Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijacked by AboutBlank


  • This topic is locked This topic is locked
11 replies to this topic

#1 turningintoageek

turningintoageek

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:46 PM

Posted 03 March 2005 - 05:43 PM

Hi,
Was trying to clean up a previous virus, then another, then another, only to be stuck now with About Blank on my internet explorer browser, and many popups for Spyware software and recently a porn one. Ran Adaware, Spybot, AVG, tried to follow other threads on the net, can't get rid of it. Sometimes my desktop comes up with no icons - I get it back by rebooting, and if that fails I run in Safemode and run Adaware and AVG which find stuff - fix it and it works. But new things keep popping up almost everytime (though BackDoor.Small virus has appeared a few times). The only common thread is that about blank remains come what may.

I tried to follow the http://www.bleepingcomputer/forums/topict4210.html but can't get passed step 3 as I don't have the AppInit_DLL's directory under hkey_local_machine\software\microsoft\windows nt\currentversion\windows\

My HJT log below - any help or advise would be most appreciated

Many thanks!

Logfile of HijackThis v1.99.1
Scan saved at 22:25:36, on 03/03/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\QUICKT~1\qttask.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\System32\devldr32.exe
C:\PROGRA~1\HEWLET~1\HPSOFT~1\HPWuSchd.exe
C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpotdd01.exe
C:\WINDOWS\System32\GSICON.EXE
C:\WINDOWS\System32\dslagent.exe
C:\PROGRA~1\COMMON~1\Real\UPDATE~1\REALSC~1.EXE
C:\PROGRA~1\Thomson\SPEEDT~1\Dragdiag.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\addhw32.exe
C:\PROGRA~1\Plaxo\210~1.80\INSTAL~1.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\ISS\BlackICE\blackice.exe
C:\PROGRA~1\Webshots\WEBSHO~1.EXE
C:\WINDOWS\Nhksrv.exe
C:\WINDOWS\System32\PackethSvc.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ISS\BlackICE\blackd.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\ieag32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Florentia Buckingham\My Documents\adaware\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/uk/enu/gen/default.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\qtbfq.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\qtbfq.dll/sp.html#28129
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\qtbfq.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\qtbfq.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\qtbfq.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\qtbfq.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\qtbfq.dll/sp.html#28129
R3 - Default URLSearchHook is missing
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {D6E783C4-58F7-1BE4-6BF8-6325B77235B8} - C:\WINDOWS\system32\apins32.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\PROGRA~1\QUICKT~1\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [addhw32.exe] C:\WINDOWS\system32\addhw32.exe
O4 - HKLM\..\RunServices: [USB Hardware32 Monitoring] USBHAR~1.EXE
O4 - HKLM\..\RunOnce: [nethw.exe] C:\WINDOWS\system32\nethw.exe
O4 - HKLM\..\RunOnce: [d3yx32.exe] C:\WINDOWS\d3yx32.exe
O4 - HKLM\..\RunOnce: [ipbi.exe] C:\WINDOWS\ipbi.exe
O4 - HKLM\..\RunOnce: [ieag32.exe] C:\WINDOWS\system32\ieag32.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.1.0.80\InstallStub.exe -a
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Global Startup: BlackICE PC Protection.lnk = C:\Program Files\ISS\BlackICE\blackice.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - http://down.plaxo.com/down/release/PlaxoInstall.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://apple.speedera.net/qtinstall.info.a...meInstaller.exe
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photobox.co.uk/sg/common/uploader.cab
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://dgl.microsoft.com/downloads/outc.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{203B2F17-2A8A-4D65-B59C-67ABDDF131B3}: NameServer = 213.120.62.102 213.120.62.103
O21 - SSODL: mtkle - {15203979-A7DC-432E-00A1-2AF7B889E292} - C:\WINDOWS\System32\bthebj32.dll
O21 - SSODL: mtklefa - {F0C34EA3-A664-415A-2ABF-C0692B68F6D6} - C:\WINDOWS\System32\psfp32.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\blackd.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: Iomega Activity Disk2 - Iomega Corporation - C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\System32\PackethSvc.exe
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\rapapp.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: xadz - Unknown owner - C:\WINDOWS\oobleg.exe
O23 - Service: Workstation NetLogon Service ( 6Q'8) - Unknown owner - C:\WINDOWS\addjy32.exe (file missing)

BC AdBot (Login to Remove)

 


#2 Daisuke

Daisuke

    Cleaner on Duty


  • Members
  • 5,575 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Romania
  • Local time:11:46 PM

Posted 04 March 2005 - 03:47 AM

Hi

You may want to print out these directions as the Internet will not be available. Please continue with the next step if you run into a problem with the current one. Just be sure to let us know what the problem was when you reply.

This is very important ! Internet Explorer should remain closed during the cleanup. If you open Internet Explorer the fix will fail. (Steps 1 - 8)

Please make sure that you can view all hidden files:
A. On the Tools menu in Windows Explorer, click Folder Options.
B. Click the View tab.
C. Under Hidden files and folders, click Show hidden files and folders.
D. Uncheck Hide extensions for known filetypes and Hide protected operating system files.
How to see hidden files in Windows

Please download About:Buster from here: About:Buster Download. Once it is downloaded extract it to
c:\aboutbuster. We will use that program later in this process. Don't use it yet.

Download Ad-aware SE: here
Install it. When you get the last screen, with the "Finish" button and 3 options, uncheck those three items.
Open AdAware and click the "Check for updates now" link. Close AdAware. Don't use it yet.

Download the cws-hsa.reg file to your desktop. We will use it later.

Step 1:

Go to Start -> Run and type Services.msc, then press the OK button. Look for a service called Workstation NetLogon Service. Double click on that service and press the Stop button, and then set the Startup type to Disabled. Press OK, and close all the windows.

Step 2:

Press control-alt-delete to get into the task manager and end the follow processes if they exist:

ieag32.exe
addhw32.exe


This is very important ! Internet Explorer should remain closed during the cleanup. If you open Internet Explorer the fix will fail. (Steps 1 - 8)

Step 3:
Run HijackThis!, press "Scan" and tick the boxes next to all these, close all other windows and browsers, then press "Fix Checked" button.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\qtbfq.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\qtbfq.dll/sp.html#28129
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\qtbfq.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\qtbfq.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\qtbfq.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\qtbfq.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\qtbfq.dll/sp.html#28129
R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {D6E783C4-58F7-1BE4-6BF8-6325B77235B8} - C:\WINDOWS\system32\apins32.dll

O4 - HKLM\..\Run: [addhw32.exe] C:\WINDOWS\system32\addhw32.exe
O4 - HKLM\..\RunServices: [USB Hardware32 Monitoring] USBHAR~1.EXE
O4 - HKLM\..\RunOnce: [nethw.exe] C:\WINDOWS\system32\nethw.exe
O4 - HKLM\..\RunOnce: [d3yx32.exe] C:\WINDOWS\d3yx32.exe
O4 - HKLM\..\RunOnce: [ipbi.exe] C:\WINDOWS\ipbi.exe
O4 - HKLM\..\RunOnce: [ieag32.exe] C:\WINDOWS\system32\ieag32.exe

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O21 - SSODL: mtkle - {15203979-A7DC-432E-00A1-2AF7B889E292} - C:\WINDOWS\System32\bthebj32.dll
O21 - SSODL: mtklefa - {F0C34EA3-A664-415A-2ABF-C0692B68F6D6} - C:\WINDOWS\System32\psfp32.dll

O23 - Service: xadz - Unknown owner - C:\WINDOWS\oobleg.exe
O23 - Service: Workstation NetLogon Service ( 6Q'8) - Unknown owner - C:\WINDOWS\addjy32.exe (file missing)


Step 4:
Reboot your computer into Safe Mode.

I now need you to delete the following files:

C:\WINDOWS\qtbfq.dll <-- this file
C:\WINDOWS\system32\apins32.dll <-- this file
C:\WINDOWS\system32\addhw32.exe <-- this file
USBhardware32.exe <-- this file
C:\WINDOWS\system32\nethw.exe <-- this file
C:\WINDOWS\d3yx32.exe <-- this file
C:\WINDOWS\ipbi.exe <-- this file
C:\WINDOWS\system32\ieag32.exe <-- this file
C:\WINDOWS\System32\bthebj32.dll <-- this file
C:\WINDOWS\System32\psfp32.dll <-- this file
C:\WINDOWS\oobleg.exe <-- this file
C:\WINDOWS\addjy32.exe <-- this file

If you get an error when deleting a file, right click on the file and check to see if the read only attribute is checked. if it is, uncheck it and try again.

Step 5:

Double-click on the cws-hsa.reg file you saved earlier on your desktop, and when it prompts to merge say Yes, and this will clear some registry entries left behind by the process.

