Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I Have A Vundo I Need Help -


  • This topic is locked This topic is locked
11 replies to this topic

#1 Ihatevundo777

Ihatevundo777

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:54 AM

Posted 31 August 2007 - 07:48 PM

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Ryan.YOUR-0CDC4F5844\Application Data\tmp88.tmp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://125.212.52.245/dc/602002283/5050/21...1174856961.html
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [Active Web Reader] C:\Program Files\Deskshare\Active Web Reader\Active Web Reader.exe -background
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [way link extra dupe] C:\Documents and Settings\All Users\Application Data\Ball Shim Dupe Tick\Cast Cdrom Bash.exe
O4 - HKLM\..\Run: [close surf mail dupe] C:\Documents and Settings\All Users\Application Data\Tick Find Close Surf\Title Bat.exe
O4 - HKLM\..\Run: [XoftSpySE] C:\Program Files\XoftSpySE\xoftspy.exe -s
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [base each] C:\DOCUME~1\RYAN~1.YOU\APPLIC~1\EGGSWM~1\Default keep okay.exe
O4 - HKCU\..\Run: [SP2 Connection Patcher] "C:\Program Files\SP2 Connection Patcher\SP2ConnPatcher.exe" -n=200
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - S-1-5-18 Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O20 - AppInit_DLLs: c:\windows\system32\mljjigg.dll
O20 - Winlogon Notify: ierune - C:\WINDOWS\SYSTEM32\ierune.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DomainService - Unknown owner - C:\Documents and Settings\Ryan.YOUR-0CDC4F5844\Application Data\tmp88.tmp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Unknown owner - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 11674 bytes

BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:04:54 PM

Posted 01 September 2007 - 12:16 AM

Hi,

Go to start > controlpanel > software > add/remove programs and look if you have one or more of next programs installed and uninstall them:

Bitroll
Bitgrabber
Bitdownload
Get-Torrent
CiD Help / CiD Manager
Download Plugin for Internet Explorer
Netpumper
Search Plugin
Torrent101
WinZix
W3player
Zone Media


This because they are bundled with the malware you are dealing with (swizzor aka lop).

This will uninstall the malware application.
In case, during uninstall, when asked for the uninstall Verification, please enter the numbers that will appear in the window.
In case it says that the file was not found, doublecheck again if you entered the exact command. If still the same, proceed with next steps.


In case you can't find them,

* Go to start > run and copy and paste next command below in the field:
(Please make sure you copy and paste it exactly as you'll find below)

"C:\DOCUME~1\RYAN~1.YOU\APPLIC~1\EGGSWM~1\Default keep okay.exe" -uninstall

Hit enter.

Then reboot. Important!

After reboot,

* Download Combofix to your desktop.
Doubleclick combofix.exe
Follow the prompts.
Don't click on the window while the fix is running, because that will cause your system to hang.

When finished and after reboot (in case it asks to reboot), combofix will open again to gather the necessary information for the log. This may take a bit. When done, Combofix will close and a log should open, combofix.txt.
Post the contents of this log in your next reply together with a new hijackthislog.
Do NOT post the ComboFix-quarantined-files.txt - unless I ask you to.

Edited by miekiemoes, 01 September 2007 - 12:17 AM.

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 Ihatevundo777

Ihatevundo777
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:54 AM

Posted 02 September 2007 - 11:27 AM

Thank you so much for helping, i'm getting so frustrated with my comp it's moving so slow!!!
I copied this into run "C:\DOCUME~1\RYAN~1.YOU\APPLIC~1\EGGSWM~1\Default keep okay.exe" -uninstall
but nothing happend
but I did remove CID Help
and ran combo fix i hope this helps let me know what else i should do

thank you very much






ComboFix 07-08-30.3 - "Ryan" 2007-09-02 9:10:26.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.492 [GMT -7:00]
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\RYAN~1.PC2\APPLIC~1\install.dat
C:\DOCUME~1\RYAN~1.PC2\APPLIC~1\Microsoft\20509.dat
C:\DOCUME~1\RYAN~1.PC2\APPLIC~1\Microsoft\60787.dat
C:\DOCUME~1\RYAN~1.YOU\APPLIC~1\tmp1B7.tmp.exe
C:\DOCUME~1\RYAN~1.YOU\APPLIC~1\tmp1B8.tmp.exe
C:\DOCUME~1\RYAN~1.YOU\APPLIC~1\tmp1B9.tmp.exe
C:\DOCUME~1\RYAN~1.YOU\APPLIC~1\tmp1BA.tmp.exe
C:\DOCUME~1\RYAN~1.YOU\APPLIC~1\tmp67.tmp.exe
C:\DOCUME~1\RYAN~1.YOU\APPLIC~1\tmp7C.tmp.exe
C:\DOCUME~1\RYAN~1.YOU\APPLIC~1\tmp82.tmp.exe
C:\DOCUME~1\RYAN~1.YOU\APPLIC~1\tmp83.tmp.exe
C:\DOCUME~1\RYAN~1.YOU\APPLIC~1\tmp88.tmp.exe
C:\Documents and Settings\All Users.\documents\settings
C:\Documents and Settings\All Users.\documents\settings\desktop.ini
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\mljjigg.dll
D:\Autorun.inf


