Jump to content

Results after following "I'm infected - What do I do now?" - Please Help


janeatte

Recommended Posts

Hi,

I followed the directions on the "I'm infected - What do I do now?" post and here are my results:

1) Malwarebytes' Anti-Malware found nothing.

2) Avira AntiVir Personal found nothing.

3) Then I did "Disable CD-ROM Emulation Software"

4) Attached are the logs/files from following the rest of the instructions. Also, "Copy/Paste the contents of 'DDS.txt' to be posted as text to your post" - see very bottom of my post.

My problem:

When clicking on links to Bank of America, Target, and Amazon through google, I have been taken to fake websites (not every time, but most times). I just type "Bank of America" into google, click on the first link (the actual Bank of America website) and then I am directed to a false website.

Here are links to pictures of what I see (first one is a fake malwarebytes website google directed me to):

virus4.JPG

virus2.JPG

Notes: While running GMER Rootkit Scanner, Avira AntiVir Personal found something, I clicked remove, but it did not confirm if it removed it or not, screen cap here:

avira.JPG

Questions:

1) Here is a screen cap of GMER Rootkit Scanner while it was running, I'm not sure I followed the directions correctly [(UNCHECKED * IAT/EAT * Drives/Partition other than Systemdrive (typically only C:\ should be checked) * Show All (don't miss this one)]:

scan.JPG

2) Is it absolutely necessary to stop using my computer until this is fixed? It seems like the harm would come from mistaking a "fake" website for a real one and entering any account info/passwords. Is there other harm it could do?

Thank you for your help!

contents of 'DDS.txt':

DDS (Ver_10-03-17.01) - NTFSx86

Run by User at 11:21:19.25 on Sun 09/19/2010

Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_10

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.894.463 [GMT -7:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

AV: avast! antivirus 4.8.1229 [VPS 080830-0] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe

C:\Program Files\VMware\VMware Workstation\vmware-tray.exe

C:\Program Files\VMware\VMware Workstation\hqtray.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\NCH Swift Sound\Recordpad\recordpad.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\WINDOWS\system32\vmnat.exe

C:\WINDOWS\system32\vmnetdhcp.exe

C:\Program Files\VMware\VMware Workstation\vmware-authd.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\msiexec.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

\\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE

C:\Program Files\Java\jre6\bin\jucheck.exe

C:\Documents and Settings\User\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office12\GRA8E1~1.DLL

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC

mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName

mRun: [synTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe

mRun: [vmware-tray] c:\program files\vmware\vmware workstation\vmware-tray.exe

mRun: [VMware hqtray] "c:\program files\vmware\vmware workstation\hqtray.exe"

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [Recordpad] "c:\program files\nch swift sound\recordpad\recordpad.exe" -logon

mRun: [HitmanPro35] "c:\program files\hitman pro 3.5\HitmanPro35.exe" /scan:boot

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hppsc2~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpobnz08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~3\office12\GR99D3~1.DLL

Notify: AtiExtEvent - Ati2evxx.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office12\GRA8E1~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\user\applic~1\mozilla\firefox\profiles\nd2eqok7.default\

FF - plugin: c:\documents and settings\user\application data\mozilla\firefox\profiles\nd2eqok7.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll

FF - HiddenExtension: XULRunner: {EB4A9AC0-1C70-4198-9001-5934D8A45E4A} - c:\documents and settings\user\local settings\application data\{EB4A9AC0-1C70-4198-9001-5934D8A45E4A}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - true

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-8-19 78416]

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-9-19 11608]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-9-19 135336]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-9-19 267432]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-8-19 20560]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-9-19 60936]

R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2008-6-28 200192]

S2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2008-8-19 147640]

S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2008-8-19 250040]

S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2008-8-19 348344]

=============== Created Last 30 ================

2010-09-19 18:14:16 176 ----a-w- c:\documents and settings\user\defogger_reenable

2010-09-19 17:49:08 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2010-09-19 17:49:07 0 d-----w- c:\program files\Avira