Step 6:

This is the step where we will use About:Buster that you had downloaded previously.

Navigate to the c:\aboutbuster directory and double-click on aboutbuster.exe When the tool is open press the OK button, then the Start button, then the OK button, and then finally the Yes button. It will start scanning your computer for files. If it asks if you would like to do a second pass, allow it to do so.

When it completed move on to step 7.

Step 7:

Run AdAware, press the Start button, uncheck Scan for negligible risk entries, select Scan Volume for ADS and press Next. Let AdAware remove anything it finds.

Run AdAware again, press the "Start" button, uncheck "Scan for negligible risk entries", select "Perform full system scan" and press "Next". Let AdAware remove anything it finds.


Step 8:

Clean out temporary and Temporary Internet Files. Go to Start -> Run and type in the box: cleanmgr. Let it scan your system for files to remove. Make sure these 3 are checked and then press *ok* to remove:

Temporary Files
Temporary Internet Files
Recycle Bin

Step 9:
Reboot your computer back to normal mode so that we can restore files that were deleted by this infection:
  • This infection deletes the windows file, shell.dll.
    If you are using XP,2000, or NT please download shell.dll from here: shell-dll.zip. Once the file is downloaded uncompress the zip file and copy shell.dll to the following locations (%windir% being the windows or winnt directory):

    %windir%\system32
    %windir%\system
  • If you are using Windows 98*Grinler please download shell.dll from here: shell-dll98.zip. Once the file is downloaded uncompress the zip file and copy shell.dll to the following locations (%windir% being the windows or winnt directory):

    %windir%\system
  • Download the Hoster from here. Press Restore Original Hosts and press OK. Exit Program. This will restore the original deleted Hosts file.
  • If you have Spybot S&D installed you will also need to replace one file. Go here: SDHelper.zip and download SDHelper.dll. Copy the file to the folder containing you Spybot S&D program (normally C:\Program Files\Spybot - Search & Destroy). Then click Start -> Run -> type regsvr32 "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll and press the OK button
Step 10:

Please check Internet Explorer settings:
Open Internet Explorer - > Tools -> Internet Options ... -> click the Security tab -> click Internet icon -> press the Custom Level ,,, button.
Under ActiveX controls and plug-ins tick:
- Download signed ActiveX controls - Prompt
- Download unsigned ActiveX controls Disable
- Initialize and script ActiveX controls not marked as safe Disable
- Run ActiveX controls and plug-ins Enabled
- Script ActiveX controls marked safe for scripting Prompt

Run an online antivirus scan at:
http://housecall.antivirus.com/
Please make sure that AutoClean is checked.

Reboot and post a new HJT log.
Everyday is virus day. Do you know where your recovery CDs are ?
Did you create them yet ?

Posted Image

#3 turningintoageek

turningintoageek
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:46 PM

Posted 04 March 2005 - 05:49 PM

Bad news I'm afraid - have completely killed the computer - will not run any executable application AT ALL, I get 'WIndows cannot find 'exectuable' (eg. ad-aware.exe). Make sure you typed the name correctly ...'

It may well not be your instructions - just the way I carried them out! Here's what I did if it's any help -
- Step 1 - Fine, other than Workstation NEtLogon Service was already stopped, so I only disabled it.

Step 2 - found and deleted only addhw32.exe

Step 3 - Here's where I may have screwed up! In the new HJT scan, I could not find any of the references to qtbfq.dll that were in my previous log, but instead the exact same strings now ended with hbywy.dll. Having read in the past that the about blank didnt have a fixed dll name for the computers it corrupted, I made an executive (probably stupid) decision to check the hbywy.dll entries that appeared identical to your suggested qtbfq.dll.
Found all the rest of the entries except O4-HKLM\..\RunOnce ones. The only RunOnce occurence ended with sysxc.exe, which I left alone. BY THE WAY, NOW, when I reboot the computer, the first error message I get is
'Cannot Find c:\windows\system32\sysxc.exe'

Step 4 - In safe mode, I deleted all files mentioned with the following exceptions
- qtbfq.dll could not find, but as before, I deleted hbywy.dll instead
- apins32.dll did not find
- USBhardware 32 did not find
- ipbi.exe did not find
- addjy32.exe did not find
- Also note that netw.exe, d3yx32.exe and ipbi.exe exist also in a directory called c:\windows\prefetch\ but I left them as they are

Step 5 - Fine

Step 6 - here's the 2nd reason I may have screwed up. When I downloaded About:Buster at the very beginning, I noted your request to make sure it's extracted in c:\aboutbuster and created an AboutBuster directory under C: before extracting from winzip. However, now I had duplicated the directory it would have created automatically, so now I had c:\aboutbuster\aboutbuster\ then the files.
When I came to actually use aboutbuster in this step, I stupidly decided to rename/move etc directories so as to remove the duplicate directories. But then the aboutbuster executable file didn't work. So... and here's where things got messy, I pressed UNDO a number of times, to bring things back to the duplicate tree, Now, About Buster executable WAS working,
but worried that I may have pressed UNDO too many times (and what if I undeleted some of the Step 4 files? ) before pressing OK to AboutBuster to scan, I went back into explorer to check the Step4 files had gone. Well, they hadn't. Most of them were back... was it my UNDO, or was it the function of Step 5 to put them back? I deleted them once again, and RAN STEP 5 AGAIN.
Ran About Buster twice, fine, logged 2 things it deleted.
Tried to open Notepad to copy and paste the log - that's when I realised something was terribly wrong! Windows cannot recognise the Notepad executable.

Step 7 - tried to run AdAware, got ''Windows cannot find Ad-aware.exe", same for

Step 8 - windows couldn't recognise cleanmgr executable. Tried opening Word, same.

Rebooted, got first error message I get is
'Cannot Find c:\windows\system32\sysxc.exe' and then everything I tried to run got the same 'windows cannot find ...... message.


I don't know whether you had the patience to read through all of that, or indeed whether it's relevant at this diar moment, but I hope you can make some sense of what actually wrong. If you think it's at an irrecoverable state, should I reinstall the whole OS? I only backed up the critical stuff I needed (typical!), please let me know if there's a way in DOS to copy onto a cd some of the rest of my documents before the computer's funeral!

Guess I better change my username and begin outsourcing my technical issues!

Best regards, and thanks for trying to help

#4 Daisuke

Daisuke

    Cleaner on Duty


  • Members
  • 5,575 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Romania
  • Local time:11:46 PM

Posted 04 March 2005 - 05:56 PM

Post please a new hijackthis log.
Everyday is virus day. Do you know where your recovery CDs are ?
Did you create them yet ?

Posted Image

#5 turningintoageek

turningintoageek
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:46 PM

Posted 07 March 2005 - 02:12 PM

Hi again,

Not sure why you asked for an HJT log since I mentioned I can't run any .exe files...(including Hijackthis) but anyways, the good news is I searched on the internet and found a simple way to fix the .exe problem, on this site http://windowsxp.mvps.org/exefile.htm. My registry entry had something called oobleg in the HT_CLASSES_ROOT\exefile\shell\open\command which I removed and kept only "%1" %*

So. I then continued with your instructions from step 7 where I'd left off.

Computer seems to be running fine, ABOUT BLANK IS GONE! yepee..!
only things are:
- adaware got through most of the scan, then got stuck on Searching IE Favourites. When I ran it in normal mode, it found 2 critical objects & deleted them
- The online scan (step 10) went on for hours and then froze, don't know if that's a big deal or not.

Thanks again for your help - here's my latest HJL

Logfile of HijackThis v1.99.1
Scan saved at 18:59:01, on 07/03/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Nhksrv.exe
C:\WINDOWS\System32\PackethSvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ISS\BlackICE\blackd.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\QUICKT~1\qttask.exe
C:\WINDOWS\System32\devldr32.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\System32\GSICON.EXE
C:\WINDOWS\System32\dslagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Plaxo\2.1.0.80\InstallStub.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\ISS\BlackICE\blackice.exe
C:\Program Files\Webshots\WebshotsTray.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Outlook Express\msimn.exe
C:\Documents and Settings\Florentia Buckingham\My Documents\adaware\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/uk/enu/gen/default.htm
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - c:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\PROGRA~1\QUICKT~1\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.1.0.80\InstallStub.exe -a
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Global Startup: BlackICE PC Protection.lnk = C:\Program Files\ISS\BlackICE\blackice.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-beta.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - http://down.plaxo.com/down/release/PlaxoInstall.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://apple.speedera.net/qtinstall.info.a...meInstaller.exe
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photobox.co.uk/sg/common/uploader.cab
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://dgl.microsoft.com/downloads/outc.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{203B2F17-2A8A-4D65-B59C-67ABDDF131B3}: NameServer = 213.120.62.102 213.120.62.103
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\blackd.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE

#6 Daisuke

Daisuke

    Cleaner on Duty


  • Members
  • 5,575 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Romania
  • Local time:11:46 PM

Posted 07 March 2005 - 03:50 PM

1. Download SYSCLEAN.COM from Trend Micro site:
http://www.trendmicro.com/ftp/products/tsc/sysclean.com

2. Create a temporary folder and copy SYSCLEAN.COM into this folder
NOTE: This temporary folder should be created on a local or mapped drive

3. Download the latest pattern file (as in lpt482.zip where the last 3 digits indicate a virus pattern number) from Trend Micro site:
http://www.trendmicro.com/download/pattern.asp.