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_DOMAINSERVICE
-------\DomainService


((((((((((((((((((((((((( Files Created from 2007-08-02 to 2007-09-02 )))))))))))))))))))))))))))))))


2007-09-02 09:09 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-09-01 22:55 <DIR> d-------- C:\WINDOWS\LastGood.Tmp
2007-08-31 17:23 <DIR> d---s---- C:\DOCUME~1\LOCALS~1\Temporary Internet Files
2007-08-31 17:23 <DIR> d---s---- C:\DOCUME~1\LOCALS~1\History
2007-08-31 17:23 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Yahoo!
2007-08-31 17:23 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Google
2007-08-31 12:59 <DIR> d-------- C:\Program Files\Trend Micro
2007-08-29 18:49 <DIR> d-------- C:\VundoFix Backups
2007-08-28 19:31 34,630,735 --a------ C:\WINDOWS\Backup.reg
2007-08-28 19:01 34,677,294 --a------ C:\WINDOWS\Verify.reg
2007-08-28 19:00 720,896 --a------ C:\WINDOWS\iun6002ev.exe
2007-08-28 19:00 <DIR> d-------- C:\Program Files\Registry Drill
2007-08-27 18:42 89,360 --a------ C:\WINDOWS\system32\VB5DB.DLL
2007-08-27 18:42 81,920 --a------ C:\WINDOWS\system32\viscomwave.dll
2007-08-27 18:42 323,584 --a------ C:\WINDOWS\system32\FoxImager.dll
2007-08-27 18:42 1,118,208 --a------ C:\WINDOWS\system32\NMSDVDXU.dll
2007-08-27 14:10 1,207,235 --a------ C:\WINDOWS\system32\dn090e3069.dat
2007-08-27 12:44 <DIR> d-------- C:\DOCUME~1\RYAN~1.YOU\APPLIC~1\Sonic
2007-08-27 12:43 <DIR> d-------- C:\DOCUME~1\RYAN~1.YOU\APPLIC~1\Leadertech
2007-08-26 14:09 94,713 --a------ C:\WINDOWS\system32\ierune.dll
2007-08-26 00:37 <DIR> d-------- C:\DOCUME~1\RYAN~1.YOU\APPLIC~1\Real
2007-08-25 14:53 <DIR> d-------- C:\Program Files\MagicISO
2007-08-23 21:13 <DIR> d-------- C:\Program Files\LimeWire Download Accelerator
2007-08-22 22:12 <DIR> d-------- C:\Program Files\Astraware
2007-08-22 22:09 86,016 --a------ C:\WINDOWS\unvise32.exe
2007-08-22 22:08 <DIR> d-------- C:\Program Files\Hexacto Games
2007-08-22 21:54 <DIR> d-------- C:\Program Files\CherrySoft
2007-08-22 21:54 <DIR> d-------- C:\DOCUME~1\RYAN~1~1\LOCALS~1
2007-08-22 21:51 <DIR> d-------- C:\Program Files\COTP Install
2007-08-22 21:48 <DIR> d-------- C:\DOCUME~1\RYAN~1.YOU\APPLIC~1\WinRAR
2007-08-22 19:23 <DIR> d-------- C:\Program Files\uTorrent
2007-08-22 19:23 <DIR> d-------- C:\DOCUME~1\RYAN~1.YOU\APPLIC~1\uTorrent
2007-08-20 13:26 <DIR> d-------- C:\Program Files\AvantGo Connect
2007-08-17 17:48 <DIR> d-------- C:\Program Files\PokerStars


