Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HJT Log marcodeklijn


  • Please log in to reply
11 replies to this topic

#1 marcodeklijn

marcodeklijn

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:10 AM

Posted 02 February 2005 - 01:38 PM

hello everyone,

i too have severe problems with my internet explorer since it was hijackecked.
Yesterday i've tried to fix it with the help of the solutions provided in this forum, but it didn't help. can someone please look at my hijack log . here it is:

Logfile of HijackThis v1.99.0
Scan saved at 19:35:13, on 2-2-2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
E:\WINDOWS\System32\nvsvc32.exe
E:\WINDOWS\system32\ZONELABS\vsmon.exe
E:\WINDOWS\explorer.exe
E:\WINDOWS\system32\winservices.exe
E:\WINDOWS\System32\gsicon.exe
E:\WINDOWS\System32\dslagent.exe
E:\WINDOWS\anvshell.exe
E:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
E:\Program Files\Common Files\Real\Update_OB\realsched.exe
E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
E:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe
E:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
E:\WINDOWS\System32\ctfmon.exe
D:\Program Files\FeedReader\feedreader.exe
E:\Program Files\Real\RealPlayer\RealPlay.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\WINDOWS\System32\devldr32.exe
C:\hyjack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://E:\DOCUME~1\marco\LOCALS~1\Temp\sp.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://E:\DOCUME~1\marco\LOCALS~1\Temp\sp.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
F2 - REG:system.ini: Shell=explorer.exe winservices.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {A8BF91F1-54E9-438D-8E90-D24AC710D6D2} - E:\WINDOWS\System32\ealpii.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [www.hidro.4t.com ] enbiei.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [anvshell] anvshell.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LiveNote] livenote.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [NeroCheck] E:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] "E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [winsockdriver] winservices.exe
O4 - HKLM\..\Run: [AVG7_CC] E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] E:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Ulead Photo Express Calendar Checker] E:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe
O4 - HKLM\..\Run: [Ulead AutoDetector] E:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [feedreader.exe] D:\Program Files\FeedReader\feedreader.exe
O4 - HKCU\..\RunOnce: [winsockdriver] winservices.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: E:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/11639f91126132...ip/RdxIE601.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game19.zylomgames.com/activex/zylomgamesplayer.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8034C901-1D5E-4BDE-A44C-6B68A633F30C}: NameServer = 194.134.5.5 194.134.0.97
O18 - Filter: text/html - {870119FF-6199-46BF-A261-959E26158F8C} - E:\WINDOWS\System32\ealpii.dll
O18 - Filter: text/plain - {870119FF-6199-46BF-A261-959E26158F8C} - E:\WINDOWS\System32\ealpii.dll
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ASUS Driver Helper Service - NVIDIA Corporation - E:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - E:\WINDOWS\system32\ZONELABS\vsmon.exe

BC AdBot (Login to Remove)

 


#2 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:10:10 PM

Posted 02 February 2005 - 08:11 PM

Hello marcodeklijn,

Download the latest version of Adaware SE here: http://www.lavasoft.de/support/download/
Install it, but don't run it yet. Click on the globe in the upper right hand corner to get the latest updates.

**********

Please download the CWShredder (Standalone version). http://www.intermute.com/spysubtract/cwshr...r_download.html

**********

Download and install APM from here: http://www.diamondcs.com.au/index.php?page=apm
(don't run it yet we will get to that in a minute)

**********

Put a checkmark next to the following entries in HijackThis.
Make sure all other windows and browsers are closed before clicking on “Fix Checked”.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://E:\DOCUME~1\marco\LOCALS~1\Temp\sp.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://E:\DOCUME~1\marco\LOCALS~1\Temp\sp.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {A8BF91F1-54E9-438D-8E90-D24AC710D6D2} - E:\WINDOWS\System32\ealpii.dll


**********

Now, start APM.
In the upper window select explorer.exe
In the lower window find and rightclick the O2 - BHO: entry from your HijackThis log.

In the current log it is this file but it may have changed names.
It is currently :
O2 - BHO: (no name) - {A8BF91F1-54E9-438D-8E90-D24AC710D6D2} - E:\WINDOWS\System32\ealpii.dll <--This file name

Select Unload DLL, and click OK on the prompts that follow.

**********


Boot into SAFE MODE by tapping the f8 key during boot up.

Run the CWShredder. Let it fix everything it finds.

Scan with AdAware SE to automatically remove the txt and html protocol associations and to clean up the remnants of the hijack.

Run Adaware SE with the following settings:


Configure Ad-aware SE

Click on the Gear-shaped icon at the top to open the Settings window.