Extract the downloaded ZIP pattern file into the created folder

REBOOT into SafeMode.

4. Close all applications running on your system

5. Run the System Cleaner by double-clicking the executable file SYSCLEAN.COM in Windows Explorer:

6. Make sure "Automatically Clean Infected Files" is checked and click "Scan"

7. At the end of the scanning process this fix tool generates a log file, SYSCLEAN.LOG, in its current folder. Click the "View Log" button, copy the log and post it here.

Post a new HijackThis log please.
Everyday is virus day. Do you know where your recovery CDs are ?
Did you create them yet ?

Posted Image

#7 turningintoageek

turningintoageek
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:46 PM

Posted 08 March 2005 - 09:01 AM

Hi,
ran sysclean, log below showing 42 viruses (!!!!) yaychs -are all our computers this filthy or is it just mine???????, and I don't know if it successfully got rid of them! computer still seems to be working fine though, fast and still no AboutBlank!

Below, sysclean log first, followed by new HJL

Thanks again for all your help, and seing through to a clean conclusion!

/--------------------------------------------------------------\
| Trend Micro Sysclean Package |
| Copyright 2002, Trend Micro, Inc. |
| http://www.trendmicro.com |
\--------------------------------------------------------------/


2005-03-08, 09:51:14, Auto-clean mode specified.
2005-03-08, 09:51:14, Running scanner "C:\Documents and Settings\Florentia Buckingham\My Documents\temp sysclean\TSC.BIN"...
2005-03-08, 09:53:02, Scanner "C:\Documents and Settings\Florentia Buckingham\My Documents\temp sysclean\TSC.BIN" has finished running.
2005-03-08, 09:53:02, TSC Log:

Damage Cleanup Engine (DCE) 3.9(Build 1020)
Windows XP(Build 2600: )

Start time : Tue Mar 08 2005 09:51:14

Load Damage Cleanup Template (DCT) "C:\Documents and Settings\Florentia Buckingham\My Documents\temp sysclean\tsc.ptn" (version 555) [success]

Complete time : Tue Mar 08 2005 09:53:02
Execute pattern count(2092), Virus found count(0), Virus clean count(0), Clean failed count(0)