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-09-02 09:18 359040 --a------ C:\WINDOWS\system32\drivers\OLD3.tmp
2007-09-02 09:18 --------- d-------- C:\Program Files\SP2 Connection Patcher
2007-09-01 10:09 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tick Find Close Surf
2007-08-31 19:46 --------- d-------- C:\Program Files\Symantec AntiVirus
2007-08-29 19:03 --------- d-------- C:\Program Files\XoftSpySE
2007-08-29 12:46 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-27 18:26 --------- d-------- C:\DOCUME~1\RYAN~1.YOU\APPLIC~1\LimeWire
2007-08-23 21:08 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ball Shim Dupe Tick
2007-08-23 19:00 --------- d-------- C:\Program Files\Microsoft ActiveSync
2007-08-21 12:59 --------- d-------- C:\Program Files\LimeWire
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll
2007-06-26 08:13 851968 --------- C:\WINDOWS\system32\dllcache\vgx.dll
2007-06-26 07:35 665600 --------- C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-25 23:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-25 23:08 1104896 --------- C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-19 06:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-19 06:31 282112 --------- C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-15 01:12 96256 --------- C:\WINDOWS\system32\dllcache\inseng.dll
2007-06-15 01:12 616960 --------- C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-15 01:12 55808 --------- C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-15 01:12 532480 --------- C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-15 01:12 474112 --------- C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-06-15 01:12 449024 --------- C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-15 01:12 39424 --------- C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-06-15 01:12 357888 --------- C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-06-15 01:12 3064320 --------- C:\WINDOWS\system32\dllcache\mshtml.dll
2007-06-15 01:12 251904 --------- C:\WINDOWS\system32\dllcache\iepeers.dll
2007-06-15 01:12 205824 --------- C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-06-15 01:12 16384 --------- C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-15 01:12 151040 --------- C:\WINDOWS\system32\dllcache\cdfview.dll
2007-06-15 01:12 1498112 --------- C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-06-15 01:12 146432 --------- C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-15 01:12 1054208 --------- C:\WINDOWS\system32\dllcache\danim.dll
2007-06-15 01:12 1022976 --------- C:\WINDOWS\system32\dllcache\browseui.dll
2007-06-14 03:32 18432 --------- C:\WINDOWS\system32\dllcache\iedw.exe
2007-06-13 03:23 1033216 --a------ C:\WINDOWS\explorer.exe
2007-06-13 03:23 1033216 --------- C:\WINDOWS\system32\dllcache\explorer.exe
2007-05-17 20:52 630784 --a------ C:\DOCUME~1\RYAN~1.YOU\GoToAssist_chat2way__317_en.exe
2006-11-29 19:28 630784 --a------ C:\DOCUME~1\Ryan\chatlnk.exe
2006-02-19 03:28 12288 --a------ C:\WINDOWS\Fonts.\RandFont.dll
2002-07-26 18:02 153088 --a------ C:\Program Files\UNWISE.EXE


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-03 22:58]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-18 01:00]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-18 01:00]
"nwiz"="nwiz.exe" [2006-08-18 01:00 C:\WINDOWS\system32\nwiz.exe]
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-01 17:02 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 11:33]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-07-28 06:43]
"Active Web Reader"="C:\Program Files\Deskshare\Active Web Reader\Active Web Reader.exe" []
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 16:30]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-04-08 15:52]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2005-04-17 12:30]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-05-26 12:45]
"way link extra dupe"="C:\Documents and Settings\All Users\Application Data\Ball Shim Dupe Tick\Cast Cdrom Bash.exe" []
"XoftSpySE"="C:\Program Files\XoftSpySE\xoftspy.exe" [2007-08-22 19:45]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-03-27 15:22]
"SP2 Connection Patcher"="C:\Program Files\SP2 Connection Patcher\SP2ConnPatcher.exe" [2005-07-11 04:51]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-02 22:42]

C:\DOCUME~1\RYAN~1.PC2\STARTM~1\Programs\Startup\
Connection Manager.lnk - C:\Program Files\SBC\Connection Manager\CManager.exe [2007-02-11 21:32:02]

C:\DOCUME~1\Ryan\STARTM~1\Programs\Startup\
Connection Manager.lnk - C:\Program Files\SBC\Connection Manager\CManager.exe [2007-02-11 21:32:02]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ierune]
ierune.dll 2007-08-26 14:09 94713 C:\WINDOWS\system32\ierune.dll

R2 MSMQ;Message Queuing;C:\WINDOWS\system32\mqsvc.exe
R2 MSMQTriggers;Message Queuing Triggers;C:\WINDOWS\system32\mqtgsvc.exe
R3 EraserUtilDrvI3;EraserUtilDrvI3;\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI3.sys
R3 HBtnKey;HBtnKey;C:\WINDOWS\system32\DRIVERS\cpqbttn.sys
R3 MQAC;Message Queuing access control;\??\C:\WINDOWS\system32\drivers\mqac.sys
R3 nvsmu;nvsmu;C:\WINDOWS\system32\DRIVERS\nvsmu.sys
R3 RMCAST;Reliable Multicast Protocol driver;\??\C:\WINDOWS\system32\drivers\RMCast.sys
S3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;C:\WINDOWS\system32\Drivers\5U870CAP.sys


