Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ismmodule2.exe


  • This topic is locked This topic is locked
7 replies to this topic

#1 SuicidalBama

SuicidalBama

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:23 PM

Posted 21 August 2007 - 05:16 PM

I am the geek of the house and 1 of the roomie's has the the ISMModule2.exe spyware/malware bug. I have gone thru ALL of the pre-posting check-list and here is the 1st HJTLog. Thank You for your efforts and help before-hand.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:06:45 PM, on 8/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Common Files\?ymantec\m?iexec.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {CB07241F-C9A1-CF08-89DF-93ABA90250B4} - C:\WINDOWS\system32\spfcmbik.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu11.exe 61A847B5BBF72813338B2B27128065E9C084320161C4661227A755E9C2933154389A284662E901F3D293314D6ECF32257895769ABCF75D7551F77A0336A845A38782230C67D36D
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [rufw] C:\PROGRA~1\COMMON~1\rufw\rufwm.exe
O4 - HKCU\..\Run: [Ncso] "C:\WINDOWS\YMANTE~1\arpa.exe" -vt yazb
O4 - HKCU\..\Run: [Biceswwy] C:\WINDOWS\?dobe\??rss.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Twp] "C:\Program Files\Common Files\?ymantec\m?iexec.exe"
O4 - HKCU\..\Run: [ISMModule2] "C:\Program Files\ISM\ISMModule2.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3F0EECCE-E138-11D1-8712-0060083D83F5} (LPViewer Class) - http://www.mgisoft.com/ActiveX/LPControl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

--
End of file - 4779 bytes

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:08:23 PM

Posted 21 August 2007 - 06:30 PM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum SuicidalBama :thumbsup:
My name is Richie and i'll be helping you to fix your problems.

Download Combofix and save to your desktop:
Note:
It is important that it is saved directly to your desktop

Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window while it's running.
That may cause the program to freeze/hang.

Do NOT post the ComboFix-quarantined-files.txt unless I ask.

Also post a new Hijackthis log please.
Posted Image
Posted Image

#3 SuicidalBama

SuicidalBama
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:23 PM

Posted 21 August 2007 - 09:18 PM

Part Deux:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:41:27 PM, on 8/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {9815DA81-2E0C-478c-90E4-06E474E704D0} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {CB07241F-C9A1-CF08-89DF-93ABA90250B4} - C:\WINDOWS\system32\spfcmbik.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [rufw] C:\PROGRA~1\COMMON~1\rufw\rufwm.exe
O4 - HKCU\..\Run: [Ncso] "C:\WINDOWS\YMANTE~1\arpa.exe" -vt yazb
O4 - HKCU\..\Run: [Biceswwy] C:\WINDOWS\?dobe\??rss.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Twp] "C:\Program Files\Common Files\?ymantec\m?iexec.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3F0EECCE-E138-11D1-8712-0060083D83F5} (LPViewer Class) - http://www.mgisoft.com/ActiveX/LPControl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

--
End of file - 4629 bytes



Combo Fix:

ComboFix 07-08-22.1 - "Kelly" 2007-08-21 17:35:18.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.292 [GMT -7:00]


((((((((((((((((((((((((( Files Created from 2007-07-22 to 2007-08-22 )))))))))))))))))))))))))))))))


2007-08-21 17:12 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-21 15:05 <DIR> d-------- C:\Program Files\Trend Micro
2007-08-21 07:45 <DIR> d-------- C:\Program Files\Lavasoft
2007-08-21 07:45 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-21 07:45 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-08-20 14:09 <DIR> d-------- C:\WINDOWS\network diagnostic
2007-08-18 21:56 21,312 --a------ C:\WINDOWS\choice.exe
2007-08-18 21:55 <DIR> d-------- C:\ie-spyad
2007-08-18 21:46 118,784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL
2007-08-18 21:46 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-08-18 21:43 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-08-18 19:30 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-08-18 19:07 96,384 -ra------ C:\WINDOWS\system32\drivers\Rtnicxp.sys
2007-08-18 19:07 <DIR> d-------- C:\WINDOWS\system32\ReinstallBackups
2007-08-18 19:07 <DIR> d-------- C:\WINDOWS\OPTIONS
2007-08-18 19:07 <DIR> d-------- C:\Program Files\Realtek
2007-08-18 19:06 <DIR> d-------- C:\DOCUME~1\Kelly\APPLIC~1\InstallShield
2007-08-17 20:06 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AntiVir PersonalEdition Classic