2005-03-08, 09:53:24, An error occurred while scanning file "C:\Documents and Settings\Administrator\NTUSER.DAT": Access is denied.
2005-03-08, 09:53:24, An error occurred while scanning file "C:\Documents and Settings\Administrator\ntuser.dat.LOG": Access is denied.
2005-03-08, 09:53:26, An error occurred while scanning file "C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat": Access is denied.
2005-03-08, 09:53:26, An error occurred while scanning file "C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG": Access is denied.
2005-03-08, 09:54:08, Could not set file for reading on "C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp": Access is denied.
2005-03-08, 12:13:56, Could not set file for reading on "C:\Program Files\EPSON\EPSON PhotoQuicker3.5\Config\User\Florentia Buckingham.pq3": Access is denied.
2005-03-08, 12:44:26, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB824141$\sysmain.sdb": Access is denied.
2005-03-08, 12:44:26, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB824141$\user32.dll": Access is denied.
2005-03-08, 12:44:26, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB824141$\win32k.sys": Access is denied.
2005-03-08, 12:44:27, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB828035$\msgsvc.dll": Access is denied.
2005-03-08, 12:44:27, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB828035$\wkssvc.dll": Access is denied.
2005-03-08, 12:44:27, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB828741$\catsrv.dll": Access is denied.
2005-03-08, 12:44:27, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll": Access is denied.
2005-03-08, 12:44:27, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll": Access is denied.
2005-03-08, 12:44:27, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll": Access is denied.
2005-03-08, 12:44:27, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB828741$\colbact.dll": Access is denied.
2005-03-08, 12:44:27, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll": Access is denied.
2005-03-08, 12:44:27, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe": Access is denied.
2005-03-08, 12:44:27, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll": Access is denied.
2005-03-08, 12:44:27, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB828741$\comuid.dll": Access is denied.
2005-03-08, 12:44:27, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB828741$\es.dll": Access is denied.
2005-03-08, 12:44:27, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll": Access is denied.
2005-03-08, 12:44:27, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll": Access is denied.
2005-03-08, 12:44:27, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll": Access is denied.
2005-03-08, 12:44:27, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll": Access is denied.
2005-03-08, 12:44:27, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll": Access is denied.
2005-03-08, 12:44:27, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB828741$\ole32.dll": Access is denied.
2005-03-08, 12:44:27, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll": Access is denied.
2005-03-08, 12:44:27, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB828741$\rpcss.dll": Access is denied.
2005-03-08, 12:44:27, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB828741$\txflog.dll": Access is denied.
2005-03-08, 12:44:28, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB835732$\browser.dll": Access is denied.
2005-03-08, 12:44:28, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB835732$\callcont.dll": Access is denied.
2005-03-08, 12:44:28, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll": Access is denied.
2005-03-08, 12:44:28, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB835732$\h323.tsp": Access is denied.
2005-03-08, 12:44:28, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll": Access is denied.
2005-03-08, 12:44:28, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll": Access is denied.
2005-03-08, 12:44:28, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll": Access is denied.
2005-03-08, 12:44:28, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll": Access is denied.
2005-03-08, 12:44:28, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll": Access is denied.
2005-03-08, 12:44:28, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB835732$\msgina.dll": Access is denied.
2005-03-08, 12:44:28, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB835732$\mst120.dll": Access is denied.
2005-03-08, 12:44:28, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll": Access is denied.
2005-03-08, 12:44:28, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll": Access is denied.
2005-03-08, 12:44:28, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll": Access is denied.
2005-03-08, 12:44:28, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB835732$\schannel.dll": Access is denied.
2005-03-08, 12:44:28, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB837001$\dao360.dll": Access is denied.
2005-03-08, 12:44:28, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB837001$\expsrv.dll": Access is denied.
2005-03-08, 12:44:28, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB837001$\msexch40.dll": Access is denied.
2005-03-08, 12:44:28, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB837001$\msexcl40.dll": Access is denied.
2005-03-08, 12:44:28, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB837001$\msjet40.dll": Access is denied.
2005-03-08, 12:44:28, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB837001$\msjetoledb40.dll": Access is denied.
2005-03-08, 12:44:28, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB837001$\msjint40.dll": Access is denied.
2005-03-08, 12:44:28, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB837001$\msjter40.dll": Access is denied.
2005-03-08, 12:44:28, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB837001$\msjtes40.dll": Access is denied.
2005-03-08, 12:44:28, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB837001$\msltus40.dll": Access is denied.
2005-03-08, 12:44:28, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB837001$\mspbde40.dll": Access is denied.
2005-03-08, 12:44:28, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB837001$\msrd2x40.dll": Access is denied.
2005-03-08, 12:44:28, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB837001$\msrd3x40.dll": Access is denied.
2005-03-08, 12:44:28, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB837001$\msrepl40.dll": Access is denied.
2005-03-08, 12:44:28, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB837001$\mstext40.dll": Access is denied.
2005-03-08, 12:44:28, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB837001$\mswdat10.dll": Access is denied.
2005-03-08, 12:44:28, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB837001$\mswstr10.dll": Access is denied.
2005-03-08, 12:44:28, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB837001$\msxbde40.dll": Access is denied.
2005-03-08, 12:44:28, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB837001$\vbajet32.dll": Access is denied.
2005-03-08, 12:44:28, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB839645$\shell32.dll": Access is denied.
2005-03-08, 12:44:31, Could not set file for reading on "C:\WINDOWS\$NtUninstallQ309521$\dxmasf.dll": Access is denied.
2005-03-08, 12:44:31, Could not set file for reading on "C:\WINDOWS\$NtUninstallQ309521$\lsasrv.dll": Access is denied.
2005-03-08, 12:44:31, Could not set file for reading on "C:\WINDOWS\$NtUninstallQ309521$\sfcfiles.dll": Access is denied.
2005-03-08, 12:44:31, Could not set file for reading on "C:\WINDOWS\$NtUninstallQ309521$\spuninst\spuninst.exe": Access is denied.
2005-03-08, 12:44:31, Could not set file for reading on "C:\WINDOWS\$NtUninstallQ309521$\spuninst\spuninst.inf": Access is denied.
2005-03-08, 12:44:31, Could not set file for reading on "C:\WINDOWS\$NtUninstallQ314862$\qmgr.dll": Access is denied.
2005-03-08, 12:44:31, Could not set file for reading on "C:\WINDOWS\$NtUninstallQ314862$\spuninst\spuninst.exe": Access is denied.
2005-03-08, 12:44:31, Could not set file for reading on "C:\WINDOWS\$NtUninstallQ314862$\spuninst\spuninst.inf": Access is denied.
2005-03-08, 12:44:31, Could not set file for reading on "C:\WINDOWS\$NtUninstallQ315000$\netsetup.exe": Access is denied.
2005-03-08, 12:44:31, Could not set file for reading on "C:\WINDOWS\$NtUninstallQ315000$\ssdpapi.dll": Access is denied.
2005-03-08, 12:44:31, Could not set file for reading on "C:\WINDOWS\$NtUninstallQ315000$\ssdpsrv.dll": Access is denied.
2005-03-08, 12:44:31, Could not set file for reading on "C:\WINDOWS\$NtUninstallQ315000$\upnp.dll": Access is denied.
2005-03-08, 12:44:31, Could not set file for reading on "C:\WINDOWS\$NtUninstallQ315000$\spuninst\spuninst.exe": Access is denied.
2005-03-08, 12:44:31, Could not set file for reading on "C:\WINDOWS\$NtUninstallQ315000$\spuninst\spuninst.inf": Access is denied.
2005-03-08, 12:44:34, Could not set file for reading on "C:\WINDOWS\$NtUninstallQ323172$\reg00003": Access is denied.
2005-03-08, 12:44:34, Could not set file for reading on "C:\WINDOWS\$NtUninstallQ323172$\reg00005": Access is denied.
2005-03-08, 12:44:34, Could not set file for reading on "C:\WINDOWS\$NtUninstallQ323172$\reg00008": Access is denied.
2005-03-08, 12:44:34, Could not set file for reading on "C:\WINDOWS\$NtUninstallQ323172$\reg00009": Access is denied.
2005-03-08, 12:44:34, Could not set file for reading on "C:\WINDOWS\$NtUninstallQ323172$\reg00010": Access is denied.
2005-03-08, 12:44:34, Could not set file for reading on "C:\WINDOWS\$NtUninstallQ323172$\reg00011": Access is denied.
2005-03-08, 12:44:38, Could not set file for reading on "C:\WINDOWS\$NtUninstallQ328940$\reg00003": Access is denied.
2005-03-08, 12:44:43, Could not set file for reading on "C:\WINDOWS\$NtUninstallQ828026$\msdxm.ocx": Access is denied.
2005-03-08, 12:44:43, Could not set file for reading on "C:\WINDOWS\$NtUninstallQ828026$\wmpcore.dll": Access is denied.
2005-03-08, 12:48:46, Could not set file for reading on "C:\WINDOWS\Prefetch\ACTIVITYDISK.EXE-17C4F44B.pf": Access is denied.
2005-03-08, 12:48:46, Could not set file for reading on "C:\WINDOWS\Prefetch\AD-AWARE.EXE-1853B83A.pf": Access is denied.
2005-03-08, 12:48:46, Could not set file for reading on "C:\WINDOWS\Prefetch\AD-AWARE.EXE-32CAB6BB.pf": Access is denied.
2005-03-08, 12:48:46, Could not set file for reading on "C:\WINDOWS\Prefetch\ADDEC.EXE-3A5B21DE.pf": Access is denied.
2005-03-08, 12:48:46, Could not set file for reading on "C:\WINDOWS\Prefetch\ADDHW32.EXE-168BBEBF.pf": Access is denied.
2005-03-08, 12:48:46, Could not set file for reading on "C:\WINDOWS\Prefetch\ADDRH.EXE-1FC99E91.pf": Access is denied.
2005-03-08, 12:48:46, Could not set file for reading on "C:\WINDOWS\Prefetch\AGENTSVR.EXE-260B72BD.pf": Access is denied.
2005-03-08, 12:48:46, Could not set file for reading on "C:\WINDOWS\Prefetch\ALG.EXE-275708CF.pf": Access is denied.
2005-03-08, 12:48:46, Could not set file for reading on "C:\WINDOWS\Prefetch\ATLXN32.EXE-2A4C60DC.pf": Access is denied.
2005-03-08, 12:48:46, Could not set file for reading on "C:\WINDOWS\Prefetch\AUPATCH.DAT-1C1C3D9A.pf": Access is denied.
2005-03-08, 12:48:46, Could not set file for reading on "C:\WINDOWS\Prefetch\AUUNZIP.DAT-04ADCFA5.pf": Access is denied.
2005-03-08, 12:48:46, Could not set file for reading on "C:\WINDOWS\Prefetch\AUUPDATE.DAT-04AFD1BA.pf": Access is denied.
2005-03-08, 12:48:46, Could not set file for reading on "C:\WINDOWS\Prefetch\AVGAMSVR.EXE-18F4AEB6.pf": Access is denied.
2005-03-08, 12:48:46, Could not set file for reading on "C:\WINDOWS\Prefetch\AVGCC.EXE-02F8B9EE.pf": Access is denied.
2005-03-08, 12:48:46, Could not set file for reading on "C:\WINDOWS\Prefetch\AVGEMC.EXE-22D9ADD8.pf": Access is denied.
2005-03-08, 12:48:46, Could not set file for reading on "C:\WINDOWS\Prefetch\AVGINET.EXE-0005112E.pf": Access is denied.
2005-03-08, 12:48:46, Could not set file for reading on "C:\WINDOWS\Prefetch\AVGUPDLN.EXE-1BFF93FA.pf": Access is denied.
2005-03-08, 12:48:46, Could not set file for reading on "C:\WINDOWS\Prefetch\AVGUPSVC.EXE-2E36F396.pf": Access is denied.
2005-03-08, 12:48:46, Could not set file for reading on "C:\WINDOWS\Prefetch\AVGW.EXE-19FBC262.pf": Access is denied.
2005-03-08, 12:48:46, Could not set file for reading on "C:\WINDOWS\Prefetch\AVGW.EXE-30DE450D.pf": Access is denied.
2005-03-08, 12:48:46, Could not set file for reading on "C:\WINDOWS\Prefetch\AVGWB.DAT-13E36C0C.pf": Access is denied.
2005-03-08, 12:48:46, Could not set file for reading on "C:\WINDOWS\Prefetch\AVGWB.DAT-340E548B.pf": Access is denied.
2005-03-08, 12:48:46, Could not set file for reading on "C:\WINDOWS\Prefetch\BLACKD.EXE-37C98E0B.pf": Access is denied.
2005-03-08, 12:48:46, Could not set file for reading on "C:\WINDOWS\Prefetch\BLACKICE.EXE-15EE685A.pf": Access is denied.
2005-03-08, 12:48:46, Could not set file for reading on "C:\WINDOWS\Prefetch\BLACKICE.EXE-38372C7B.pf": Access is denied.
2005-03-08, 12:48:46, Could not set file for reading on "C:\WINDOWS\Prefetch\CALC.EXE-02A5B4B1.pf": Access is denied.
2005-03-08, 12:48:46, Could not set file for reading on "C:\WINDOWS\Prefetch\CDANTSRV.EXE-0E2EE2F6.pf": Access is denied.
2005-03-08, 12:48:46, Could not set file for reading on "C:\WINDOWS\Prefetch\CMD.EXE-034B0549.pf": Access is denied.
2005-03-08, 12:48:46, Could not set file for reading on "C:\WINDOWS\Prefetch\CONTROL.EXE-24FBF8B3.pf": Access is denied.
2005-03-08, 12:48:46, Could not set file for reading on "C:\WINDOWS\Prefetch\CRHW32.EXE-028CD958.pf": Access is denied.
