Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My Computer Clean Now?


  • Please log in to reply
11 replies to this topic

#1 zirak_90

zirak_90

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:20 AM

Posted 23 August 2007 - 02:00 PM

I had several Trojan Horses and some other viruses which I deleted and here's the Hijack This log

Logfile of HijackThis v1.99.1
Scan saved at 20:57:35, on 2007-08-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Program\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\java\Java.LOG\services.exe
C:\Program\Microsoft LifeCam\MSCamSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\winlogong.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
D:\Program\Grisoft\AVG7\avgamsvr.exe
D:\Program\Grisoft\AVG7\avgemc.exe
D:\Program\Grisoft\AVG7\avgcc.exe
C:\Program\internet explorer\iexplore.exe
D:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
F3 - REG:win.ini: run=C:\WINDOWS\system32\Macromed\Flash\Microsoft\Data\lsass.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_11\bin\ssv.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [winlogonupdateg] winlogong.exe
O4 - HKLM\..\Run: [lsass] C:\WINDOWS\system32\Macromed\Flash\Microsoft\Data\HideExec.exe lsass.exe
O4 - HKLM\..\RunServices: [winlogonupdateg] winlogong.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [winlogonupdateg] winlogong.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by121fd.bay121.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jin...indows-i586.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D1548A26-B8F6-4E86-AE74-E7062CCC2E2A} (igLoader Content on Demand) - http://www.miniclip.com/igloader/igloader.CAB
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe (file missing)
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\Program\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\Program\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\Program\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: JavaLOG - Unknown owner - C:\WINDOWS\java\Java.LOG\services.exe
O23 - Service: lxcf_device - - C:\WINDOWS\system32\lxcfcoms.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe (file missing)

BC AdBot (Login to Remove)

 


#2 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:03:20 AM

Posted 25 August 2007 - 01:09 PM

Hello zirak_90 :thumbsup:

Your system is infected.

Please print these instructions out, or write them down, as you can't read them during the fix.

Download SDFix and save it to your desktop.

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.
5) Login to your usual account.
  • Once in Safe Mode, right-click the SDFix.zip folder and choose Extract All,
  • Open the extracted folder and double click RunThis.bat to start the script.
  • Type Y to begin the script.
  • It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
  • Press any key and it will restart the PC.
  • Your system will take longer that normal to restart as the fixtool will be running and removing files.
  • When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
  • Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt in your next reply.
=====

Also.... Please download Combofix to your desktop:
  • Double-click combofix.exe & follow the prompts.
  • When finished, it shall produce a log for you. Post that log in your next reply along with the SDFix results.
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Hi there, stranger!

#3 zirak_90

zirak_90
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:20 AM

Posted 25 August 2007 - 09:11 PM

Thank you so much for helping. Here's the report for SDFix:


SDFix: Version 1.100

Run by Zirak on 2007-08-26 at 03:38

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\DOCUME~1\Zirak\SKRIVB~1\SDFix

Safe Mode:
Checking Services:

Name:
JavaLOG

ImagePath:
C:\WINDOWS\java\Java.LOG\services.exe

JavaLOG - Deleted



Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Missing SharedAccess Service

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\WINDOWS\java\java.log\eetg39yzr1tac.ths - Deleted
C:\WINDOWS\java\java.log\mirc.ini - Deleted
C:\WINDOWS\java\java.log\services.exe - Deleted
C:\WINDOWS\java\java.log\services.ini - Deleted
C:\WINDOWS\java\java.log\services.log - Deleted
C:\WINDOWS\java\java.log\xdcc.ini - Deleted
C:\WINDOWS\java\java.log\server\2meg - Deleted