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-21 11:00 --------- d-------- C:\Program Files\Google
2007-08-21 10:12 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-08-21 07:46 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-08-21 07:46 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-08-18 20:09 --------- d-------- C:\Program Files\Messenger
2007-08-18 19:07 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-06 14:45 --------- d-------- C:\Program Files\dizzler
2007-07-03 22:51 --------- d-------- C:\Program Files\Common Files\rufw
2007-07-03 22:46 --------- d-------- C:\Program Files\Common Files\InstallShield
2007-07-03 22:46 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Napster
2007-06-25 23:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-19 06:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-13 03:23 1033216 --a------ C:\WINDOWS\explorer.exe
2005-07-29 23:24:26 472 --sha-r C:\WINDOWS\QnJ1bm8\kBLYvAf.vbs


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9815DA81-2E0C-478c-90E4-06E474E704D0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CB07241F-C9A1-CF08-89DF-93ABA90250B4}]
C:\WINDOWS\system32\spfcmbik.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NapsterShell"="C:\Program Files\Napster\napster.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-29 22:37]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-04-02 10:35]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-05-29 18:34]
"rufw"="C:\PROGRA~1\COMMON~1\rufw\rufwm.exe" []
"Ncso"="C:\WINDOWS\YMANTE~1\arpa.exe" []
"Biceswwy"="C:\WINDOWS\?dobe\??rss.exe" []
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04]
"Twp"="C:\Program Files\Common Files\?ymantec\m?iexec.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

R1 avgio;avgio;\??\C:\Program Files\AntiVir PersonalEdition Classic\avgio.sys
R1 avipbb;avipbb;C:\WINDOWS\system32\DRIVERS\avipbb.sys
R1 ssmdrv;ssmdrv;C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
R3 avgntflt;avgntflt;\??\C:\Program Files\AntiVir PersonalEdition Classic\avgntflt.sys


**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-21 17:37:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-21 17:38:05
C:\ComboFix-quarantined-files.txt ... 2007-08-21 17:38

--- E O F ---



TY for quick reply and Help.

#4 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:08:23 PM

Posted 22 August 2007 - 04:03 AM

Please disable Spybot S&Dís protection,or it will interfere.
You can enable it after you're clean.
Open Spybot and click on 'Mode' and check 'Advanced Mode'.
Click on 'Tools' in bottom left hand corner.
Click on the 'System Startup' icon.
Uncheck 'Teatimer' box and/or uncheck 'Resident'.
Click the 'Allow Change' box.
Then, check next to the computer clock to see if the icon for Spybot is still there.
If it is, right click it and choose 'exit Spybot-S&D Resident'.
Reboot the computer.

If you find you're experiencing problems disabling Spybot's Tea-Timer,follow the info in the link below:
http://www.russelltexas.com/malware/teatimer.htm


Download\install 'SuperAntiSpyware Home Edition Free Version' from here:
http://www.superantispyware.com/downloadfi...ANTISPYWAREFREE

Launch SuperAntiSpyware and click on 'Check for updates'.
Once the updates have been installed,exit SuperAntiSpyware.

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {9815DA81-2E0C-478c-90E4-06E474E704D0} - (no file)
O2 - BHO: (no name) - {CB07241F-C9A1-CF08-89DF-93ABA90250B4} - C:\WINDOWS\system32\spfcmbik.dll (file missing)
O4 - HKCU\..\Run: [rufw] C:\PROGRA~1\COMMON~1\rufw\rufwm.exe
O4 - HKCU\..\Run: [Ncso] "C:\WINDOWS\YMANTE~1\arpa.exe" -vt yazb
O4 - HKCU\..\Run: [Biceswwy] C:\WINDOWS\?dobe\??rss.exe

Exit Hijackthis.

Find and delete:
C:\WINDOWS\QnJ1bm8
C:\Program Files\Common Files\rufw

Start SuperAntiSpyware.
On the main screen click on 'Scan your computer'.
Check: 'Perform Complete Scan'.
Click 'Next' to start the scan.

Superantispyware will now scan your computer,when it's finished it will list all/any infections found.
Make sure everything found has a checkmark next to it,then press 'Next'.
Click on 'Finish' when you've done.

It's possible that the program will ask you to reboot in order to delete some files.

Obtain the SuperAntiSpyware log as follows:
Click on 'Preferences'.
Click on the 'Statistics/Logs' tab.
Under 'Scanner Logs' double click on 'SuperAntiSpyware Scan Log'.
It will then open in your default text editor,such as Notepad.
Copy and paste the contents of that report into your next reply.
Also post a new Hijackthis log,let me know how your pc is running now.

