\windows\SET66.tmp 2010-02-27 20:26:42 0 ----a-w- c:\windows\SET65.tmp 2010-02-27 20:26:14 0 ----a-w- c:\windows\SET64.tmp 2010-02-27 08:23:58 0 d-----w- c:\windows\system32\wbem\Repository 2010-02-26 19:33:52 0 d-----w- c:\docume~1\admini~1\applic~1\CoreFTP 2010-02-26 19:27:09 0 d-----w- c:\program files\CoreFTP 2010-02-26 18:59:18 274288 ----a-w- c:\windows\system32\mucltui.dll 2010-02-26 18:59:18 215920 ----a-w- c:\windows\system32\muweb.dll 2010-02-26 18:59:18 16736 ----a-w- c:\windows\system32\mucltui.dll.mui 2010-02-26 10:37:24 481 ----a-w- c:\documents and settings\administrator\Shortcut to Administrator.lnk 2010-02-26 07:40:39 0 d-----w- c:\docume~1\admini~1\applic~1\Malwarebytes 2010-02-26 07:40:27 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-02-26 07:40:25 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2010-02-26 07:40:19 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-02-26 07:40:19 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-02-26 04:55:12 0 d-----w- c:\windows\pss 2010-02-26 04:15:12 0 d-----w- c:\program files\Safer Networking 2010-02-26 03:31:49 0 d-----w- c:\program files\Trend Micro 2010-02-26 01:05:05 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF 2010-02-26 01:05:05 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT 2010-02-26 01:05:05 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL 2010-02-26 01:05:05 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2010-02-26 01:05:04 0 d-----w- c:\program files\Symantec 2010-02-26 01:05:04 0 d-----w- c:\program files\common files\Symantec Shared 2010-02-26 00:58:21 0 d-----w- c:\windows\system32\drivers\NAV 2010-02-26 00:58:20 0 d-----w- c:\program files\Norton AntiVirus 2010-02-26 00:58:13 0 d-----w- c:\program files\NortonInstaller 2010-02-26 00:58:13 0 d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller 2010-02-26 00:47:07 0 d-----w- c:\docume~1\alluse~1\applic~1\Norton 2010-02-25 19:41:17 120 ----a-w- c:\windows\Gmuroyenevudam.dat 2010-02-25 19:41:17 0 ----a-w- c:\windows\Dtecoxobuzogaz.bin 2010-02-25 19:33:09 24 ----a-w- c:\docume~1\admini~1\applic~1\rbuwzv.dat 2010-02-25 16:46:05 0 d-----w- c:\program files\Spybot - Search & Destroy 2010-02-25 16:46:05 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy 2010-02-25 15:44:16 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com 2010-02-25 15:44:03 0 d-----w- c:\program files\SUPERAntiSpyware 2010-02-25 15:44:03 0 d-----w- c:\docume~1\admini~1\applic~1\SUPERAntiSpyware.com 2010-02-25 15:43:42 0 d-----w- c:\program files\common files\Wise Installation Wizard 2010-02-24 21:54:38 0 d-----w- c:\program files\Coupons 2010-02-13 04:07:14 0 d-----w- c:\windows\system32\Adobe 2010-02-10 21:49:44 421 ----a-w- c:\windows\hegames.ini 2010-02-09 19:51:42 230424 ----a-w- C:\DC6810xp-001.raw 2010-02-09 19:47:00 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys 2010-02-09 19:46:52 19328 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS 2010-02-09 19:46:50 85376 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys 2010-02-09 19:46:49 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys 2010-02-09 19:46:44 59264 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys 2010-02-09 19:45:58 90624 ----a-w- c:\windows\system32\kswdmcap.ax 2010-02-09 19:45:58 28672 ----a-w- c:\windows\system32\vidcap.ax 2010-02-09 19:45:56 61952 ----a-w- c:\windows\system32\kstvtune.ax 2010-02-09 19:45:48 53760 ----a-w- c:\windows\system32\vfwwdm32.dll 2010-02-09 19:45:47 43008 ----a-w- c:\windows\system32\ksxbar.ax 2010-02-09 19:33:16 764256 ----a-w- c:\windows\vVX6000.exe 2010-02-09 19:33:16 676704 ----a-w- c:\windows\system32\LCCoin30.dll 2010-02-09 19:33:16 577376 ----a-w- c:\windows\system32\vVX6000.dll 2010-02-09 19:33:16 524128 ----a-w- c:\windows\system32\LcProxy.ax 2010-02-09 19:33:16 32736 ----a-w- c:\windows\system32\drivers\VX6KCamd.sys 2010-02-09 19:33:16 2074464 ----a-w- c:\windows\system32\drivers\VX6000Xp.sys 2010-02-09 19:33:16 175456 ----a-w- c:\windows\system32\cVX6000.dll 2010-02-09 19:33:16 15497 ----a-w- c:\windows\VX6KStd.ini 2010-02-09 19:33:16 13022 ----a-w- c:\windows\VX6000.src 2010-02-09 19:33:16 101744 ----a-w- c:\windows\system32\VX6000.dll 2010-02-09 19:33:01 0 d-----w- c:\program files\Microsoft LifeCam 2010-02-09 19:26:29 0 d-----w- c:\windows\system32\XPSViewer 2010-02-09 19:25:39 575488 ------w- c:\windows\system32\xpsshhdr.dll 2010-02-09 19:25:39 1676288 ------w- c:\windows\system32\xpssvcs.dll 2010-02-09 19:25:39 117760 ------w- c:\windows\system32\prntvpt.dll 2010-02-09 19:25:39 0 d-----w- C:\9e278bc955f12189c84f52a7530760 2010-02-09 19:22:22 0 d-----w- c:\program files\MSXML 6.0 2010-02-09 19:11:14 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll 2010-02-09 19:11:08 0 d-----w- c:\windows\Logs 2010-02-06 09:39:55 0 d-----w- c:\program files\uTorrent 2010-02-06 09:39:35 0 d-----w- c:\docume~1\admini~1\applic~1\uTorrent 2010-02-05 16:35:22 56 ---ha-w- c:\windows\system32\ezsidmv.dat 2010-02-05 16:33:04 0 d-----r- c:\program files\Skype 2010-02-04 16:16:23 0 d-----w- c:\program files\Windows Media Connect 2 2010-02-04 16:16:01 0 d-----w- C:\f97f0afe066c2f29494a 2010-02-04 16:15:28 0 d-----w- C:\386a74b299c20d0e2b 2010-02-04 16:15:24 0 d-----w- c:\windows\system32\LogFiles 2010-02-04 16:15:02 0 d-----w- C:\7a15ae45d14b128fd810f0 ==================== Find3M ==================== 2010-02-27 22:01:51 23428 ----a-w- c:\windows\system32\emptyregdb.dat 2010-01-17 19:52:29 117088 ----a-w- c:\windows\hpoins11.dat 2010-01-17 19:37:48 691696 ----a-w- c:\windows\system32\drivers\sptd.sys ============= FINISH: 15:44:17.23 =============== Attach.zip