2010-09-19 17:49:07 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira

2010-09-19 17:31:01 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-09-19 17:31:00 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-09-19 17:30:59 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-09-19 11:55:59 2 --shatr- c:\windows\winstart.bat

2010-09-19 11:55:26 0 d-----w- c:\program files\UnHackMe

2010-09-19 11:09:19 550 ----a-w- c:\windows\system32\.crusader

2010-09-19 11:06:14 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2010-09-19 11:06:02 0 d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro

2010-09-19 11:06:00 0 d-----w- c:\program files\Hitman Pro 3.5

2010-09-19 01:04:39 0 d-----w- c:\docume~1\user\applic~1\Malwarebytes

2010-09-19 01:04:27 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2010-09-18 04:01:02 120 ----a-w- c:\windows\Odujijirazohito.dat

2010-09-18 04:01:02 0 ----a-w- c:\windows\Scowadolequfi.bin

==================== Find3M ====================

============= FINISH: 11:22:04.89 ===============

mbam_log_2010_09_19__10_44_45_.txt

Attach.zip

ark.zip

Link to post
Share on other sites

Hi,

Download ComboFix from one of these locations:

Link 1

Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them:
    Click me
    If you can't disable them then just continue on.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

Link to post
Share on other sites

Thanks for responding to my request for help. I ran combofix and the results are below. I will also attach the file of the log. After running combofix, I clicked to open Firefox and a message came up saying Firefox is not my default browser and it asked me if I wanted to make it my default browser, I don't usually see this message, is this ok? I'm just hyper paranoid about everything unusual now.

ComboFix 10-09-25.06 - User 09/25/2010 19:01:36.1.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.894.401 [GMT -7:00]

Running from: c:\documents and settings\User\Desktop\ComboFix.exe

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\User\GoToAssistDownloadHelper.exe

c:\documents and settings\User\Local Settings\Application Data\{EB4A9AC0-1C70-4198-9001-5934D8A45E4A}

c:\documents and settings\User\Local Settings\Application Data\{EB4A9AC0-1C70-4198-9001-5934D8A45E4A}\chrome.manifest

c:\documents and settings\User\Local Settings\Application Data\{EB4A9AC0-1C70-4198-9001-5934D8A45E4A}\chrome\content\_cfg.js

c:\documents and settings\User\Local Settings\Application Data\{EB4A9AC0-1C70-4198-9001-5934D8A45E4A}\chrome\content\overlay.xul

c:\documents and settings\User\Local Settings\Application Data\{EB4A9AC0-1C70-4198-9001-5934D8A45E4A}\install.rdf

.

((((((((((((((((((((((((( Files Created from 2010-08-26 to 2010-09-26 )))))))))))))))))))))))))))))))

.

2010-09-22 01:46 . 2010-09-22 01:46 -------- d-----w- c:\documents and settings\User\Application Data\Avira

2010-09-19 17:49 . 2010-03-01 17:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys

2010-09-19 17:49 . 2010-02-16 21:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2010-09-19 17:49 . 2009-05-11 19:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys

2010-09-19 17:49 . 2009-05-11 19:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

2010-09-19 17:49 . 2010-09-19 17:49 -------- d-----w- c:\program files\Avira

2010-09-19 17:49 . 2010-09-19 17:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

2010-09-19 17:31 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-09-19 17:31 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-09-19 17:30 . 2010-09-19 17:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-09-19 11:55 . 2010-09-19 11:55 2 --shatr- c:\windows\winstart.bat

2010-09-19 11:55 . 2010-09-19 17:11 -------- d-----w- c:\program files\UnHackMe

2010-09-19 11:06 . 2010-09-22 01:37 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2010-09-19 11:06 . 2010-09-19 11:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro

2010-09-19 11:06 . 2010-09-19 11:06 -------- d-----w- c:\program files\Hitman Pro 3.5

2010-09-19 01:04 . 2010-09-19 01:04 -------- d-----w- c:\documents and settings\User\Application Data\Malwarebytes

2010-09-19 01:04 . 2010-09-19 01:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-09-18 04:01 . 2010-09-19 01:20 120 ----a-w- c:\windows\Odujijirazohito.dat