Posted Image
Posted Image

#5 SuicidalBama

SuicidalBama
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:23 PM

Posted 23 August 2007 - 08:42 AM

Sorry about the delay in post..2 jobs, 20hr days..anyway I have a HJT before and after running SASW..and here they are:

HJT1:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:35:45 AM, on 8/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [Twp] "C:\Program Files\Common Files\?ymantec\m?iexec.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3F0EECCE-E138-11D1-8712-0060083D83F5} (LPViewer Class) - http://www.mgisoft.com/ActiveX/LPControl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

--
End of file - 4232 bytes


SASW:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/22/2007 at 11:37 PM

Application Version : 3.9.1008

Core Rules Database Version : 3259
Trace Rules Database Version: 1270

Scan type : Quick Scan
Total Scan Time : 00:15:50

Memory items scanned : 339
Memory threats detected : 0
Registry items scanned : 526
Registry threats detected : 0
File items scanned : 7228
File threats detected : 98

Adware.Tracking Cookie
C:\Documents and Settings\Kelly\Cookies\kelly@adecn[1].txt
C:\Documents and Settings\Kelly\Cookies\kelly@pch.122.2o7[1].txt
C:\Documents and Settings\Kelly\Cookies\kelly@specificclick[2].txt
C:\Documents and Settings\Kelly\Cookies\kelly@zango[2].txt
C:\Documents and Settings\Kelly\Cookies\kelly@sales.liveperson[1].txt
C:\Documents and Settings\Kelly\Cookies\kelly@ads.addynamix[1].txt
C:\Documents and Settings\Kelly\Cookies\kelly@board[1].txt
C:\Documents and Settings\Kelly\Cookies\kelly@ad[2].txt
C:\Documents and Settings\Kelly\Cookies\kelly@clickshift[1].txt
C:\Documents and Settings\Kelly\Cookies\kelly@www.burstbeacon[2].txt
C:\Documents and Settings\Kelly\Cookies\kelly@web4.realtracker[1].txt
C:\Documents and Settings\Kelly\Cookies\kelly@questionmarket[1].txt
C:\Documents and Settings\Kelly\Cookies\kelly@edge.ru4[1].txt
C:\Documents and Settings\Kelly\Cookies\kelly@www.rowise[2].txt
C:\Documents and Settings\Kelly\Cookies\kelly@login.tracking101[1].txt
C:\Documents and Settings\Kelly\Cookies\kelly@entrepreneur[1].txt
C:\Documents and Settings\Kelly\Cookies\kelly@hearstmagazines.112.2o7[1].txt
C:\Documents and Settings\Kelly\Cookies\kelly@bidzcom.112.2o7[1].txt
C:\Documents and Settings\Kelly\Cookies\kelly@www.clickxchange[1].txt
C:\Documents and Settings\Kelly\Cookies\kelly@netmediagroup[1].txt
C:\Documents and Settings\Kelly\Cookies\kelly@tacoda[2].txt
C:\Documents and Settings\Kelly\Cookies\kelly@www.xctrk[2].txt
C:\Documents and Settings\Kelly\Cookies\kelly@adultswim[1].txt
C:\Documents and Settings\Kelly\Cookies\kelly@adserver[1].txt
C:\Documents and Settings\Kelly\Cookies\kelly@ads.pointroll[1].txt
C:\Documents and Settings\Kelly\Cookies\kelly@tremor.adbureau[2].txt
C:\Documents and Settings\Kelly\Cookies\kelly@catalog[1].txt
C:\Documents and Settings\Kelly\Cookies\kelly@qnsr[1].txt
C:\Documents and Settings\Kelly\Cookies\kelly@trafficmp[2].txt
C:\Documents and Settings\Kelly\Cookies\kelly@jumps.ez-tracks[2].txt
C:\Documents and Settings\Kelly\Cookies\kelly@freecodesource.advertserve[1].txt
C:\Documents and Settings\Kelly\Cookies\kelly@server.cpmstar[1].txt
C:\Documents and Settings\Kelly\Cookies\kelly@adopt.specificclick[2].txt
C:\Documents and Settings\Kelly\Cookies\kelly@cpvfeed[1].txt
C:\Documents and Settings\Kelly\Cookies\kelly@try.starware[1].txt
C:\Documents and Settings\Kelly\Cookies\kelly@reduxads.valuead[2].txt
C:\Documents and Settings\Kelly\Cookies\kelly@i.screensavers[2].txt
C:\Documents and Settings\Kelly\Cookies\kelly@atwola[2].txt