2005-03-08, 12:48:46, Could not set file for reading on "C:\WINDOWS\Prefetch\CSRSS.EXE-22452D1B.pf": Access is denied.
2005-03-08, 12:48:46, Could not set file for reading on "C:\WINDOWS\Prefetch\CTFMON.EXE-05E57A5E.pf": Access is denied.
2005-03-08, 12:48:46, Could not set file for reading on "C:\WINDOWS\Prefetch\CTSVCCDA.EXE-260C5CD9.pf": Access is denied.
2005-03-08, 12:48:46, Could not set file for reading on "C:\WINDOWS\Prefetch\D3YM32.EXE-0F49B2B0.pf": Access is denied.
2005-03-08, 12:48:46, Could not set file for reading on "C:\WINDOWS\Prefetch\D3YX32.EXE-18B0DA05.pf": Access is denied.
2005-03-08, 12:48:46, Could not set file for reading on "C:\WINDOWS\Prefetch\DEFRAG.EXE-2858C7E2.pf": Access is denied.
2005-03-08, 12:48:46, Could not set file for reading on "C:\WINDOWS\Prefetch\DEVLDR32.EXE-3266C67C.pf": Access is denied.
2005-03-08, 12:48:46, Could not set file for reading on "C:\WINDOWS\Prefetch\DFRGNTFS.EXE-38C3807C.pf": Access is denied.
2005-03-08, 12:48:46, Could not set file for reading on "C:\WINDOWS\Prefetch\DRAGDIAG.EXE-160DF160.pf": Access is denied.
2005-03-08, 12:48:46, Could not set file for reading on "C:\WINDOWS\Prefetch\DSLAGENT.EXE-3B4FCFB1.pf": Access is denied.
2005-03-08, 12:48:46, Could not set file for reading on "C:\WINDOWS\Prefetch\DUMPREP.EXE-0AF2BF67.pf": Access is denied.
2005-03-08, 12:48:46, Could not set file for reading on "C:\WINDOWS\Prefetch\DWWIN.EXE-2C373FB7.pf": Access is denied.
2005-03-08, 12:48:46, Could not set file for reading on "C:\WINDOWS\Prefetch\EXCEL.EXE-1734EECA.pf": Access is denied.
2005-03-08, 12:48:46, Could not set file for reading on "C:\WINDOWS\Prefetch\EXPLORER.EXE-02121B1A.pf": Access is denied.
2005-03-08, 12:48:46, Could not set file for reading on "C:\WINDOWS\Prefetch\FIREFOX.EXE-2A1B96AB.pf": Access is denied.
2005-03-08, 12:48:46, Could not set file for reading on "C:\WINDOWS\Prefetch\GSICON.EXE-01CF67E8.pf": Access is denied.
2005-03-08, 12:48:46, Could not set file for reading on "C:\WINDOWS\Prefetch\HELPCTR.EXE-0BD5B31B.pf": Access is denied.
2005-03-08, 12:48:46, Could not set file for reading on "C:\WINDOWS\Prefetch\HELPHOST.EXE-30599D66.pf": Access is denied.
2005-03-08, 12:48:46, Could not set file for reading on "C:\WINDOWS\Prefetch\HELPSVC.EXE-1C192440.pf": Access is denied.
2005-03-08, 12:48:46, Could not set file for reading on "C:\WINDOWS\Prefetch\HIJACKTHIS.EXE-0612BF8E.pf": Access is denied.
2005-03-08, 12:48:46, Could not set file for reading on "C:\WINDOWS\Prefetch\HIJACK~1.EXE-2DB58621.pf": Access is denied.
2005-03-08, 12:48:46, Could not set file for reading on "C:\WINDOWS\Prefetch\HOSTER.EXE-246A5742.pf": Access is denied.
2005-03-08, 12:48:46, Could not set file for reading on "C:\WINDOWS\Prefetch\HPOTDD01.EXE-28894533.pf": Access is denied.
2005-03-08, 12:48:46, Could not set file for reading on "C:\WINDOWS\Prefetch\HPWUSCHD.EXE-3B8E69F3.pf": Access is denied.
2005-03-08, 12:48:46, Could not set file for reading on "C:\WINDOWS\Prefetch\HPZTSB08.EXE-2E9C3B31.pf": Access is denied.
2005-03-08, 12:48:46, Could not set file for reading on "C:\WINDOWS\Prefetch\IEAG32.EXE-1A42A489.pf": Access is denied.
2005-03-08, 12:48:46, Could not set file for reading on "C:\WINDOWS\Prefetch\IEXPLORE.EXE-05719FB1.pf": Access is denied.
2005-03-08, 12:48:46, Could not set file for reading on "C:\WINDOWS\Prefetch\IEXPLORE.EXE-2D97EBE6.pf": Access is denied.
2005-03-08, 12:48:46, Could not set file for reading on "C:\WINDOWS\Prefetch\IMAPIROX.EXE-3AF0D493.pf": Access is denied.
2005-03-08, 12:48:46, Could not set file for reading on "C:\WINDOWS\Prefetch\INSTAL~1.EXE-2795314C.pf": Access is denied.
2005-03-08, 12:48:46, Could not set file for reading on "C:\WINDOWS\Prefetch\IPBI.EXE-06E8A4FD.pf": Access is denied.
2005-03-08, 12:48:46, Could not set file for reading on "C:\WINDOWS\Prefetch\IPDQ.EXE-171CC48C.pf": Access is denied.
2005-03-08, 12:48:46, Could not set file for reading on "C:\WINDOWS\Prefetch\IPFQ32.EXE-324A65E2.pf": Access is denied.
2005-03-08, 12:48:46, Could not set file for reading on "C:\WINDOWS\Prefetch\IS-3EC85.TMP-1C4EBFC1.pf": Access is denied.
2005-03-08, 12:48:46, Could not set file for reading on "C:\WINDOWS\Prefetch\IS-8N2RE.TMP-1714C6CD.pf": Access is denied.
2005-03-08, 12:48:46, Could not set file for reading on "C:\WINDOWS\Prefetch\KBLEMA32.EXE-093BF333.pf": Access is denied.
2005-03-08, 12:48:46, Could not set file for reading on "C:\WINDOWS\Prefetch\Layout.ini": Access is denied.
2005-03-08, 12:48:46, Could not set file for reading on "C:\WINDOWS\Prefetch\LOGONUI.EXE-312BE1BF.pf": Access is denied.
2005-03-08, 12:48:46, Could not set file for reading on "C:\WINDOWS\Prefetch\MFCQY32.EXE-295552C4.pf": Access is denied.
2005-03-08, 12:48:46, Could not set file for reading on "C:\WINDOWS\Prefetch\MMC.EXE-3AFB1C2E.pf": Access is denied.
2005-03-08, 12:48:46, Could not set file for reading on "C:\WINDOWS\Prefetch\MONEYE~1.EXE-27958DED.pf": Access is denied.
2005-03-08, 12:48:46, Could not set file for reading on "C:\WINDOWS\Prefetch\MSIMN.EXE-0E6168C9.pf": Access is denied.
2005-03-08, 12:48:46, Could not set file for reading on "C:\WINDOWS\Prefetch\MSIMN.EXE-183B59AF.pf": Access is denied.
2005-03-08, 12:48:46, Could not set file for reading on "C:\WINDOWS\Prefetch\MSMSGS.EXE-0620E8B3.pf": Access is denied.
2005-03-08, 12:48:46, Could not set file for reading on "C:\WINDOWS\Prefetch\MSPMSPSV.EXE-13D52AC2.pf": Access is denied.
2005-03-08, 12:48:46, Could not set file for reading on "C:\WINDOWS\Prefetch\NAVAPW32.EXE-3A192B4E.pf": Access is denied.
2005-03-08, 12:48:46, Could not set file for reading on "C:\WINDOWS\Prefetch\NAVW32.EXE-32139521.pf": Access is denied.
2005-03-08, 12:48:46, Could not set file for reading on "C:\WINDOWS\Prefetch\NCINAA32.EXE-03ACB8E6.pf": Access is denied.
2005-03-08, 12:48:46, Could not set file for reading on "C:\WINDOWS\Prefetch\NET.EXE-151FD66D.pf": Access is denied.
2005-03-08, 12:48:46, Could not set file for reading on "C:\WINDOWS\Prefetch\NET1.EXE-02C3403D.pf": Access is denied.
2005-03-08, 12:48:46, Could not set file for reading on "C:\WINDOWS\Prefetch\NETHW.EXE-11532525.pf": Access is denied.
2005-03-08, 12:48:47, Could not set file for reading on "C:\WINDOWS\Prefetch\NETMR32.EXE-0A9EDCE6.pf": Access is denied.
2005-03-08, 12:48:47, Could not set file for reading on "C:\WINDOWS\Prefetch\NHKSRV.EXE-21432BFE.pf": Access is denied.
2005-03-08, 12:48:47, Could not set file for reading on "C:\WINDOWS\Prefetch\NOTEPAD.EXE-2F2D61E1.pf": Access is denied.
2005-03-08, 12:48:47, Could not set file for reading on "C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf": Access is denied.
2005-03-08, 12:48:47, Could not set file for reading on "C:\WINDOWS\Prefetch\NTVDM.EXE-0A81AB7B.pf": Access is denied.
2005-03-08, 12:48:47, Could not set file for reading on "C:\WINDOWS\Prefetch\NVSVC32.EXE-0756FC6B.pf": Access is denied.
2005-03-08, 12:48:47, Could not set file for reading on "C:\WINDOWS\Prefetch\OOBLEG.EXE-161FE7FA.pf": Access is denied.
2005-03-08, 12:48:47, Could not set file for reading on "C:\WINDOWS\Prefetch\OOBLEG.EXE-161FE7FB.pf": Access is denied.
2005-03-08, 12:48:47, Could not set file for reading on "C:\WINDOWS\Prefetch\OSA.EXE-1C6597E5.pf": Access is denied.
2005-03-08, 12:48:47, Could not set file for reading on "C:\WINDOWS\Prefetch\OSA.EXE-28494AD2.pf": Access is denied.
2005-03-08, 12:48:47, Could not set file for reading on "C:\WINDOWS\Prefetch\OUTLOOK.EXE-1D3BEDBF.pf": Access is denied.
2005-03-08, 12:48:47, Could not set file for reading on "C:\WINDOWS\Prefetch\PACKETHSVC.EXE-1003949F.pf": Access is denied.
2005-03-08, 12:48:47, Could not set file for reading on "C:\WINDOWS\Prefetch\PATCH.EXE-1F0BC711.pf": Access is denied.
2005-03-08, 12:48:47, Could not set file for reading on "C:\WINDOWS\Prefetch\PLX_LINK.EXE-0157DFD1.pf": Access is denied.
2005-03-08, 12:48:47, Could not set file for reading on "C:\WINDOWS\Prefetch\POWERPNT.EXE-1093DB6D.pf": Access is denied.
2005-03-08, 12:48:47, Could not set file for reading on "C:\WINDOWS\Prefetch\QSERVER.EXE-34CD6791.pf": Access is denied.
2005-03-08, 12:48:47, Could not set file for reading on "C:\WINDOWS\Prefetch\QTTASK.EXE-124B47EF.pf": Access is denied.
2005-03-08, 12:48:47, Could not set file for reading on "C:\WINDOWS\Prefetch\QTTASK.EXE-1876A1A1.pf": Access is denied.
2005-03-08, 12:48:47, Could not set file for reading on "C:\WINDOWS\Prefetch\REALPLAY.EXE-05411014.pf": Access is denied.
2005-03-08, 12:48:47, Could not set file for reading on "C:\WINDOWS\Prefetch\REALSCHED.EXE-0948A6AF.pf": Access is denied.
2005-03-08, 12:48:47, Could not set file for reading on "C:\WINDOWS\Prefetch\REGEDIT.EXE-2AE3423E.pf": Access is denied.
2005-03-08, 12:48:47, Could not set file for reading on "C:\WINDOWS\Prefetch\REGSVR32.EXE-396DEA2C.pf": Access is denied.
2005-03-08, 12:48:47, Could not set file for reading on "C:\WINDOWS\Prefetch\RL.EXE-2D96C235.pf": Access is denied.
2005-03-08, 12:48:47, Could not set file for reading on "C:\WINDOWS\Prefetch\RSTRUI.EXE-05C31B56.pf": Access is denied.
2005-03-08, 12:48:47, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-3B0CB5B8.pf": Access is denied.
2005-03-08, 12:48:47, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-4FF9832D.pf": Access is denied.
2005-03-08, 12:48:47, Could not set file for reading on "C:\WINDOWS\Prefetch\SBSERV.EXE-01EB0FE7.pf": Access is denied.
2005-03-08, 12:48:47, Could not set file for reading on "C:\WINDOWS\Prefetch\SLIDES~1.SCR-29ABDF01.pf": Access is denied.
2005-03-08, 12:48:47, Could not set file for reading on "C:\WINDOWS\Prefetch\SPYBOTSD.EXE-0451AC06.pf": Access is denied.
2005-03-08, 12:48:47, Could not set file for reading on "C:\WINDOWS\Prefetch\SPYBOTSD.EXE-1702AD5F.pf": Access is denied.
2005-03-08, 12:48:47, Could not set file for reading on "C:\WINDOWS\Prefetch\SPYBOT~1.EXE-027D4F74.pf": Access is denied.
2005-03-08, 12:48:47, Could not set file for reading on "C:\WINDOWS\Prefetch\SVCHOST.EXE-2D5FBD18.pf": Access is denied.
2005-03-08, 12:48:47, Could not set file for reading on "C:\WINDOWS\Prefetch\SYSXC.EXE-2CF6D8A1.pf": Access is denied.
2005-03-08, 12:48:47, Could not set file for reading on "C:\WINDOWS\Prefetch\TASKMGR.EXE-06144C13.pf": Access is denied.
2005-03-08, 12:48:47, Could not set file for reading on "C:\WINDOWS\Prefetch\TSC.EXE-009ED701.pf": Access is denied.
2005-03-08, 12:48:47, Could not set file for reading on "C:\WINDOWS\Prefetch\UNINS000.EXE-34FFEFF8.pf": Access is denied.
2005-03-08, 12:48:47, Could not set file for reading on "C:\WINDOWS\Prefetch\UPDATE.EXE-0D08E194.pf": Access is denied.
2005-03-08, 12:48:47, Could not set file for reading on "C:\WINDOWS\Prefetch\USERINIT.EXE-0743FDA9.pf": Access is denied.
2005-03-08, 12:48:47, Could not set file for reading on "C:\WINDOWS\Prefetch\WEBSHOTS.SCR-06866ABC.pf": Access is denied.
2005-03-08, 12:48:47, Could not set file for reading on "C:\WINDOWS\Prefetch\WEBSHO~1.EXE-124EE1E1.pf": Access is denied.
2005-03-08, 12:48:47, Could not set file for reading on "C:\WINDOWS\Prefetch\WINLOGON.EXE-0957F9B2.pf": Access is denied.
2005-03-08, 12:48:47, Could not set file for reading on "C:\WINDOWS\Prefetch\WINWORD.EXE-23347E4F.pf": Access is denied.
2005-03-08, 12:48:47, Could not set file for reading on "C:\WINDOWS\Prefetch\WINZIP32.EXE-2F3C90C9.pf": Access is denied.
2005-03-08, 12:48:47, Could not set file for reading on "C:\WINDOWS\Prefetch\WMIPRVSE.EXE-0D449B4F.pf": Access is denied.
2005-03-08, 12:48:47, Could not set file for reading on "C:\WINDOWS\Prefetch\WMPLAYER.EXE-0DB6F746.pf": Access is denied.
2005-03-08, 12:48:47, Could not set file for reading on "C:\WINDOWS\Prefetch\WUAUCLT.EXE-1360D60A.pf": Access is denied.
2005-03-08, 12:48:47, Could not set file for reading on "C:\WINDOWS\Prefetch\_IU14D2N.TMP-2665675A.pf": Access is denied.
2005-03-08, 12:52:22, An error occurred while scanning file "C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT": Access is denied.
2005-03-08, 12:52:22, An error occurred while scanning file "C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG": Access is denied.
2005-03-08, 12:52:22, An error occurred while scanning file "C:\WINDOWS\SYSTEM32\CONFIG\SAM": Access is denied.
2005-03-08, 12:52:22, An error occurred while scanning file "C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG": Access is denied.
2005-03-08, 12:52:22, An error occurred while scanning file "C:\WINDOWS\SYSTEM32\CONFIG\SECURITY": Access is denied.
2005-03-08, 12:52:22, An error occurred while scanning file "C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG": Access is denied.
2005-03-08, 12:52:22, An error occurred while scanning file "C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE": Access is denied.
2005-03-08, 12:52:22, An error occurred while scanning file "C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG": Access is denied.
2005-03-08, 12:52:22, An error occurred while scanning file "C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM": Access is denied.
2005-03-08, 12:52:22, An error occurred while scanning file "C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG": Access is denied.
2005-03-08, 12:54:19, Running scanner "C:\Documents and Settings\Florentia Buckingham\My Documents\temp sysclean\VSCANTM.BIN"...
2005-03-08, 13:42:46, Files Detected:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 3/8/2005 12:54:19
VSAPI Engine Version : 7.000-1004
VSCANTM Version : 1.1-1001
Virus Pattern Version : 480 (93101 Patterns) (2005/03/07) (248000)
Command Line: C:\Documents and Settings\Florentia Buckingham\My Documents\temp sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\Florentia Buckingham\My Documents\temp sysclean