2010-09-18 04:01 . 2010-09-19 01:20 0 ----a-w- c:\windows\Scowadolequfi.bin

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-22 01:25 . 2008-08-24 20:24 -------- d-----w- c:\documents and settings\User\Application Data\VMware

2010-09-22 01:25 . 2008-08-24 20:22 -------- d-----w- c:\documents and settings\LocalService\Application Data\VMware

2010-09-22 01:25 . 2008-08-24 20:17 -------- d-----w- c:\documents and settings\All Users\Application Data\VMware

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 102492]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 692316]

"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-11 339968]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"vmware-tray"="c:\program files\VMware\VMware Workstation\vmware-tray.exe" [2007-10-08 72240]

"VMware hqtray"="c:\program files\VMware\VMware Workstation\hqtray.exe" [2007-10-08 55856]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]

"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2003-03-09 188416]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-21 136600]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-06 413696]

"Recordpad"="c:\program files\NCH Swift Sound\Recordpad\recordpad.exe" [2009-06-15 876548]

"HitmanPro35"="c:\program files\Hitman Pro 3.5\HitmanPro35.exe" [2010-09-19 6305088]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

hp psc 2000 Series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2003-4-6 323646]

hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [9/19/2010 10:49 AM 135336]

R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [6/28/2008 11:07 PM 200192]

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8/7/2008 9:31 PM 717296]

.

Contents of the 'Scheduled Tasks' folder

2010-09-17 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]

2009-01-12 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 2170 series5E771253C1676EBED677BF361FDFC537825E15B8221174932.job

- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 07:52]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\nd2eqok7.default\

FF - plugin: c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\nd2eqok7.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - true.

- - - - ORPHANS REMOVED - - - -

HKLM-Run-ISUSPM - c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-09-25 19:06

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(852)

c:\windows\system32\Ati2evxx.dll

.

Completion time: 2010-09-25 19:08:55

ComboFix-quarantined-files.txt 2010-09-26 02:08

Pre-Run: 43,764,563,968 bytes free

Post-Run: 44,925,534,208 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - D74C2100112B1670E55A1850A06AE5D5

ComboFix.txt

Link to post
Share on other sites

Hi,

Please download OTM

  • Save it to your desktop.
  • Please double-click OTM to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    :Processes

    :Services

    :Reg

    :Files
    ipconfig /flushdns /c
    c:\windows\Odujijirazohito.dat
    c:\windows\Scowadolequfi.bin

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [emptyflash]
    [createrestorepoint]
    [reboot]


  • Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Close OTM and reboot your PC.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Start Malwarebytes' Anti-Malware

  • Once the program has loaded, click the "Update" tab and click the "Check For updates" button.
  • Once the updates were downloaded, click the "Scanner" tab, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I'd like us to scan your machine with ESET OnlineScan

  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the esetOnline.png button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    1. Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.

    3. Check esetAcceptTerms.png
    4. Click the esetStart.png button.
    5. Accept any security warnings from your browser.
    6. Check esetScanArchives.png
    7. Push the Start button.
    8. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    9. When the scan completes, push esetListThreats.png
    10. Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    11. Push the esetBack.png button.
    12. Push esetFinish.png

Link to post
Share on other sites

  • 2 weeks later...

Hi, sorry for the delay. I ran OTM as instructed and then Malwarebytes. Malwarebytes did not find anything. The log is below. I will now do the Eset scan. Thanks again!

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4745

Windows 5.1.2600 Service Pack 2

Internet Explorer 6.0.2900.2180

10/4/2010 9:57:17 PM

mbam-log-2010-10-04 (21-57-17).txt

Scan type: Quick scan

Objects scanned: 131555

Time elapsed: 7 minute(s), 7 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Ok, the eset scan finished and it didn't find anything. I have included a picture of what came up after the scan. I'm starting to feel like I'm making this up! However, I do know that as recently as 1 or 2 days ago, my computer was still doing the redirect. I am trying to type website addresses directly into the address bar (I don't seem to be taken to the wrong websites when I do this), but the other day I forgot and typed Petco into google and it took me to a fake Petco website.

post-52613-1286288539_thumb.jpg

Link to post
Share on other sites

btw, below is a redirect I just got tonight. I seem to be able to use the internet ok as long as I type in the website address directly into the address bar and avoid doing anything that would require me to give out sensitive info (like credit card, social security, etc). Am I ok to use the internet like this?