Contents of the 'Scheduled Tasks' folder
2007-09-02 14:56:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
2007-09-02 16:18:01 C:\WINDOWS\Tasks\XoftSpySE 2.job - C:\Program Files\XoftSpySE\XoftSpy.exe
2007-09-01 16:59:23 C:\WINDOWS\Tasks\XoftSpySE.job - C:\Program Files\XoftSpySE\XoftSpy.exe
2007-08-31 16:00:00 C:\WINDOWS\Tasks\{099DE883-9D32-4660-9797-732D9171318E}_YOUR-0CDC4F5844_Ryan.job - C:\WINDOWS\system32\mobsync.exe
2007-08-31 23:00:00 C:\WINDOWS\Tasks\{138D5F23-48D9-4D40-BAEB-22622D88FC99}_YOUR-0CDC4F5844_Ryan.job - C:\WINDOWS\system32\mobsync.exe
2007-08-31 23:00:00 C:\WINDOWS\Tasks\{B1AEE00D-EA1B-4C4C-88FB-E04C56C63D0E}_YOUR-0CDC4F5844_Ryan.job - C:\WINDOWS\system32\mobsync.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-02 09:18:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-09-02 9:21:02 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-02 09:21

--- E O F ---

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:04:54 PM

Posted 02 September 2007 - 11:41 AM

Hi,

I see you have Registry Drill installed. Please uninstall it as this one actually damages more than fixing anything.
Reboot after uninstalling.
If not present in add/remove programs, just skip this step then.

Then, * Open notepad - don't use any other texteditor than notepad or the script will fail.
Copy/paste the text in the quotebox below into notepad:

File::
C:\WINDOWS\system32\ierune.dll

Folder::
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tick Find Close Surf
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ball Shim Dupe Tick
C:\VundoFix Backups

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"way link extra dupe"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ierune]


Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 Ihatevundo777

Ihatevundo777
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:54 AM

Posted 02 September 2007 - 01:41 PM

here you go.

thank you.


ComboFix 07-08-30.3 - "Ryan" 2007-09-02 10:45:20.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.494 [GMT -7:00]
* Created a new restore point

FILE::
C:\WINDOWS\system32\ierune.dll


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ball Shim Dupe Tick
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tick Find Close Surf
C:\VundoFix Backups
C:\VundoFix Backups\addmorefiles.txt
C:\VundoFix Backups\mljjigg.dll.bad
C:\VundoFix Backups\tmp1BA.tmp.dll.bad
C:\WINDOWS\system32\ierune.dll


((((((((((((((((((((((((( Files Created from 2007-08-02 to 2007-09-02 )))))))))))))))))))))))))))))))


2007-09-02 09:19 <DIR> d-------- C:\WINDOWS\LastGood.Tmp
2007-09-02 09:09 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-31 17:23 <DIR> d---s---- C:\DOCUME~1\LOCALS~1\Temporary Internet Files
2007-08-31 17:23 <DIR> d---s---- C:\DOCUME~1\LOCALS~1\History
2007-08-31 17:23 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Yahoo!
2007-08-31 17:23 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Google
2007-08-31 12:59 <DIR> d-------- C:\Program Files\Trend Micro
2007-08-28 19:31 34,630,735 --a------ C:\WINDOWS\Backup.reg
2007-08-28 19:01 34,677,294 --a------ C:\WINDOWS\Verify.reg
2007-08-28 19:00 720,896 --a------ C:\WINDOWS\iun6002ev.exe
2007-08-28 19:00 <DIR> d-------- C:\Program Files\Registry Drill
2007-08-27 18:42 89,360 --a------ C:\WINDOWS\system32\VB5DB.DLL
2007-08-27 18:42 81,920 --a------ C:\WINDOWS\system32\viscomwave.dll
2007-08-27 18:42 323,584 --a------ C:\WINDOWS\system32\FoxImager.dll
2007-08-27 18:42 1,118,208 --a------ C:\WINDOWS\system32\NMSDVDXU.dll
2007-08-27 14:10 1,202,853 --a------ C:\WINDOWS\system32\dn090e3069.dat
2007-08-27 12:44 <DIR> d-------- C:\DOCUME~1\RYAN~1.YOU\APPLIC~1\Sonic
2007-08-27 12:43 <DIR> d-------- C:\DOCUME~1\RYAN~1.YOU\APPLIC~1\Leadertech
2007-08-26 00:37 <DIR> d-------- C:\DOCUME~1\RYAN~1.YOU\APPLIC~1\Real
2007-08-25 14:53 <DIR> d-------- C:\Program Files\MagicISO
2007-08-23 21:13 <DIR> d-------- C:\Program Files\LimeWire Download Accelerator
2007-08-22 22:12 <DIR> d-------- C:\Program Files\Astraware
2007-08-22 22:09 86,016 --a------ C:\WINDOWS\unvise32.exe
2007-08-22 22:08 <DIR> d-------- C:\Program Files\Hexacto Games
2007-08-22 21:54 <DIR> d-------- C:\Program Files\CherrySoft
2007-08-22 21:54 <DIR> d-------- C:\DOCUME~1\RYAN~1~1\LOCALS~1
2007-08-22 21:51 <DIR> d-------- C:\Program Files\COTP Install
2007-08-22 21:48 <DIR> d-------- C:\DOCUME~1\RYAN~1.YOU\APPLIC~1\WinRAR
2007-08-22 19:23 <DIR> d-------- C:\Program Files\uTorrent
2007-08-22 19:23 <DIR> d-------- C:\DOCUME~1\RYAN~1.YOU\APPLIC~1\uTorrent
2007-08-20 13:26 <DIR> d-------- C:\Program Files\AvantGo Connect
2007-08-17 17:48 <DIR> d-------- C:\Program Files\PokerStars