C:\Documents and Settings\Mark Buckingham\Local Settings\Temporary Internet Files\Content.IE5\IR6F2GAI\kkq21[1].gif [BKDR_BERBEW.N]
C:\Documents and Settings\Mark Buckingham\Local Settings\Temporary Internet Files\Content.IE5\RJXFNP8W\kkq21[1].gif [BKDR_BERBEW.N]
C:\Documents and Settings\Mark Buckingham\Local Settings\Temporary Internet Files\Content.IE5\WXKF4Z8N\kkq21[1].gif [BKDR_BERBEW.N]
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP6\A0003227.dll [TROJ_QUKART.B]
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP6\A0003228.dll [TROJ_QUKART.B]
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP6\A0003230.exe [TROJ_AGENT.MP]
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP6\A0003232.exe [TROJ_AGENT.MQ]
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP6\A0003233.exe [TROJ_AGENT.MP]
C:\WINDOWS\addcg.exe [TROJ_AGENT.MP]
C:\WINDOWS\apies32.exe [TROJ_AGENT.MP]
C:\WINDOWS\apimz.exe [TROJ_AGENT.RK]
C:\WINDOWS\atlxn32.exe [TROJ_AGENT.MP]
C:\WINDOWS\d3ym32.exe [TROJ_AGENT.MP]
C:\WINDOWS\ieop32.exe [TROJ_AGENT.MP]
C:\WINDOWS\javazx32.exe [TROJ_AGENT.MP]
C:\WINDOWS\mfcqy32.exe [TROJ_AGENT.RK]
C:\WINDOWS\msgo32.exe [TROJ_AGENT.MP]
C:\WINDOWS\SYSTEM32\addec.exe [TROJ_AGENT.MP]
C:\WINDOWS\SYSTEM32\addpg32.exe [TROJ_AGENT.MP]
C:\WINDOWS\SYSTEM32\afvxnu.exe [BKDR_BERBEW.N]
C:\WINDOWS\SYSTEM32\apprp32.exe [TROJ_AGENT.MP]
C:\WINDOWS\SYSTEM32\edddvc.exe [BKDR_BERBEW.N]
C:\WINDOWS\SYSTEM32\Foqeojcc.exe [BKDR_BERBEW.N]
C:\WINDOWS\SYSTEM32\hyoaue.exe [BKDR_BERBEW.N]
C:\WINDOWS\SYSTEM32\ipfq32.exe [TROJ_AGENT.MP]
C:\WINDOWS\SYSTEM32\iqldby.exe [BKDR_BERBEW.N]
C:\WINDOWS\SYSTEM32\ivthdj.exe [BKDR_BERBEW.N]
C:\WINDOWS\SYSTEM32\jqcgnj.exe [BKDR_BERBEW.N]
C:\WINDOWS\SYSTEM32\lsgyps.exe [BKDR_BERBEW.N]
C:\WINDOWS\SYSTEM32\puvlnj.exe [BKDR_BERBEW.N]
C:\WINDOWS\SYSTEM32\sdkws.exe [TROJ_AGENT.MP]
C:\WINDOWS\SYSTEM32\tiqanf.exe [BKDR_BERBEW.N]
C:\WINDOWS\SYSTEM32\ziubjv.exe [BKDR_BERBEW.N]
97089 files have been read.
97089 files have been checked.
77468 files have been scanned.
87389 files have been scanned. (including files in archived)
42 files containing viruses.
Found 42 viruses totally.
Maybe 0 viruses totally.
Stop At : 3/8/2005 13:42:46
---------*---------*---------*---------*---------*---------*---------*---------*
2005-03-08, 13:42:46, Files Clean:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 3/8/2005 12:54:19
VSAPI Engine Version : 7.000-1004
VSCANTM Version : 1.1-1001
Virus Pattern Version : 480 (93101 Patterns) (2005/03/07) (248000)
Command Line: C:\Documents and Settings\Florentia Buckingham\My Documents\temp sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\Florentia Buckingham\My Documents\temp sysclean