Folder C:\WINDOWS\java\java.log - Removed

Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program\\MSN Messenger\\msnmsgr.exe"="C:\\Program\\MSN Messenger\\msnmsgr.exe:*:Enabled:Messenger"
"D:\\Program\\æTorrent\\æTorrent.exe"="D:\\Program\\æTorrent\\æTorrent.exe:*:Enabled:æTorrent"
"D:\\Program\\DC++\\DCPlusPlus.exe"="D:\\Program\\DC++\\DCPlusPlus.exe:*:Enabled:DC++"
"C:\\Program\\Microsoft LifeCam\\LifeExp.exe"="C:\\Program\\Microsoft LifeCam\\LifeExp.exe:*:Enabled:LifeExp.exe"
"C:\\Program\\Microsoft Games\\Age of Empires II\\empires2.exe"="C:\\Program\\Microsoft Games\\Age of Empires II\\empires2.exe:*:Enabled:Age of Empires II"
"C:\\Documents and Settings\\Administrat”r\\Mina dokument\\Min musik\\utorrent.exe"="C:\\Documents and Settings\\Administrat”r\\Mina dokument\\Min musik\\utorrent.exe:*:Enabled:æTorrent"
"C:\\WINDOWS\\system32\\dplaysvr.exe"="C:\\WINDOWS\\system32\\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\\Program\\Microsoft LifeCam\\LifeCam.exe"="C:\\Program\\Microsoft LifeCam\\LifeCam.exe:*:Enabled:LifeCam.exe"
"C:\\Program\\uTorrent\\uTorrent.exe"="C:\\Program\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
"D:\\Program\\Warcraft III\\Warcraft III.exe"="D:\\Program\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"
"D:\\Program\\Warcraft III+\\Warcraft III.exe"="D:\\Program\\Warcraft III+\\Warcraft III.exe:*:Enabled:Warcraft III"
"D:\\Program\\Warcraft III RoC + TFT\\Warcraft III.exe"="D:\\Program\\Warcraft III RoC + TFT\\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\\WINDOWS\\java\\Java.LOG\\spoolsv.exe"="C:\\WINDOWS\\java\\Java.LOG\\spoolsv.exe:*:Enabled:Unspecified"
"D:\\Program\\Grisoft\\AVG7\\avginet.exe"="D:\\Program\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"D:\\Program\\Grisoft\\AVG7\\avgamsvr.exe"="D:\\Program\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"D:\\Program\\Grisoft\\AVG7\\avgcc.exe"="D:\\Program\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"D:\\Program\\Grisoft\\AVG7\\avgemc.exe"="D:\\Program\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files:
---------------

File Backups: - C:\DOCUME~1\Zirak\SKRIVB~1\SDFix\backups\backups.zip

Files with Hidden Attributes:

C:\WINDOWS\system32\winlogong.exe
C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp

Finished



____________________________________________________________________________________________

And here's the ComboFix report

____________________________________________________________________________________________




ComboFix 07-08-25.2 - "Zirak" 2007-08-26 3:56:46.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1053.18.187 [GMT 2:00]
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\nm


((((((((((((((((((((((((( Files Created from 2007-07-26 to 2007-08-26 )))))))))))))))))))))))))))))))


2007-08-26 03:36 <KAT> d-------- C:\WINDOWS\ERUNT
2007-08-23 21:28 225,280 --a------ C:\WINDOWS\system32\rewire.dll
2007-08-23 21:28 <KAT> d-------- C:\Program\Image-Line
2007-08-23 02:08 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-08-11 03:39 <KAT> d-------- C:\WINDOWS\system32\send
2007-08-10 09:08 <KAT> d-------- C:\Program\Microsoft ActiveSync
2007-08-10 09:07 <KAT> d-------- C:\WINDOWS\SHELLNEW
2007-08-10 07:49 <KAT> d-------- C:\DOCUME~1\Zirak\APPLIC~1\vlc
2007-08-09 06:06 99,328 --a------ C:\WINDOWS\system32\t5rdv.dll
2007-08-09 06:06 35,840 --a------ C:\WINDOWS\system32\ecesq.dll
2007-08-09 06:06 33,792 --a------ C:\WINDOWS\system32\cpwiuy.dll
2007-08-09 06:06 28,672 --a------ C:\WINDOWS\system32\t3odm.dll
2007-08-07 08:17 <KAT> d-------- C:\Program\Windows Media Connect 2
2007-08-07 08:13 <KAT> d-------- C:\WINDOWS\system32\drivers\UMDF