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-09-02 10:51 359040 --a------ C:\WINDOWS\system32\drivers\tcpip.sys
2007-09-02 10:51 --------- d-------- C:\Program Files\SP2 Connection Patcher
2007-08-31 19:46 --------- d-------- C:\Program Files\Symantec AntiVirus
2007-08-29 19:03 --------- d-------- C:\Program Files\XoftSpySE
2007-08-29 12:46 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-27 18:26 --------- d-------- C:\DOCUME~1\RYAN~1.YOU\APPLIC~1\LimeWire
2007-08-23 19:00 --------- d-------- C:\Program Files\Microsoft ActiveSync
2007-08-21 12:59 --------- d-------- C:\Program Files\LimeWire
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll
2007-06-26 08:13 851968 --------- C:\WINDOWS\system32\dllcache\vgx.dll
2007-06-26 07:35 665600 --------- C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-25 23:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-25 23:08 1104896 --------- C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-19 06:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-19 06:31 282112 --------- C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-15 01:12 96256 --------- C:\WINDOWS\system32\dllcache\inseng.dll
2007-06-15 01:12 616960 --------- C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-15 01:12 55808 --------- C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-15 01:12 532480 --------- C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-15 01:12 474112 --------- C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-06-15 01:12 449024 --------- C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-15 01:12 39424 --------- C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-06-15 01:12 357888 --------- C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-06-15 01:12 3064320 --------- C:\WINDOWS\system32\dllcache\mshtml.dll
2007-06-15 01:12 251904 --------- C:\WINDOWS\system32\dllcache\iepeers.dll
2007-06-15 01:12 205824 --------- C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-06-15 01:12 16384 --------- C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-15 01:12 151040 --------- C:\WINDOWS\system32\dllcache\cdfview.dll
2007-06-15 01:12 1498112 --------- C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-06-15 01:12 146432 --------- C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-15 01:12 1054208 --------- C:\WINDOWS\system32\dllcache\danim.dll
2007-06-15 01:12 1022976 --------- C:\WINDOWS\system32\dllcache\browseui.dll
2007-06-14 03:32 18432 --------- C:\WINDOWS\system32\dllcache\iedw.exe
2007-06-13 03:23 1033216 --a------ C:\WINDOWS\explorer.exe
2007-06-13 03:23 1033216 --------- C:\WINDOWS\system32\dllcache\explorer.exe
2007-05-17 20:52 630784 --a------ C:\DOCUME~1\RYAN~1.YOU\GoToAssist_chat2way__317_en.exe
2006-11-29 19:28 630784 --a------ C:\DOCUME~1\Ryan\chatlnk.exe
2006-02-19 03:28 12288 --a------ C:\WINDOWS\Fonts.\RandFont.dll
2002-07-26 18:02 153088 --a------ C:\Program Files\UNWISE.EXE


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-03 22:58]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-18 01:00]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-18 01:00]
"nwiz"="nwiz.exe" [2006-08-18 01:00 C:\WINDOWS\system32\nwiz.exe]
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-01 17:02 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 11:33]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-07-28 06:43]
"Active Web Reader"="C:\Program Files\Deskshare\Active Web Reader\Active Web Reader.exe" []
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 16:30]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-04-08 15:52]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2005-04-17 12:30]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-05-26 12:45]
"XoftSpySE"="C:\Program Files\XoftSpySE\xoftspy.exe" [2007-08-22 19:45]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-03-27 15:22]
"SP2 Connection Patcher"="C:\Program Files\SP2 Connection Patcher\SP2ConnPatcher.exe" [2005-07-11 04:51]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-02 22:42]