Success Clean [ WORM_NETSKY.D]( 1) from C:\Documents and Settings\Mark Buckingham\Local Settings\Temp\NAV3E.tmp,(your_archive.pif)
Success Clean [ WORM_NETSKY.D]( 1) from C:\Documents and Settings\Mark Buckingham\Local Settings\Temp\NAV3F.tmp,(document_full.pif)
Success Clean [ WORM_NETSKY.D]( 1) from C:\Documents and Settings\Mark Buckingham\Local Settings\Temp\NAV40.tmp,(document_4351.pif)
Success Clean [ WORM_NETSKY.D]( 1) from C:\Documents and Settings\Mark Buckingham\Local Settings\Temp\NAV41.tmp,(your_bill.pif)
Success Clean [ WORM_NETSKY.DAM]( 1) from C:\Documents and Settings\Mark Buckingham\Local Settings\Temp\NAV42.tmp,(your_document.pif)
Success Clean [ WORM_NETSKY.D]( 1) from C:\Documents and Settings\Mark Buckingham\Local Settings\Temp\NAV599.tmp,(document_full.pif)
Success Clean [ WORM_NETSKY.D]( 1) from C:\Documents and Settings\Mark Buckingham\Local Settings\Temp\NAV59A.tmp,(document_full.pif)
Success Clean [ WORM_NETSKY.D]( 1) from C:\Documents and Settings\Mark Buckingham\Local Settings\Temp\NAV59B.tmp,(application.pif)
Success Clean [ WORM_NETSKY.D]( 1) from C:\Documents and Settings\Mark Buckingham\Local Settings\Temp\NAV59C.tmp,(your_document.pif)
Success Clean [ BKDR_BERBEW.N]( 1) from C:\Documents and Settings\Mark Buckingham\Local Settings\Temporary Internet Files\Content.IE5\IR6F2GAI\kkq21[1].gif
Success Clean [ BKDR_BERBEW.N]( 1) from C:\Documents and Settings\Mark Buckingham\Local Settings\Temporary Internet Files\Content.IE5\RJXFNP8W\kkq21[1].gif
Success Clean [ BKDR_BERBEW.N]( 1) from C:\Documents and Settings\Mark Buckingham\Local Settings\Temporary Internet Files\Content.IE5\WXKF4Z8N\kkq21[1].gif
Success Clean [ TROJ_QUKART.B]( 1) from C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP6\A0003227.dll
Success Clean [ TROJ_QUKART.B]( 1) from C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP6\A0003228.dll
Success Clean [ TROJ_AGENT.MP]( 1) from C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP6\A0003230.exe
Success Clean [ TROJ_AGENT.MQ]( 1) from C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP6\A0003232.exe
Success Clean [ TROJ_AGENT.MP]( 1) from C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP6\A0003233.exe
Success Clean [ TROJ_AGENT.MP]( 1) from C:\WINDOWS\addcg.exe
Success Clean [ TROJ_AGENT.MP]( 1) from C:\WINDOWS\apies32.exe
Success Clean [ TROJ_AGENT.RK]( 1) from C:\WINDOWS\apimz.exe
Success Clean [ TROJ_AGENT.MP]( 1) from C:\WINDOWS\atlxn32.exe
Success Clean [ TROJ_AGENT.MP]( 1) from C:\WINDOWS\d3ym32.exe
Success Clean [ TROJ_AGENT.MP]( 1) from C:\WINDOWS\ieop32.exe
Success Clean [ TROJ_AGENT.MP]( 1) from C:\WINDOWS\javazx32.exe
Success Clean [ TROJ_AGENT.RK]( 1) from C:\WINDOWS\mfcqy32.exe
Success Clean [ TROJ_AGENT.MP]( 1) from C:\WINDOWS\msgo32.exe
Success Clean [ TROJ_AGENT.MP]( 1) from C:\WINDOWS\SYSTEM32\addec.exe
Success Clean [ TROJ_AGENT.MP]( 1) from C:\WINDOWS\SYSTEM32\addpg32.exe
Success Clean [ BKDR_BERBEW.N]( 1) from C:\WINDOWS\SYSTEM32\afvxnu.exe
Success Clean [ TROJ_AGENT.MP]( 1) from C:\WINDOWS\SYSTEM32\apprp32.exe
Success Clean [ BKDR_BERBEW.N]( 1) from C:\WINDOWS\SYSTEM32\edddvc.exe
Success Clean [ BKDR_BERBEW.N]( 1) from C:\WINDOWS\SYSTEM32\Foqeojcc.exe
Success Clean [ BKDR_BERBEW.N]( 1) from C:\WINDOWS\SYSTEM32\hyoaue.exe
Success Clean [ TROJ_AGENT.MP]( 1) from C:\WINDOWS\SYSTEM32\ipfq32.exe
Success Clean [ BKDR_BERBEW.N]( 1) from C:\WINDOWS\SYSTEM32\iqldby.exe
Success Clean [ BKDR_BERBEW.N]( 1) from C:\WINDOWS\SYSTEM32\ivthdj.exe
Success Clean [ BKDR_BERBEW.N]( 1) from C:\WINDOWS\SYSTEM32\jqcgnj.exe
Success Clean [ BKDR_BERBEW.N]( 1) from C:\WINDOWS\SYSTEM32\lsgyps.exe
Success Clean [ BKDR_BERBEW.N]( 1) from C:\WINDOWS\SYSTEM32\puvlnj.exe
Success Clean [ TROJ_AGENT.MP]( 1) from C:\WINDOWS\SYSTEM32\sdkws.exe
Success Clean [ BKDR_BERBEW.N]( 1) from C:\WINDOWS\SYSTEM32\tiqanf.exe
Success Clean [ BKDR_BERBEW.N]( 1) from C:\WINDOWS\SYSTEM32\ziubjv.exe
97089 files have been read.
97089 files have been checked.
77468 files have been scanned.
87389 files have been scanned. (including files in archived)
42 files containing viruses.
Found 42 viruses totally.
Maybe 0 viruses totally.
Stop At : 3/8/2005 13:42:46 48 minutes 22 seconds (2901.98 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2005-03-08, 13:42:46, Clean Fail:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 3/8/2005 12:54:19
VSAPI Engine Version : 7.000-1004
VSCANTM Version : 1.1-1001
Virus Pattern Version : 480 (93101 Patterns) (2005/03/07) (248000)
Command Line: C:\Documents and Settings\Florentia Buckingham\My Documents\temp sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\Florentia Buckingham\My Documents\temp sysclean