Link to post
Share on other sites

btw, below is a redirect I just got tonight. I seem to be able to use the internet ok as long as I type in the website address directly into the address bar and avoid doing anything that would require me to give out sensitive info (like credit card, social security, etc). Am I ok to use the internet like this?

post-52613-1286335906_thumb.jpg

Link to post
Share on other sites

Hi,

Open notepad by going to Start > Run and type notepad.exe in the box that appears. In the window that pops up please copy and paste the following:

@echo off

>Router_Log_Gammo.txt (

ipconfig /all

nslookup google.com

nslookup yahoo.com

ping -n 2 google.com

ping -n 2 yahoo.com

route print

)

start Router_Log_Gammo.txt

del %0

In Notepad click on the "File" menu > Save As...

Under "File name" type Router_Gammo.bat

Change "Save as type" to All Files

Save it to your Desktop

Double click on Router_Gammo.bat. It will open a notepad windows. Please post the contents of this file in your next reply.

Link to post
Share on other sites

Windows IP Configuration

Host Name . . . . . . . . . . . . : compaq-laptop

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : socal.rr.com

Ethernet adapter VMware Network Adapter VMnet8:

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : VMware Virtual Ethernet Adapter for VMnet8

Physical Address. . . . . . . . . : 00-50-56-C0-00-08

Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : 192.168.154.1

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . :

Ethernet adapter Wireless Network Connection:

Connection-specific DNS Suffix . : socal.rr.com

Description . . . . . . . . . . . : Broadcom 802.11b/g WLAN

Physical Address. . . . . . . . . : 00-90-4B-F5-B9-24

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.100

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 209.18.47.61

209.18.47.62

Lease Obtained. . . . . . . . . . : Wednesday, October 06, 2010 5:58:48 PM

Lease Expires . . . . . . . . . . : Thursday, October 07, 2010 5:58:48 PM

Ethernet adapter VMware Network Adapter VMnet1:

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : VMware Virtual Ethernet Adapter for VMnet1

Physical Address. . . . . . . . . : 00-50-56-C0-00-01

Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : 192.168.60.1

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . :

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Realtek RTL8139/810x Family Fast Ethernet NIC

Physical Address. . . . . . . . . : 00-C0-9F-AB-85-38

Server: dns-cac-lb-01.rr.com

Address: 209.18.47.61

Name: google.com

Addresses: 66.102.7.104, 66.102.7.99

Server: dns-cac-lb-01.rr.com

Address: 209.18.47.61

Name: yahoo.com

Addresses: 69.147.125.65, 72.30.2.43, 98.137.149.56, 209.191.122.70

67.195.160.76

Pinging google.com [66.102.7.104] with 32 bytes of data:

Reply from 66.102.7.104: bytes=32 time=13ms TTL=54

Reply from 66.102.7.104: bytes=32 time=12ms TTL=54

Ping statistics for 66.102.7.104:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 12ms, Maximum = 13ms, Average = 12ms

Pinging yahoo.com [69.147.125.65] with 32 bytes of data:

Reply from 69.147.125.65: bytes=32 time=91ms TTL=49

Reply from 69.147.125.65: bytes=32 time=92ms TTL=49

Ping statistics for 69.147.125.65:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 91ms, Maximum = 92ms, Average = 91ms

===========================================================================

Interface List

0x1 ........................... MS TCP Loopback interface

0x2 ...00 50 56 c0 00 08 ...... VMware Virtual Ethernet Adapter for VMnet8

0x3 ...00 90 4b f5 b9 24 ...... Broadcom 802.11b/g WLAN - Packet Scheduler Miniport