  2. I forgot to mention that I have run Malwarebytes a couple times yesterday and today in attempts to remove some of the issues myself. Below are some of the items from the various Malwarebytes logs. Malwarebytes' Anti-Malware 1.44 Database version: 3795 Windows 5.1.2600 Service Pack 2 Internet Explorer 8.0.6001.18702 2/26/2010 4:18:27 AM mbam-log-2010-02-26 (04-18-27).txt Scan type: Full Scan (C:\|D:\|) Objects scanned: 148318 Time elapsed: 1 hour(s), 39 minute(s), 58 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 2 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Documents and Settings\Administrator\My Documents\Sharon's Temp Backup\setup stuf\keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\winesm32.exe (Worm.KoobFace) -> Delete on reboot. ---- Malwarebytes' Anti-Malware 1.44 Database version: 3795 Windows 5.1.2600 Service Pack 2 Internet Explorer 8.0.6001.18702 2/26/2010 4:37:34 AM mbam-log-2010-02-26 (04-37-34).txt Scan type: Quick Scan Objects scanned: 123287 Time elapsed: 14 minute(s), 15 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 3 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\Temp\~TMAE.tmp (Trojan.Hiloti) -> Quarantined and deleted successfully. C:\WINDOWS\gnwtCdl.dll (Trojan.Hiloti) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully. ------ Malwarebytes' Anti-Malware 1.44 Database version: 3795 Windows 5.1.2600 Service Pack 2 Internet Explorer 6.0.2900.2180 2/27/2010 3:41:39 AM mbam-log-2010-02-27 (03-41-39).txt Scan type: Quick Scan Objects scanned: 122540 Time elapsed: 12 minute(s), 46 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 2 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Documents and Settings\Administrator\Local Settings\Temp\194.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temp\195.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
  3. Recently one of my business websites seemed to have cross-scripting issues and I contacted my host, HostGator about resolving the issue. However, before I was aware of the full scope of the problem, upon visiting the homepage I seem to have contracted some malware and a virus. I thought Norton Antivirus caught the Trojan as it gave me a popup notice and asked me to restart. Upon restart, the system went into a constant reboot where I couldn't even boot into Safe Mode. I suspected a rootkit issue and I followed the directions on: http://www.informationweek.com/news/window...xt=&isPrev= and REPAIRED the files so I could boot into Safe Mode with Networking. I need help making sure my system is clean before I boot up normally again as the first time I attempted the REPAIR and booted normally the same problem arose as I think the virus/malware may still be around. I am running Windows XP Professional SP2 I have cut and paste my Hijack this file below. Please let me know what my next step should be. Thanks in advance for your help. ----- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:32:28 PM, on 2/27/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Safe mode Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE \?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O2 - BHO: (no name) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - (no file) O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\17.5.0.127\IPSBHO.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (file missing) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file) O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file) O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (file missing) O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O4 - HKLM\..\Run: [setRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe O4 - HKLM\..\Run: [scheduler] C:\WINDOWS\SMINST\Scheduler.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [VX6000] C:\WINDOWS\vVX6000.exe O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe" O4 - HKLM\..\Run: [indexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing) O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Norton AntiVirus (NAV) - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\17.5.0.127\ccSvcHst.exe O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- End of file - 10451 bytes
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.