97089 files have been read.
97089 files have been checked.
77468 files have been scanned.
87389 files have been scanned. (including files in archived)
42 files containing viruses.
Found 42 viruses totally.
Maybe 0 viruses totally.
Stop At : 3/8/2005 13:42:46 48 minutes 22 seconds (2901.98 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2005-03-08, 13:42:46, Scanner "C:\Documents and Settings\Florentia Buckingham\My Documents\temp sysclean\VSCANTM.BIN" has finished running.




HIJACKTHIS LOG ......

Logfile of HijackThis v1.99.1
Scan saved at 13:52:53, on 08/03/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\QUICKT~1\qttask.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\System32\GSICON.EXE
C:\WINDOWS\System32\dslagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Plaxo\2.1.0.80\InstallStub.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\ISS\BlackICE\blackice.exe
C:\Program Files\Webshots\WebshotsTray.exe
C:\WINDOWS\Nhksrv.exe
C:\WINDOWS\System32\PackethSvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ISS\BlackICE\blackd.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Florentia Buckingham\My Documents\adaware\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/uk/enu/gen/default.htm
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - c:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\PROGRA~1\QUICKT~1\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.1.0.80\InstallStub.exe -a
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Global Startup: BlackICE PC Protection.lnk = C:\Program Files\ISS\BlackICE\blackice.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-beta.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - http://down.plaxo.com/down/release/PlaxoInstall.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://apple.speedera.net/qtinstall.info.a...meInstaller.exe
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photobox.co.uk/sg/common/uploader.cab
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://dgl.microsoft.com/downloads/outc.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{203B2F17-2A8A-4D65-B59C-67ABDDF131B3}: NameServer = 213.120.62.102 213.120.62.103
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\blackd.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: Iomega Activity Disk2 - Iomega Corporation - C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\System32\PackethSvc.exe
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\rapapp.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Workstation NetLogon Service ( 6Q'8) - Unknown owner - C:\WINDOWS\addjy32.exe (file missing)

#8 Daisuke

Daisuke

    Cleaner on Duty


  • Members
  • 5,575 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Romania
  • Local time:11:46 PM

Posted 08 March 2005 - 11:35 AM

Run HijackThis!, press Scan, and put a check mark next to all these:

O23 - Service: Workstation NetLogon Service ( 6Q'8) - Unknown owner - C:\WINDOWS\addjy32.exe (file missing)

Close all other windows and browsers, and press the Fix Checked button.


Copy the contents of the Quote Box below to Notepad.
Click File menu -> Save and name the file as remove.reg
Change the Save as Type to All Files
Save this file on the desktop.
We will use it later.

REGEDIT4

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_6Q'8]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\6Q'8]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\6Q'8]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\6Q'8]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HSA]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SE]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SW]



Double-click on the remove.reg file you saved earlier on your desktop, and when it prompts to merge say Yes, and this will clear some registry entries left behind by the process.


REBOOT your machine and post a new log please.
Everyday is virus day. Do you know where your recovery CDs are ?
Did you create them yet ?

Posted Image

#9 turningintoageek

turningintoageek
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:46 PM

Posted 09 March 2005 - 03:07 AM

Done.

Could not fix or delete at first, the O23 - Service: Workstation NetLogon Service ( 6Q'8) - Unknown owner - C:\WINDOWS\addjy32.exe (file missing)-
Then I noticed that the other user account on my XP machine still had AboutBlank,
so I took drastic action and deleted the whole account, as it wasn't used much. Rebooted, ran AVG (cleaned 23 virus files) ran Adaware (8 critical entries deleted) cleared Recycle Bin, Temp Internet files, and Temp files, and HJT shows the original entry I wanted to delete is now gone! Good.

NEw HJT log:


Logfile of HijackThis v1.99.1
Scan saved at 07:56:02, on 09/03/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\QUICKT~1\qttask.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\System32\GSICON.EXE
C:\WINDOWS\System32\dslagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Plaxo\2.1.0.80\InstallStub.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\ISS\BlackICE\blackice.exe
C:\Program Files\Webshots\WebshotsTray.exe
C:\WINDOWS\Nhksrv.exe
C:\WINDOWS\System32\PackethSvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ISS\BlackICE\blackd.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Florentia Buckingham\My Documents\antivirus troubleshooting\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/uk/enu/gen/default.htm
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - c:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\PROGRA~1\QUICKT~1\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.1.0.80\InstallStub.exe -a
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Global Startup: BlackICE PC Protection.lnk = C:\Program Files\ISS\BlackICE\blackice.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-beta.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - http://down.plaxo.com/down/release/PlaxoInstall.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://apple.speedera.net/qtinstall.info.a...meInstaller.exe
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photobox.co.uk/sg/common/uploader.cab
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://dgl.microsoft.com/downloads/outc.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{203B2F17-2A8A-4D65-B59C-67ABDDF131B3}: NameServer = 213.120.62.102 213.120.62.103
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\blackd.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: Iomega Activity Disk2 - Iomega Corporation - C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\System32\PackethSvc.exe
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\rapapp.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe




Logfile of HijackThis v1.99.1
Scan saved at 07:56:02, on 09/03/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\QUICKT~1\qttask.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\System32\GSICON.EXE
C:\WINDOWS\System32\dslagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Plaxo\2.1.0.80\InstallStub.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\ISS\BlackICE\blackice.exe
C:\Program Files\Webshots\WebshotsTray.exe
C:\WINDOWS\Nhksrv.exe
C:\WINDOWS\System32\PackethSvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ISS\BlackICE\blackd.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Florentia Buckingham\My Documents\antivirus troubleshooting\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/uk/enu/gen/default.htm
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - c:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\PROGRA~1\QUICKT~1\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.1.0.80\InstallStub.exe -a
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Global Startup: BlackICE PC Protection.lnk = C:\Program Files\ISS\BlackICE\blackice.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-beta.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - http://down.plaxo.com/down/release/PlaxoInstall.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://apple.speedera.net/qtinstall.info.a...meInstaller.exe
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photobox.co.uk/sg/common/uploader.cab
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://dgl.microsoft.com/downloads/outc.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{203B2F17-2A8A-4D65-B59C-67ABDDF131B3}: NameServer = 213.120.62.102 213.120.62.103
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\blackd.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: Iomega Activity Disk2 - Iomega Corporation - C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\System32\PackethSvc.exe
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\rapapp.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

#10 Daisuke

Daisuke

    Cleaner on Duty


  • Members
  • 5,575 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Romania
  • Local time:11:46 PM

Posted 09 March 2005 - 12:56 PM

Both logs look clean...great job ! :thumbsup:

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

How did I get infected ? With steps so it does not happen again !

Glad I was able to help.
Everyday is virus day. Do you know where your recovery CDs are ?
Did you create them yet ?

Posted Image

#11 turningintoageek

turningintoageek
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:46 PM

Posted 10 March 2005 - 08:46 AM

Just to say a huge thank you - you have been AMAZINGLY helpful and prompt, and for the first time I don't feel so helpless when things get ugly. I still don't understand who pays you to be so helpful, but however you guys make it work... it works!

THANK YOU SO MUCH - I'm making a donation today.

#12 Daisuke

Daisuke

    Cleaner on Duty


  • Members
  • 5,575 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Romania
  • Local time:11:46 PM

Posted 11 March 2005 - 02:27 PM

You're Welcome ! Happy surfing :thumbsup:


Since your problem appears to be resolved, this thread will now be closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.

Edited by Daisuke, 20 March 2005 - 02:09 PM.

Everyday is virus day. Do you know where your recovery CDs are ?
Did you create them yet ?

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users