All of the following settings I mention should be enabled (green checkmark). Some settings cannot be enabled in certain versions of Windows. If a setting I mention is grey and can't be enabled, skip it.

General Settings- Automatically save log-file, Automatically quarantine objects prior to removal, and Safe Mode (always request confirmation)

Scanning Settings

Scan Within Archives

Click on 'Click here to select drives + folders' and check next to each hard drive then hit ok.

Scan Active Processes

Scan Registry

Deep Scan Registry

Scan my IE favorites for banned URL’s

Scan my Hosts file

Advanced Settings - Enable all four options under 'Log-file Detail level'

Tweak Settings


Under 'Scanning Engine' - Enable 'Unload recognized processes during scanning', 'Include basic Ad-aware settings in logfile', and 'Include additional Ad-aware settings in logfile'

Under ‘Cleaning Engine’ - Enable 'Let Windows remove files in use at next reboot'

Click Proceed

Click on the 'Start' button in the lower right.

Select 'Use custom scanning options', enable 'Activate in-depth scanning', and click Next. The scan will take several minutes to complete. When the scan is complete click Next.

Right click on the list of items and click 'Select all items' then click Next. Press Yes to confirm. The detected items are now quarantined.

Close Ad-aware


If Ad-Aware SE needs to reboot to finish cleaning, please let it.

**********

Please run the following online scan and let it fix everything it finds:TrendMicro
http://housecall.trendmicro.com/housecall/start_corp.asp

**********

Please reboot and submit a Hijackthis log to this thread.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 marcodeklijn

marcodeklijn
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:10 AM

Posted 04 February 2005 - 03:28 PM

dear Helper,

your solution seems to work.

here's my new hyjack log.

Thanks for everything.

Logfile of HijackThis v1.99.0
Scan saved at 21:27:12, on 4-2-2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
E:\WINDOWS\System32\nvsvc32.exe
E:\WINDOWS\system32\ZONELABS\vsmon.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\System32\gsicon.exe
E:\WINDOWS\System32\dslagent.exe
E:\WINDOWS\anvshell.exe
E:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
E:\Program Files\Common Files\Real\Update_OB\realsched.exe
E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
E:\WINDOWS\System32\winservices.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
E:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe
E:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
E:\WINDOWS\System32\ctfmon.exe
D:\Program Files\FeedReader\feedreader.exe
E:\WINDOWS\System32\devldr32.exe
E:\Program Files\Mozilla Firefox\firefox.exe
C:\hyjack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://E:\DOCUME~1\marco\LOCALS~1\Temp\sp.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.wanadoo.nl/familiedeklijn/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://E:\DOCUME~1\marco\LOCALS~1\Temp\sp.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
F2 - REG:system.ini: Shell=explorer.exe winservices.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [anvshell] anvshell.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LiveNote] livenote.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [NeroCheck] E:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] "E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [winsockdriver] winservices.exe
O4 - HKLM\..\Run: [AVG7_CC] E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] E:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Ulead Photo Express Calendar Checker] E:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe
O4 - HKLM\..\Run: [Ulead AutoDetector] E:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [ElbyCheckElbyCDFL] "d:\program files\ElbyCheck.exe" /L ElbyCDFL
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [feedreader.exe] D:\Program Files\FeedReader\feedreader.exe
O4 - HKCU\..\RunOnce: [winsockdriver] winservices.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SpySubtract.lnk = D:\Program Files\SpySub.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: E:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/11639f91126132...ip/RdxIE601.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game19.zylomgames.com/activex/zylomgamesplayer.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8034C901-1D5E-4BDE-A44C-6B68A633F30C}: NameServer = 194.134.5.5 194.134.0.97
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ASUS Driver Helper Service - NVIDIA Corporation - E:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - E:\WINDOWS\system32\ZONELABS\vsmon.exe

#4 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:10:10 PM

Posted 04 February 2005 - 04:26 PM

You have a suspicious file we need to check.
Go to Jotti's malware scan press the Browse button, and find E:\WINDOWS\System32\winservices.exe , then upload and scan it.
Let me know the results. Copy and paste the output to this thread
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 marcodeklijn

marcodeklijn
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:10 AM

Posted 10 February 2005 - 01:51 PM

the scan found a problem indeed. here's the log:
Service load:
0% 100%
File: winservices.exe
Status:
INFECTED/MALWARE
Packers detected:
UPX