C:\Documents and Settings\Kelly\Cookies\kelly@www.everyclick[1].txt
C:\Documents and Settings\Kelly\Cookies\kelly@www.incentaclick[2].txt
C:\Documents and Settings\Kelly\Cookies\kelly@wt.sexsearch[1].txt
C:\Documents and Settings\Kelly\Cookies\kelly@cartoonnetwork.122.2o7[1].txt
C:\Documents and Settings\Kelly\Cookies\kelly@a.websponsors[2].txt
C:\Documents and Settings\Kelly\Cookies\kelly@57386690[1].txt
C:\Documents and Settings\Kelly\Cookies\kelly@4.adbrite[1].txt
C:\Documents and Settings\Kelly\Cookies\kelly@spamblockerutility[2].txt
C:\Documents and Settings\Kelly\Cookies\kelly@2o7[1].txt
C:\Documents and Settings\Kelly\Cookies\kelly@serving-sys[1].txt
C:\Documents and Settings\Kelly\Cookies\kelly@indexstats[2].txt
C:\Documents and Settings\Kelly\Cookies\kelly@stats.espinthebottle[2].txt
C:\Documents and Settings\Kelly\Cookies\kelly@h.starware[2].txt
C:\Documents and Settings\Kelly\Cookies\kelly@st[4].txt
C:\Documents and Settings\Kelly\Cookies\kelly@3.adbrite[1].txt
C:\Documents and Settings\Kelly\Cookies\kelly@track.searchignite[1].txt
C:\Documents and Settings\Kelly\Cookies\kelly@st[5].txt
C:\Documents and Settings\Kelly\Cookies\kelly@burstnet[1].txt
C:\Documents and Settings\Kelly\Cookies\kelly@interclick[2].txt
C:\Documents and Settings\Kelly\Cookies\kelly@stalkertrack[1].txt
C:\Documents and Settings\Kelly\Cookies\kelly@eztracks.aavalue[2].txt
C:\Documents and Settings\Kelly\Cookies\kelly@yieldmanager[1].txt
C:\Documents and Settings\JJ\Cookies\jj@ad.yieldmanager[2].txt
C:\Documents and Settings\JJ\Cookies\jj@adinterax[1].txt
C:\Documents and Settings\JJ\Cookies\jj@adopt.specificclick[1].txt
C:\Documents and Settings\JJ\Cookies\jj@adrevolver[3].txt
C:\Documents and Settings\JJ\Cookies\jj@ads.glispa[2].txt
C:\Documents and Settings\JJ\Cookies\jj@angleinteractive.directtrack[2].txt
C:\Documents and Settings\JJ\Cookies\jj@burstnet[2].txt
C:\Documents and Settings\JJ\Cookies\jj@count.exitexchange[2].txt
C:\Documents and Settings\JJ\Cookies\jj@count2.exitexchange[2].txt
C:\Documents and Settings\JJ\Cookies\jj@count3.exitexchange[2].txt
C:\Documents and Settings\JJ\Cookies\jj@count4.exitexchange[2].txt
C:\Documents and Settings\JJ\Cookies\jj@cpvfeed[2].txt
C:\Documents and Settings\JJ\Cookies\jj@cts.metricsdirect[1].txt
C:\Documents and Settings\JJ\Cookies\jj@directtrack[1].txt
C:\Documents and Settings\JJ\Cookies\jj@doubleclick[1].txt
C:\Documents and Settings\JJ\Cookies\jj@ehg-dig.hitbox[2].txt
C:\Documents and Settings\JJ\Cookies\jj@ehg-meevee.hitbox[2].txt
C:\Documents and Settings\JJ\Cookies\jj@enhance[2].txt
C:\Documents and Settings\JJ\Cookies\jj@exitexchange[2].txt
C:\Documents and Settings\JJ\Cookies\jj@fastclick[1].txt
C:\Documents and Settings\JJ\Cookies\jj@findwhat[1].txt
C:\Documents and Settings\JJ\Cookies\jj@hitbox[1].txt
C:\Documents and Settings\JJ\Cookies\jj@hotbar[2].txt
C:\Documents and Settings\JJ\Cookies\jj@interclick[2].txt
C:\Documents and Settings\JJ\Cookies\jj@msnportal.112.2o7[1].txt
C:\Documents and Settings\JJ\Cookies\jj@pro-market[2].txt
C:\Documents and Settings\JJ\Cookies\jj@realmedia[1].txt
C:\Documents and Settings\JJ\Cookies\jj@reduxads.valuead[2].txt
C:\Documents and Settings\JJ\Cookies\jj@serving-sys[2].txt
C:\Documents and Settings\JJ\Cookies\jj@specificclick[2].txt
C:\Documents and Settings\JJ\Cookies\jj@toseeka[2].txt
C:\Documents and Settings\JJ\Cookies\jj@trafficmp[1].txt
C:\Documents and Settings\JJ\Cookies\jj@www.burstbeacon[2].txt
C:\Documents and Settings\JJ\Cookies\jj@www.burstnet[2].txt
C:\Documents and Settings\LocalService\Cookies\system@hotbar[2].txt