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-26 01:06 --------- d-------- C:\DOCUME~1\Zirak\APPLIC~1\uTorrent
2007-08-26 01:06 --------- d-------- C:\DOCUME~1\Zirak\APPLIC~1\uTorrent
2007-08-15 19:02 --------- d-------- C:\Program\Delade filer\InstallShield
2007-08-12 00:06 --------- d-------- C:\Program\DC++
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-23 16:35 --------- d--h----- C:\Program\InstallShield Installation Information
2007-07-22 10:33 2829 --a------ C:\WINDOWS\War3Unin.pif
2007-07-22 10:33 139264 --a------ C:\WINDOWS\War3Unin.exe
2007-07-18 21:47 --------- d-------- C:\Program\uTorrent
2007-07-17 01:47 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-07-16 21:35 21840 --a----t- C:\WINDOWS\system32\SIntfNT.dll
2007-07-16 21:35 17212 --a----t- C:\WINDOWS\system32\SIntf32.dll
2007-07-16 21:35 12067 --a----t- C:\WINDOWS\system32\SIntf16.dll
2007-07-16 12:48 --------- d-------- C:\DOCUME~1\Zirak\APPLIC~1\Syntrillium
2007-07-16 12:48 --------- d-------- C:\DOCUME~1\Zirak\APPLIC~1\Syntrillium
2007-06-28 21:22 33824 --a------ C:\WINDOWS\system32\drivers\oreans32.sys
2007-06-26 08:10 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-19 15:32 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-17 20:21 60273 --a------ C:\WINDOWS\system32\pthreadGC2.dll
2007-06-17 20:21 10752 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-06-17 00:11 51200 --a------ C:\WINDOWS\nircmd.exe
2007-06-13 17:31 90112 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-06-13 15:23 1033728 --a------ C:\WINDOWS\explorer.exe
2004-08-03 23:34:20 1,238,016 --sh--r C:\WINDOWS\system32\winlogong.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"winlogonupdateg"="winlogong.exe" [2004-08-04 01:34 C:\WINDOWS\system32\winlogong.exe]
"AVG7_CC"="D:\Program\Grisoft\AVG7\avgcc.exe" [2007-08-24 05:23]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:34]
"winlogonupdateg"="winlogong.exe" [2004-08-04 01:34 C:\WINDOWS\system32\winlogong.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"winlogonupdateg"=winlogong.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
D:\Program\Grisoft\AVG7\avgcc.exe /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
"C:\Program\Microsoft LifeCam\LifeExp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"C:\Program\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program\Java\jre1.5.0_11\bin\jusched.exe"

R1 oreans32;oreans32;\??\C:\WINDOWS\system32\drivers\oreans32.sys
R2 MSCamSvc;MSCamSvc;"C:\Program\Microsoft LifeCam\MSCamSvc.exe"
S3 VX1000;VX-1000;C:\WINDOWS\system32\DRIVERS\VX1000.sys


**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-26 04:02:22
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-26 4:05:55 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-26 04:05

--- E O F ---

Edited by zirak_90, 25 August 2007 - 09:27 PM.


#4 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:03:20 AM

Posted 26 August 2007 - 04:57 AM

Open notepad and copy/paste the text in the quotebox into it

Registry::
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\WINDOWS\\java\\Java.LOG\\spoolsv.exe"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"winlogonupdateg"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"winlogonupdateg"=-

File::
C:\WINDOWS\system32\winlogong.exe


Save it as CFScript.txt on your desktop.

Posted Image

Referring to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply along with a fresh HijackThis log. :thumbsup:

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Hi there, stranger!

#5 zirak_90

zirak_90
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:20 AM

Posted 26 August 2007 - 10:05 AM

The Combofix result:
_______________________________________________________________________

ComboFix 07-08-25.2 - "Zirak" 2007-08-26 16:16:09.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1053.18.207 [GMT 2:00]
Command switches used :: C:\Documents and Settings\Zirak\Skrivbord\CFScript.txt
* Created a new restore point

FILE::
C:\WINDOWS\system32\winlogong.exe


((((((((((((((((((((((((( Files Created from 2007-07-26 to 2007-08-26 )))))))))))))))))))))))))))))))