AntiVir
TR/Mazin.C (1.63 seconds taken)
Avast
No viruses found (4.97 seconds taken)
AVG Antivirus
No viruses found (5.13 seconds taken)
BitDefender
BehavesLike:Trojan.ShellIni (probable variant) (2.27 seconds taken)
ClamAV
No viruses found (1.90 seconds taken)
Dr.Web
Win32.HLLW.SpyBot (0.89 seconds taken)
F-Prot Antivirus
No viruses found (0.08 seconds taken)
Fortinet
No viruses found (0.54 seconds taken)
Kaspersky Anti-Virus
Backdoor.Win32.SpyBoter.ci (0.69 seconds taken)
mks_vir
Trojan.Mazin.C (0.40 seconds taken)
NOD32
probably unknown NewHeur_PE (probable variant) (0.51 seconds taken)
Norman Virus Control
No viruses found (26.13 seconds taken)

Statistics
Last piece of malware found was Worm.Beagle.Ay in Jol03.scr, detected by:

Scanner Malware name Time taken
AntiVir X 0.21 seconds
Avast X 1.51 seconds
AVG Antivirus X 0.84 seconds
BitDefender X 0.37 seconds
ClamAV X 0.38 seconds
Dr.Web X 0.56 seconds
F-Prot Antivirus X 0.07 seconds
Fortinet X 0.43 seconds
Kaspersky Anti-Virus Email-Worm.Win32.Bagle.ay 0.63 seconds
mks_vir Worm.Beagle.Ay 0.22 seconds
NOD32 X 0.41 seconds
Norman Virus Control X 0.34 seconds




how can i fix this problem

#6 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:10:10 PM

Posted 10 February 2005 - 02:12 PM

You still have some malware on your computer. :thumbsup: let us get rid of it.

**********************************************************

How to Reboot into Safe Mode
tap F8 key during reboot, until the boot menu appears...use the arrow keys to choose "Safe Mode" from the menu......,then press the "Enter" key.


Please boot into Safe Mode, go to HijackThis->Config->Misc. Tools->Open process manager. Select the following and click “Kill process” for each.

E:\WINDOWS\System32\winservices.exe

**********************************************************

While in the Safe Mode and select the following with HijackThis.
With all windows (including this one!) closed (close browser/explorer windows), please select "fix.”

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://E:\DOCUME~1\marco\LOCALS~1\Temp\sp.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://E:\DOCUME~1\marco\LOCALS~1\Temp\sp.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
O4 - HKLM\..\Run: [winsockdriver] winservices.exe
O4 - HKCU\..\RunOnce: [winsockdriver] winservices.exe
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/11639f91126132...ip/RdxIE601.cab


**********************************************************

Go to My Computer and double-click C.
Go to the Tools menu and select 'Folder Options'.
On the 'View' tab select 'show hidden files and folders' and deselect (uncheck) 'hide protected operating system files (recommended)'.

Find and delete each of the following. If you can't delete an item, right-click it and click properties. Make sure 'read-only' is unchecked.
If you still can't delete something, right-click it and rename it to a random word. Then drag the item to a different location. Try deleting it now. If you still can't, be sure to let me know.

Delete the following files/folders in bold:

E:\WINDOWS\System32\winservices.exe <==file

**********************************************************

Let empty the temp files:

Download: CCleaner from http://www.ccleaner.com/ and install it. (default location is best).
Select the Windows Tab, Run CCleaner ,(click Run Cleaner (bottom right) then, when it finishes scanning click Exit.)
When you see "Complete" on the top line, it's done. It's very fast.

**********************************************************

Finally, reboot and post a new Hijackthis log, and tell me how your computer is running.

Edited by SifuMike, 10 February 2005 - 02:14 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 marcodeklijn

marcodeklijn
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:10 AM

Posted 22 February 2005 - 02:33 PM

hello,

this is the new log from hijack.
i must say: when XP started up the system could nog found the file "winservices.exe". problably because we deleted it. What does this file exactly do?

Logfile of HijackThis v1.99.0
Scan saved at 20:31:34, on 22-2-2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
E:\WINDOWS\System32\nvsvc32.exe
E:\WINDOWS\system32\ZONELABS\vsmon.exe
E:\WINDOWS\explorer.exe
E:\WINDOWS\System32\gsicon.exe
E:\WINDOWS\System32\dslagent.exe
E:\WINDOWS\anvshell.exe
E:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
E:\Program Files\Common Files\Real\Update_OB\realsched.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
E:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe
E:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
E:\WINDOWS\System32\ctfmon.exe
D:\Program Files\SpySub.exe
E:\WINDOWS\System32\devldr32.exe
E:\Program Files\Mozilla Firefox\firefox.exe
C:\hyjack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.wanadoo.nl/familiedeklijn/
F2 - REG:system.ini: Shell=explorer.exe winservices.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [anvshell] anvshell.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LiveNote] livenote.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [NeroCheck] E:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] E:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Ulead Photo Express Calendar Checker] E:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe
O4 - HKLM\..\Run: [Ulead AutoDetector] E:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [ElbyCheckElbyCDFL] "d:\program files\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [Zone Labs Client] "E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [feedreader.exe] D:\Program Files\FeedReader\feedreader.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SpySubtract.lnk = D:\Program Files\SpySub.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: E:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game19.zylomgames.com/activex/zylomgamesplayer.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8034C901-1D5E-4BDE-A44C-6B68A633F30C}: NameServer = 194.134.5.5 194.134.0.97
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ASUS Driver Helper Service - NVIDIA Corporation - E:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs LLC - E:\WINDOWS\system32\ZONELABS\vsmon.exe