0x4 ...00 50 56 c0 00 01 ...... VMware Virtual Ethernet Adapter for VMnet1

0x5 ...00 c0 9f ab 85 38 ...... Realtek RTL8139 Family PCI Fast Ethernet NIC - Packet Scheduler Miniport

===========================================================================

===========================================================================

Active Routes:

Network Destination Netmask Gateway Interface Metric

0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.100 25

127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1

192.168.1.0 255.255.255.0 192.168.1.100 192.168.1.100 25

192.168.1.100 255.255.255.255 127.0.0.1 127.0.0.1 25

192.168.1.255 255.255.255.255 192.168.1.100 192.168.1.100 25

192.168.60.0 255.255.255.0 192.168.60.1 192.168.60.1 20

192.168.60.1 255.255.255.255 127.0.0.1 127.0.0.1 20

192.168.60.255 255.255.255.255 192.168.60.1 192.168.60.1 20

192.168.154.0 255.255.255.0 192.168.154.1 192.168.154.1 20

192.168.154.1 255.255.255.255 127.0.0.1 127.0.0.1 20

192.168.154.255 255.255.255.255 192.168.154.1 192.168.154.1 20

224.0.0.0 240.0.0.0 192.168.1.100 192.168.1.100 25

224.0.0.0 240.0.0.0 192.168.60.1 192.168.60.1 20

224.0.0.0 240.0.0.0 192.168.154.1 192.168.154.1 20

255.255.255.255 255.255.255.255 192.168.1.100 192.168.1.100 1

255.255.255.255 255.255.255.255 192.168.60.1 192.168.60.1 1

255.255.255.255 255.255.255.255 192.168.154.1 192.168.154.1 1

255.255.255.255 255.255.255.255 192.168.154.1 5 1

Default Gateway: 192.168.1.1

===========================================================================

Persistent Routes:

None

Link to post
Share on other sites

ComboFix 10-10-06.02 - User 10/07/2010 7:21.2.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.894.439 [GMT -7:00]

Running from: c:\documents and settings\User\Desktop\ComboFix.exe

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\User\Local Settings\Application Data\{6C4BB0AA-17D5-4D14-AF31-2800D15049EA}

c:\documents and settings\User\Local Settings\Application Data\{6C4BB0AA-17D5-4D14-AF31-2800D15049EA}\chrome.manifest

c:\documents and settings\User\Local Settings\Application Data\{6C4BB0AA-17D5-4D14-AF31-2800D15049EA}\chrome\content\_cfg.js

c:\documents and settings\User\Local Settings\Application Data\{6C4BB0AA-17D5-4D14-AF31-2800D15049EA}\chrome\content\overlay.xul

c:\documents and settings\User\Local Settings\Application Data\{6C4BB0AA-17D5-4D14-AF31-2800D15049EA}\install.rdf

.

((((((((((((((((((((((((( Files Created from 2010-09-07 to 2010-10-07 )))))))))))))))))))))))))))))))

.

2010-10-05 05:12 . 2010-10-05 05:12 -------- d-----w- c:\program files\ESET

2010-10-05 03:45 . 2010-10-05 03:45 -------- d-----w- C:\_OTM

2010-09-22 01:46 . 2010-09-22 01:46 -------- d-----w- c:\documents and settings\User\Application Data\Avira

2010-09-19 17:49 . 2010-03-01 17:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys

2010-09-19 17:49 . 2010-02-16 21:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2010-09-19 17:49 . 2009-05-11 19:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys

2010-09-19 17:49 . 2009-05-11 19:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

2010-09-19 17:49 . 2010-09-19 17:49 -------- d-----w- c:\program files\Avira

2010-09-19 17:49 . 2010-09-19 17:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

2010-09-19 17:31 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-09-19 17:31 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-09-19 17:30 . 2010-09-19 17:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-09-19 11:55 . 2010-09-19 11:55 2 --shatr- c:\windows\winstart.bat

2010-09-19 11:55 . 2010-09-19 17:11 -------- d-----w- c:\program files\UnHackMe

2010-09-19 11:06 . 2010-10-05 04:13 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2010-09-19 11:06 . 2010-09-19 11:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro

2010-09-19 11:06 . 2010-09-19 11:06 -------- d-----w- c:\program files\Hitman Pro 3.5

2010-09-19 01:04 . 2010-09-19 01:04 -------- d-----w- c:\documents and settings\User\Application Data\Malwarebytes

2010-09-19 01:04 . 2010-09-19 01:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-10-05 04:43 . 2008-08-24 20:24 -------- d-----w- c:\documents and settings\User\Application Data\VMware

2010-10-05 04:31 . 2008-08-24 20:22 -------- d-----w- c:\documents and settings\LocalService\Application Data\VMware

2010-10-05 04:31 . 2008-08-24 20:17 -------- d-----w- c:\documents and settings\All Users\Application Data\VMware

.

((((((((((((((((((((((((((((( SnapShot@2010-09-26_02.06.35 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-10-05 04:31 . 2010-10-05 04:31 16384 c:\windows\Temp\Perflib_Perfdata_754.dat

+ 2010-10-05 04:30 . 2010-10-05 04:30 16384 c:\windows\Temp\Perflib_Perfdata_6b8.dat

+ 2004-08-04 12:00 . 2010-10-05 04:44 42448 c:\windows\system32\perfc009.dat

- 2004-08-04 12:00 . 2010-09-22 01:29 42448 c:\windows\system32\perfc009.dat

+ 2004-08-04 12:00 . 2010-10-05 04:44 317760 c:\windows\system32\perfh009.dat

- 2004-08-04 12:00 . 2010-09-22 01:29 317760 c:\windows\system32\perfh009.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 102492]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 692316]

"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-11 339968]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"vmware-tray"="c:\program files\VMware\VMware Workstation\vmware-tray.exe" [2007-10-08 72240]

"VMware hqtray"="c:\program files\VMware\VMware Workstation\hqtray.exe" [2007-10-08 55856]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]

"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2003-03-09 188416]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-21 136600]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-06 413696]

"Recordpad"="c:\program files\NCH Swift Sound\Recordpad\recordpad.exe" [2009-06-15 876548]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

hp psc 2000 Series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2003-4-6 323646]

hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [9/19/2010 10:49 AM 135336]

R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [6/28/2008 11:07 PM 200192]

S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [9/19/2010 4:06 AM 16968]

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8/7/2008 9:31 PM 717296]

.

Contents of the 'Scheduled Tasks' folder

2010-09-17 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]

2009-01-12 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 2170 series5E771253C1676EBED677BF361FDFC537825E15B8221174932.job

- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 07:52]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\nd2eqok7.default\

FF - plugin: c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\nd2eqok7.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - true.

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(848)

c:\windows\system32\Ati2evxx.dll

.

Completion time: 2010-10-07 07:27:40

ComboFix-quarantined-files.txt 2010-10-07 14:27

ComboFix2.txt 2010-09-26 02:08

Pre-Run: 44,858,425,344 bytes free

Post-Run: 44,849,655,808 bytes free

- - End Of File - - 56D00889F729B5EC782BF619285F2119

Link to post
Share on other sites

So far so good......

What was the problem? Also, how was it fixed....I think I just ran scans right (or did the scans not just scan, but also fixed/removed things too)? Sorry, the answer to these questions are probably complex, but I'd be happy with a simplified version :)

I'll follow up if I experience more redirects. Thank you!!!

Link to post
Share on other sites

Thanks again for the help! I made a donation for the help :o Is there anyway to delete this post? I made a donation for the help :o Someone pointed out to me that "From what you posted: DNS, Mac Address, IP Address, etc., you are pretty badly exposed to the world in letting people know how to get to your computer."

Link to post
Share on other sites

Thanks again for the help! I made a donation for the help :o Is there anyway to delete this post? I made a donation for the help :o Someone pointed out to me that "From what you posted: DNS, Mac Address, IP Address, etc., you are pretty badly exposed to the world in letting people know how to get to your computer."

Oops sorry I didn't mean to mention the donation twice, but I can't find a way to edit my posts.

Link to post
Share on other sites

  • 3 weeks later...
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.