2007-08-26 03:36 <KAT> d-------- C:\WINDOWS\ERUNT
2007-08-23 21:28 225,280 --a------ C:\WINDOWS\system32\rewire.dll
2007-08-23 02:08 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-08-11 03:39 <KAT> d-------- C:\WINDOWS\system32\send
2007-08-10 09:08 <KAT> d-------- C:\Program\Microsoft ActiveSync
2007-08-10 09:07 <KAT> d-------- C:\WINDOWS\SHELLNEW
2007-08-10 07:49 <KAT> d-------- C:\DOCUME~1\Zirak\APPLIC~1\vlc
2007-08-09 06:06 99,328 --a------ C:\WINDOWS\system32\t5rdv.dll
2007-08-09 06:06 35,840 --a------ C:\WINDOWS\system32\ecesq.dll
2007-08-09 06:06 33,792 --a------ C:\WINDOWS\system32\cpwiuy.dll
2007-08-09 06:06 28,672 --a------ C:\WINDOWS\system32\t3odm.dll
2007-08-07 08:17 <KAT> d-------- C:\Program\Windows Media Connect 2
2007-08-07 08:13 <KAT> d-------- C:\WINDOWS\system32\drivers\UMDF


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-26 04:46 --------- d-------- C:\DOCUME~1\Zirak\APPLIC~1\uTorrent
2007-08-26 04:46 --------- d-------- C:\DOCUME~1\Zirak\APPLIC~1\uTorrent
2007-08-15 19:02 --------- d-------- C:\Program\Delade filer\InstallShield
2007-08-12 00:06 --------- d-------- C:\Program\DC++
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-23 16:35 --------- d--h----- C:\Program\InstallShield Installation Information
2007-07-22 10:33 2829 --a------ C:\WINDOWS\War3Unin.pif
2007-07-22 10:33 139264 --a------ C:\WINDOWS\War3Unin.exe
2007-07-18 21:47 --------- d-------- C:\Program\uTorrent
2007-07-17 01:47 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-07-16 21:35 21840 --a----t- C:\WINDOWS\system32\SIntfNT.dll
2007-07-16 21:35 17212 --a----t- C:\WINDOWS\system32\SIntf32.dll
2007-07-16 21:35 12067 --a----t- C:\WINDOWS\system32\SIntf16.dll
2007-07-16 12:48 --------- d-------- C:\DOCUME~1\Zirak\APPLIC~1\Syntrillium
2007-07-16 12:48 --------- d-------- C:\DOCUME~1\Zirak\APPLIC~1\Syntrillium
2007-06-28 21:22 33824 --a------ C:\WINDOWS\system32\drivers\oreans32.sys
2007-06-26 08:10 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-19 15:32 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-17 20:21 60273 --a------ C:\WINDOWS\system32\pthreadGC2.dll
2007-06-17 20:21 10752 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-06-17 00:11 51200 --a------ C:\WINDOWS\nircmd.exe
2007-06-13 17:31 90112 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-06-13 15:23 1033728 --a------ C:\WINDOWS\explorer.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"winlogonupdateg"="winlogong.exe" []
"AVG7_CC"="D:\Program\Grisoft\AVG7\avgcc.exe" [2007-08-24 05:23]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:34]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
D:\Program\Grisoft\AVG7\avgcc.exe /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
"C:\Program\Microsoft LifeCam\LifeExp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"C:\Program\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program\Java\jre1.5.0_11\bin\jusched.exe"

R1 oreans32;oreans32;\??\C:\WINDOWS\system32\drivers\oreans32.sys
R2 MSCamSvc;MSCamSvc;"C:\Program\Microsoft LifeCam\MSCamSvc.exe"
S3 VX1000;VX-1000;C:\WINDOWS\system32\DRIVERS\VX1000.sys


**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-26 16:18:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

Completion time: 2007-08-26 16:21:30
C:\ComboFix-quarantined-files.txt ... 2007-08-26 16:20
C:\ComboFix2.txt ... 2007-08-26 04:05

--- E O F ---
__________________________________________________________________________________




And here's the HijackThis log
___________________________________________________________________________________


Logfile of HijackThis v1.99.1
Scan saved at 16:22:51, on 2007-08-26
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Program\Grisoft\AVG7\avgamsvr.exe
D:\Program\Grisoft\AVG7\avgupsvc.exe
D:\Program\Grisoft\AVG7\avgemc.exe
C:\Program\Microsoft LifeCam\MSCamSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Program\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_11\bin\ssv.dll
O4 - HKLM\..\Run: [winlogonupdateg] winlogong.exe
O4 - HKLM\..\Run: [AVG7_CC] D:\Program\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by121fd.bay121.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jin...indows-i586.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D1548A26-B8F6-4E86-AE74-E7062CCC2E2A} (igLoader Content on Demand) - http://www.miniclip.com/igloader/igloader.CAB
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe (file missing)
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\Program\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\Program\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\Program\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: lxcf_device - - C:\WINDOWS\system32\lxcfcoms.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe (file missing)

____________________________________________________________________________________

#6 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:03:20 AM

Posted 26 August 2007 - 10:43 AM

How's the system running now? :thumbsup:

Go to here.