C:\DOCUME~1\RYAN~1.PC2\STARTM~1\Programs\Startup\
Connection Manager.lnk - C:\Program Files\SBC\Connection Manager\CManager.exe [2007-02-11 21:32:02]

C:\DOCUME~1\Ryan\STARTM~1\Programs\Startup\
Connection Manager.lnk - C:\Program Files\SBC\Connection Manager\CManager.exe [2007-02-11 21:32:02]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

R2 MSMQ;Message Queuing;C:\WINDOWS\system32\mqsvc.exe
R2 MSMQTriggers;Message Queuing Triggers;C:\WINDOWS\system32\mqtgsvc.exe
R3 HBtnKey;HBtnKey;C:\WINDOWS\system32\DRIVERS\cpqbttn.sys
R3 MQAC;Message Queuing access control;\??\C:\WINDOWS\system32\drivers\mqac.sys
R3 nvsmu;nvsmu;C:\WINDOWS\system32\DRIVERS\nvsmu.sys
R3 RMCAST;Reliable Multicast Protocol driver;\??\C:\WINDOWS\system32\drivers\RMCast.sys
S3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;C:\WINDOWS\system32\Drivers\5U870CAP.sys


Contents of the 'Scheduled Tasks' folder
2007-09-02 14:56:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
2007-09-02 17:50:14 C:\WINDOWS\Tasks\XoftSpySE 2.job
2007-09-01 16:59:23 C:\WINDOWS\Tasks\XoftSpySE.job - C:\Program Files\XoftSpySE\XoftSpy.exe
2007-08-31 16:00:00 C:\WINDOWS\Tasks\{099DE883-9D32-4660-9797-732D9171318E}_YOUR-0CDC4F5844_Ryan.job - C:\WINDOWS\system32\mobsync.exe
2007-08-31 23:00:00 C:\WINDOWS\Tasks\{138D5F23-48D9-4D40-BAEB-22622D88FC99}_YOUR-0CDC4F5844_Ryan.job - C:\WINDOWS\system32\mobsync.exe
2007-08-31 23:00:00 C:\WINDOWS\Tasks\{B1AEE00D-EA1B-4C4C-88FB-E04C56C63D0E}_YOUR-0CDC4F5844_Ryan.job - C:\WINDOWS\system32\mobsync.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-02 10:50:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-09-02 10:53:08 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-02 10:52
C:\ComboFix2.txt ... 2007-09-02 09:21

--- E O F ---

#6 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:04:54 PM

Posted 02 September 2007 - 01:46 PM

Hi,

Did you uninstall Registry Drill as I instructed? If not, please uninstall it first.
In case you already uninstalled it, delete next folder afterwards: C:\Program Files\Registry Drill

Also delete the C:\Qoobox folder

Then, Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 2.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 2".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation, Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    - Examples of older versions in Add or Remove Programs:
    • Java 2 Runtime Environment, SE v1.4.2
    • J2SE Runtime Environment 5.0
    • J2SE Runtime Environment 5.0 Update 6
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u2-windows-i586-p.exe to install the newest version.
Post a new HijackThislog in your next reply.

Edited by miekiemoes, 02 September 2007 - 01:47 PM.

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 Ihatevundo777

Ihatevundo777
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:54 AM

Posted 02 September 2007 - 02:38 PM

Ok did it.

ComboFix 07-08-30.3 - "Ryan" 2007-09-02 12:28:55.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.564 [GMT -7:00]


((((((((((((((((((((((((( Files Created from 2007-08-02 to 2007-09-02 )))))))))))))))))))))))))))))))