Trojan.Downloader-Gen/Installer
C:\QOOBOX\QUARANTINE\C\WINDOWS\B103.EXE.VIR

Trojan.Unknown Origin
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\WCPSVSU32.EXE.VIR
C:\WINDOWS\QNJ1BM8\KBLYVAF.VBS


HJT2:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:09:49 AM, on 8/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [Twp] "C:\Program Files\Common Files\?ymantec\m?iexec.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3F0EECCE-E138-11D1-8712-0060083D83F5} (LPViewer Class) - http://www.mgisoft.com/ActiveX/LPControl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

--
End of file - 4118 bytes


Thank You again Richie for your time and efforts. Rig is running ALOT faster with less or no pop-ups, and CPU is not running at 100%. TY very much. Will be doing this to 1 of my systems when I get some time off.

#6 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:08:23 PM

Posted 23 August 2007 - 10:18 AM

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:
O4 - HKCU\..\Run: [Twp] "C:\Program Files\Common Files\?ymantec\m?iexec.exe"

Your log is clean :thumbsup:
If all's ok,please do the following.

Find and delete:
Combofix.exe
C:\Qoobox

Enable Spybot S&Dís protection.

Download ATF Cleaner by Atribune:
http://www.atribune.org/ccount/click.php?id=1

Double-click ATF-Cleaner.exe to run the program.
Click 'Select All' found at the bottom of the list.
Click the 'Empty Selected' button.

If you use Firefox browser, do this also:
Click Firefox at the top and choose 'Select All' from the list.
Click the 'Empty Selected' button.
NOTE:
If you would like to keep your saved passwords,please click 'No' at the prompt.

If you use Opera browser,do this also:
Click Opera at the top and choose 'Select All' from the list.
Click the 'Empty Selected' button.
NOTE:
If you would like to keep your saved passwords,please click 'No' at the prompt.
Click 'Exit' on the Main menu to close the program.

Click on Start/All Programs/Accessories/System Tools/System Restore.
In the 'System Restore' window,click on the 'Create a Restore Point' button,then click 'Next'.
In the window that appears,enter a description\name for the Restore Point,then click on 'Create',wait,then click 'Close'.
The date and time will be created automatically.

Next click on Start/All Programs/Accessories/System Tools/Disk Cleanup.
The 'Select Drive' box will appear,click on Ok.
The 'Disk Cleanup for [C:]' box will appear,click on the 'More Options' tab.
At the bottom in the 'System Restore' window,click on the 'Clean up...' button.
A box will pop up 'Are you sure you want to delete all but the most recent restore point?',click on 'Yes'.
Click on 'Yes' at 'Are you sure you want to perform these actions?'.
Now wait until 'Disk Cleanup' finishes and the box disappears.

Read through the information found here,to help you prevent any possible future infections.
'How to prevent Malware' by miekiemoes:
http://users.telenet.be/bluepatchy/miekiem...prevention.html
Posted Image
Posted Image

#7 SuicidalBama

SuicidalBama
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:23 PM

Posted 24 August 2007 - 02:03 AM

Thank You Richie for your valuable time and knowledge, it was a pleasure working with you . and when I run my rigs (same box, 6 HD's, 5 OS's) threw it's check-up I hope you are the 1 to pick them up. Again Thank You and all at BleepingComputer for help and time. You may close this thread.......................signing off now ....National Anthem in backgroud playing With the Rocket's Red Glare..........................................

#8 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:08:23 PM

Posted 24 August 2007 - 03:04 AM

You're welcome :thumbsup:

This thread will now be closed.
If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you.
Include the address of this thread in your request.
If you should have a new issue, please start a new topic.
This applies only to the original topic starter.
Everyone else please begin a New Topic.
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users