Submit both of the following files one at a time, and waiting for the scanners to finish. Please post back with both results:

C:\WINDOWS\system32\ecesq.dll
C:\WINDOWS\system32\cpwiuy.dll


Run a scan with HijackThis and check the following object for removal:

O4 - HKLM\..\Run: [winlogonupdateg] winlogong.exe

Hit FIX CHECKED. Exit HijackThis.
Hi there, stranger!

#7 zirak_90

zirak_90
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:20 AM

Posted 26 August 2007 - 04:45 PM

The computer works great now, thank you so much. But for some reason the computer starts lagging when I'm on Local disc C. I don't know if that has something to do with a virus or maybe something is broken on the harddrive. It especially laggs when I try clicking on Documents and Settings. It started doing that about 3 weeks ago.


________________________________________________________
The result for the cpwiuy.dll file

http://www.virustotal.com/sv/resultado.htm...74ea4b166bc2f2e

________________________________________________________

This is for the ecesq.dll file:

http://www.virustotal.com/sv/resultado.htm...cb6232e677c0b04

________________________________________________________

#8 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:03:20 AM

Posted 27 August 2007 - 02:40 AM

Please copy/paste the virustotal results here, the links didn't show 'em. :thumbsup:

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. A malicious site could render Java content under older, vulnerable versions of Sun's software if the user has not removed them. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 2 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6u2...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Read the License Agreement and then check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name. They should have next icon next to it: Posted Image
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u2-windows-i586-p.exe to install the newest version.

Hi there, stranger!

#9 zirak_90

zirak_90
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:20 AM

Posted 27 August 2007 - 06:24 AM

I can agree with you if it looks unreadable but for some reason the text doesn't look the same when I clicked on adding the reply. But when you click on Quote then it will look readable though.

This is for the cpwiuy.dll file:

Antivirus Senaste Uppdatering Resultat
AhnLab-V3 2007.8.27.1 2007.08.27 -
AntiVir 7.4.1.63 2007.08.27 -
Authentium 4.93.8 2007.08.26 -
Avast 4.7.1029.0 2007.08.27 -
AVG 7.5.0.484 2007.08.27 -
BitDefender 7.2 2007.08.27 -
CAT-QuickHeal 9.00 2007.08.25 -
ClamAV 0.91 2007.08.27 -
DrWeb 4.33 2007.08.27 -
eSafe 7.0.15.0 2007.08.26 -
eTrust-Vet 31.1.5088 2007.08.27 -
Ewido 4.0 2007.08.27 -
FileAdvisor 1 2007.08.27 -
Fortinet 2.91.0.0 2007.08.27 -
F-Prot 4.3.2.48 2007.08.26 -
F-Secure 6.70.13030.0 2007.08.27 -
Ikarus T3.1.1.12 2007.08.27 -
Kaspersky 4.0.2.24 2007.08.27 -
McAfee 5105 2007.08.24 -
Microsoft 1.2803 2007.08.27 -
NOD32v2 2485 2007.08.26 -
Norman 5.80.02 2007.08.24 -
Panda 9.0.0.4 2007.08.27 -
Prevx1 V2 2007.08.27 -
Rising 19.38.02.00 2007.08.27 -
Sophos 4.21.0 2007.08.27 -
Sunbelt 2.2.907.0 2007.08.25 -
Symantec 10 2007.08.27 -
TheHacker 6.1.9.173 2007.08.27 -
VBA32 3.12.2.3 2007.08.27 -
VirusBuster 4.3.26:9 2007.08.26 -
Webwasher-Gateway 6.0.1 2007.08.27 Win32.Malware.gen#UPX (suspicious)

Övrig information
File size: 33792 bytes
MD5: d1f923b664176366120d6a35acb35742
SHA1: c5090fcbc52a8952359341f450e4fad0e57980a2
packers: UPX
packers: UPX
packers: UPX