2007-09-02 12:24 <DIR> d-------- C:\WINDOWS\LastGood
2007-09-02 09:09 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-31 17:23 <DIR> d---s---- C:\DOCUME~1\LOCALS~1\Temporary Internet Files
2007-08-31 17:23 <DIR> d---s---- C:\DOCUME~1\LOCALS~1\History
2007-08-31 17:23 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Yahoo!
2007-08-31 17:23 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Google
2007-08-31 12:59 <DIR> d-------- C:\Program Files\Trend Micro
2007-08-28 19:31 34,630,735 --a------ C:\WINDOWS\Backup.reg
2007-08-28 19:01 34,677,294 --a------ C:\WINDOWS\Verify.reg
2007-08-28 19:00 720,896 --a------ C:\WINDOWS\iun6002ev.exe
2007-08-27 18:42 89,360 --a------ C:\WINDOWS\system32\VB5DB.DLL
2007-08-27 18:42 81,920 --a------ C:\WINDOWS\system32\viscomwave.dll
2007-08-27 18:42 323,584 --a------ C:\WINDOWS\system32\FoxImager.dll
2007-08-27 18:42 1,118,208 --a------ C:\WINDOWS\system32\NMSDVDXU.dll
2007-08-27 14:10 1,202,853 --a------ C:\WINDOWS\system32\dn090e3069.dat
2007-08-27 12:44 <DIR> d-------- C:\DOCUME~1\RYAN~1.YOU\APPLIC~1\Sonic
2007-08-27 12:43 <DIR> d-------- C:\DOCUME~1\RYAN~1.YOU\APPLIC~1\Leadertech
2007-08-26 00:37 <DIR> d-------- C:\DOCUME~1\RYAN~1.YOU\APPLIC~1\Real
2007-08-25 14:53 <DIR> d-------- C:\Program Files\MagicISO
2007-08-23 21:13 <DIR> d-------- C:\Program Files\LimeWire Download Accelerator
2007-08-22 22:12 <DIR> d-------- C:\Program Files\Astraware
2007-08-22 22:09 86,016 --a------ C:\WINDOWS\unvise32.exe
2007-08-22 22:08 <DIR> d-------- C:\Program Files\Hexacto Games
2007-08-22 21:54 <DIR> d-------- C:\Program Files\CherrySoft
2007-08-22 21:54 <DIR> d-------- C:\DOCUME~1\RYAN~1~1\LOCALS~1
2007-08-22 21:51 <DIR> d-------- C:\Program Files\COTP Install
2007-08-22 21:48 <DIR> d-------- C:\DOCUME~1\RYAN~1.YOU\APPLIC~1\WinRAR
2007-08-22 19:23 <DIR> d-------- C:\Program Files\uTorrent
2007-08-22 19:23 <DIR> d-------- C:\DOCUME~1\RYAN~1.YOU\APPLIC~1\uTorrent
2007-08-20 13:26 <DIR> d-------- C:\Program Files\AvantGo Connect
2007-08-17 17:48 <DIR> d-------- C:\Program Files\PokerStars


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-09-02 12:28 --------- d-------- C:\Program Files\SP2 Connection Patcher
2007-09-02 12:23 359040 --a------ C:\WINDOWS\system32\drivers\OLD4.tmp
2007-08-31 19:46 --------- d-------- C:\Program Files\Symantec AntiVirus
2007-08-29 19:03 --------- d-------- C:\Program Files\XoftSpySE
2007-08-29 12:46 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-27 18:26 --------- d-------- C:\DOCUME~1\RYAN~1.YOU\APPLIC~1\LimeWire
2007-08-23 19:00 --------- d-------- C:\Program Files\Microsoft ActiveSync
2007-08-21 12:59 --------- d-------- C:\Program Files\LimeWire
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll
2007-06-26 08:13 851968 --------- C:\WINDOWS\system32\dllcache\vgx.dll
2007-06-26 07:35 665600 --------- C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-25 23:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-25 23:08 1104896 --------- C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-19 06:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-19 06:31 282112 --------- C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-15 01:12 96256 --------- C:\WINDOWS\system32\dllcache\inseng.dll
2007-06-15 01:12 616960 --------- C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-15 01:12 55808 --------- C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-15 01:12 532480 --------- C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-15 01:12 474112 --------- C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-06-15 01:12 449024 --------- C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-15 01:12 39424 --------- C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-06-15 01:12 357888 --------- C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-06-15 01:12 3064320 --------- C:\WINDOWS\system32\dllcache\mshtml.dll
2007-06-15 01:12 251904 --------- C:\WINDOWS\system32\dllcache\iepeers.dll
2007-06-15 01:12 205824 --------- C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-06-15 01:12 16384 --------- C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-15 01:12 151040 --------- C:\WINDOWS\system32\dllcache\cdfview.dll
2007-06-15 01:12 1498112 --------- C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-06-15 01:12 146432 --------- C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-15 01:12 1054208 --------- C:\WINDOWS\system32\dllcache\danim.dll
2007-06-15 01:12 1022976 --------- C:\WINDOWS\system32\dllcache\browseui.dll
2007-06-14 03:32 18432 --------- C:\WINDOWS\system32\dllcache\iedw.exe
2007-06-13 03:23 1033216 --a------ C:\WINDOWS\explorer.exe
2007-06-13 03:23 1033216 --------- C:\WINDOWS\system32\dllcache\explorer.exe
2007-05-17 20:52 630784 --a------ C:\DOCUME~1\RYAN~1.YOU\GoToAssist_chat2way__317_en.exe
2006-11-29 19:28 630784 --a------ C:\DOCUME~1\Ryan\chatlnk.exe
2006-02-19 03:28 12288 --a------ C:\WINDOWS\Fonts.\RandFont.dll
2002-07-26 18:02 153088 --a------ C:\Program Files\UNWISE.EXE