#8 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:10:10 PM

Posted 22 February 2005 - 04:41 PM

Hello marcodeklijn,

system could nog found the file "winservices.exe". problably because we deleted it. What does this file exactly do?


winservices.exe is added to the system as a result of W32/Yaha-L worm. This changes essential parts of Windows to make itself run whenever a .EXE is executed. The application also tries to disable any installed anti-virus application.
More on that here:
http://www.trendmicro.com/vinfo/virusencyc...AHA%2EK&VSect=P
and
http://www.pandasoftware.com/virus_info/en...t&idvirus=37807

Looks like I missed one item in your log. :thumbsup:

How to Reboot into Safe Mode
tap F8 key during reboot, until the boot menu appears...use the arrow keys to choose "Safe Mode" from the menu......,then press the "Enter" key.


Reboot to the Safe Mode and select the following with HijackThis.
With all windows (including this one!) closed (close browser/explorer windows), please select "fix.”

F2 - REG:system.ini: Shell=explorer.exe winservices.exe

Finally, reboot and post a new Hijackthis log, and tell me how your computer is running.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 marcodeklijn

marcodeklijn
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:10 AM

Posted 24 February 2005 - 02:45 PM

well. i've runned hijack but the entry you mentioned did'nt occur in the log.
so i couldn't delete is.

here's the new log:

Logfile of HijackThis v1.99.0
Scan saved at 20:43:41, on 24-2-2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
E:\WINDOWS\System32\nvsvc32.exe
E:\WINDOWS\system32\ZONELABS\vsmon.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\System32\gsicon.exe
E:\WINDOWS\System32\dslagent.exe
E:\WINDOWS\anvshell.exe
E:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
E:\Program Files\Common Files\Real\Update_OB\realsched.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
E:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe
E:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
E:\WINDOWS\System32\ctfmon.exe
D:\Program Files\SpySub.exe
E:\Program Files\Real\RealPlayer\RealPlay.exe
E:\WINDOWS\System32\devldr32.exe
C:\hyjack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.wanadoo.nl/familiedeklijn/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [anvshell] anvshell.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LiveNote] livenote.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [NeroCheck] E:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] E:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Ulead Photo Express Calendar Checker] E:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe
O4 - HKLM\..\Run: [Ulead AutoDetector] E:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [ElbyCheckElbyCDFL] "d:\program files\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [Zone Labs Client] "E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [feedreader.exe] D:\Program Files\FeedReader\feedreader.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SpySubtract.lnk = D:\Program Files\SpySub.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: E:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game19.zylomgames.com/activex/zylomgamesplayer.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8034C901-1D5E-4BDE-A44C-6B68A633F30C}: NameServer = 194.134.5.5 194.134.0.97
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ASUS Driver Helper Service - NVIDIA Corporation - E:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs LLC - E:\WINDOWS\system32\ZONELABS\vsmon.exe

#10 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:10:10 PM

Posted 24 February 2005 - 02:56 PM

Hello marcodeklijn,

The log looks clean, congratulations! :thumbsup: Good job on the cleanup!

Please read and follow
How did I get infected?, With steps so it does not happen again!

Your IE needs updating. Please go to
Microsoft's windows update site
and do all Critical Updates.

A newer version of Service Pack(SP2) is available. Service Packs (SP2) increase the safety of your system. Visit Microsoft's windows update site
to download the newest version of the Service Pack (SP2).

I do not recommend you install the Firewall that is included in the Service Pack 2, as it is inferior to commerical firewalls (like Sygate, and ZoneAlarm).
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#11 marcodeklijn

marcodeklijn
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:10 AM

Posted 25 February 2005 - 01:55 PM

thanx for everything.

you forgot one usefull tip: don't let your wife use your computer !!! :thumbsup:

#12 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:10:10 PM

Posted 25 February 2005 - 02:01 PM

:thumbsup: LOL
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users