__________________________________________

And the ecesq.dll file

__________________________________________

Antivirus Senaste Uppdatering Resultat

AhnLab-V3 2007.8.27.1 2007.08.27 -
AntiVir 7.4.1.63 2007.08.27 -
Authentium 4.93.8 2007.08.26 -
Avast 4.7.1029.0 2007.08.27 -
AVG 7.5.0.484 2007.08.27 -
BitDefender 7.2 2007.08.27 -
CAT-QuickHeal 9.00 2007.08.25 -
ClamAV 0.91 2007.08.27 -
DrWeb 4.33 2007.08.27 -
eSafe 7.0.15.0 2007.08.26 -
eTrust-Vet 31.1.5088 2007.08.27 -
Ewido 4.0 2007.08.27 -
FileAdvisor 1 2007.08.27 -
Fortinet 2.91.0.0 2007.08.27 -
F-Prot 4.3.2.48 2007.08.26 -
F-Secure 6.70.13030.0 2007.08.27 -
Ikarus T3.1.1.12 2007.08.27 -
Kaspersky 4.0.2.24 2007.08.27 -
McAfee 5105 2007.08.24 -
Microsoft 1.2803 2007.08.27 -
NOD32v2 2485 2007.08.26 -
Norman 5.80.02 2007.08.24 -
Panda 9.0.0.4 2007.08.27 Suspicious file
Prevx1 V2 2007.08.27 -
Rising 19.38.02.00 2007.08.27 -
Sophos 4.21.0 2007.08.27 -
Sunbelt 2.2.907.0 2007.08.25 -
Symantec 10 2007.08.27 -
TheHacker 6.1.9.173 2007.08.27 -
VBA32 3.12.2.3 2007.08.27 -
VirusBuster 4.3.26:9 2007.08.26 -
Webwasher-Gateway 6.0.1 2007.08.27 Win32.Malware.gen#UPX (suspicious)

Övrig information
File size: 35840 bytes
MD5: bd3028b82a341a09aac443468146ce66
SHA1: d67c4566583af1fddb90cb881f6335391b99e158
packers: UPX
packers: UPX
packers: UPX

Edited by zirak_90, 27 August 2007 - 06:33 AM.


#10 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:03:20 AM

Posted 27 August 2007 - 06:51 AM

Submit these files:

C:\WINDOWS\system32\ecesq.dll
C:\WINDOWS\system32\cpwiuy.dll


to Spykiller.
Read the instructions for uploading here.

No registrations necessary. Name the topic "Request by Rawe" for example.

Once you have posted the topic and uploaded the files, please copy/paste the link for me in here.

I want experts to take a look :thumbsup:

----

Meanwhile, let's see if I can help with the lag a bit.

Looking over your log, it seems you don't have any evidence of a third party firewall.

As the term conveys, a firewall is an extra layer of security installed onto computers, which restricts access to systems from the outside world. Firewalls protect against hackers and malicious intruders. I want you to download a free firewall NOW from one of these excellent vendors:

1) ZoneAlarm
2) Agnitum
3) Sunbelt/Kerio
4) Comodo

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.
-----

Please read here how to clear old restore points and create a new one.

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
Click Exit on the Main menu to close the program.

Also run a disc defrag (Start -> Run -> type in: dfrg.msc)

Let me know hows it going and post the link to your spykiller upload :flowers:
Hi there, stranger!

#11 zirak_90

zirak_90
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:20 AM

Posted 28 August 2007 - 08:06 AM

Here's the link to the Spykiller upload. :thumbsup:
http://www.thespykiller.co.uk/index.php?topic=4810.0

I have downloaded and installed ZoneAlarm and defragemented the harddrive.
Local disc C still laggs a bit but it's better than before. :flowers:

#12 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:03:20 AM

Posted 28 August 2007 - 08:34 AM

Another way to help with the lag..

Please download and install EasyCleaner.

After installing it check under Settings > Registry -tab if the backup option is checked and if the directory it points to exists.

This should be true by default, but check anyway.

Then click OK and click Registry.
Then click Search. When it is done select all the items per color,
(most, if not all should be green) and click Remove.

Reboot when you are done. :thumbsup:
Hi there, stranger!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users