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-03 22:58]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-18 01:00]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-18 01:00]
"nwiz"="nwiz.exe" [2006-08-18 01:00 C:\WINDOWS\system32\nwiz.exe]
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-01 17:02 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 11:33]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-07-28 06:43]
"Active Web Reader"="C:\Program Files\Deskshare\Active Web Reader\Active Web Reader.exe" []
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 16:30]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-04-08 15:52]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2005-04-17 12:30]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-05-26 12:45]
"XoftSpySE"="C:\Program Files\XoftSpySE\xoftspy.exe" [2007-08-22 19:45]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-03-27 15:22]
"SP2 Connection Patcher"="C:\Program Files\SP2 Connection Patcher\SP2ConnPatcher.exe" [2005-07-11 04:51]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-02 22:42]

C:\DOCUME~1\RYAN~1.PC2\STARTM~1\Programs\Startup\
Connection Manager.lnk - C:\Program Files\SBC\Connection Manager\CManager.exe [2007-02-11 21:32:02]

C:\DOCUME~1\Ryan\STARTM~1\Programs\Startup\
Connection Manager.lnk - C:\Program Files\SBC\Connection Manager\CManager.exe [2007-02-11 21:32:02]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

R2 MSMQ;Message Queuing;C:\WINDOWS\system32\mqsvc.exe
R2 MSMQTriggers;Message Queuing Triggers;C:\WINDOWS\system32\mqtgsvc.exe
R3 HBtnKey;HBtnKey;C:\WINDOWS\system32\DRIVERS\cpqbttn.sys
R3 MQAC;Message Queuing access control;\??\C:\WINDOWS\system32\drivers\mqac.sys
R3 nvsmu;nvsmu;C:\WINDOWS\system32\DRIVERS\nvsmu.sys
R3 RMCAST;Reliable Multicast Protocol driver;\??\C:\WINDOWS\system32\drivers\RMCast.sys
S3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;C:\WINDOWS\system32\Drivers\5U870CAP.sys


Contents of the 'Scheduled Tasks' folder
2007-09-02 14:56:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
2007-09-02 19:23:07 C:\WINDOWS\Tasks\XoftSpySE 2.job - C:\Program Files\XoftSpySE\XoftSpy.exe
2007-09-01 16:59:23 C:\WINDOWS\Tasks\XoftSpySE.job - C:\Program Files\XoftSpySE\XoftSpy.exe
2007-08-31 16:00:00 C:\WINDOWS\Tasks\{099DE883-9D32-4660-9797-732D9171318E}_YOUR-0CDC4F5844_Ryan.job - C:\WINDOWS\system32\mobsync.exe
2007-08-31 23:00:00 C:\WINDOWS\Tasks\{138D5F23-48D9-4D40-BAEB-22622D88FC99}_YOUR-0CDC4F5844_Ryan.job - C:\WINDOWS\system32\mobsync.exe
2007-08-31 23:00:00 C:\WINDOWS\Tasks\{B1AEE00D-EA1B-4C4C-88FB-E04C56C63D0E}_YOUR-0CDC4F5844_Ryan.job - C:\WINDOWS\system32\mobsync.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-02 12:32:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-09-02 12:33:14
C:\ComboFix-quarantined-files.txt ... 2007-09-02 12:33
C:\ComboFix2.txt ... 2007-09-02 10:53
C:\ComboFix3.txt ... 2007-09-02 09:21

--- E O F ---

#8 Ihatevundo777

Ihatevundo777
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:54 AM

Posted 02 September 2007 - 03:58 PM

I think it's gone!!!!! My computers running good now!!!

#9 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:04:54 PM

Posted 03 September 2007 - 12:54 AM

Everything looks OK again.

Glad I could help. :thumbsup:

Please read my Prevention page with lots of info and tips how to prevent this in the future.
And if you want to improve speed/system performance after malware removal, take a look here.

Happy Surfing again!
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#10 Ihatevundo777

Ihatevundo777
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:54 AM

Posted 03 September 2007 - 12:10 PM

Your awesome!!!!!!!!!! thank you so much!!!!!!!!!! :thumbsup:

#11 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:04:54 PM

Posted 03 September 2007 - 12:11 PM

You're most welcome :thumbsup:
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#12 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:04:54 PM

Posted 07 September 2007 - 08:41 AM

Since this issue appears resolved ... this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users