Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

hijackthis log


  • This topic is locked This topic is locked
22 replies to this topic

#1 motionb

motionb

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:46 AM

Posted 07 March 2005 - 04:43 PM

This is after running adaware / spybot search and destroy / microsoft spyware beta
Still getting a couple more popups, almost clean.
Thanks SO much, in advance !!

Logfile of HijackThis v1.99.1
Scan saved at 3:43:17 PM, on 3/7/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\System32\DSentry.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\windows\system32\wwodjf.exe
C:\WINDOWS\system32\Osuoaa.exe
C:\windows\system32\packager.exe
C:\WINDOWS\System32\mbpbkue\ksauinla.exe
C:\WINDOWS\System32\bndsxq\chwkl.exe
C:\WINDOWS\System32\rwojfi\kdxu.exe
C:\WINDOWS\System32\rcwx\olmdgl.exe
C:\WINDOWS\System32\xpmqdhxh\ophgggi.exe
C:\WINDOWS\System32\dwkugil\jgkunh.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\bpc_search\BPCv2.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system\mxml.exe
C:\WINDOWS\System32\pruttct.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\WINDOWS\System32\pruttct.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Jimmy\Desktop\hijackthis-4\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://69.42.87.219/sidesearch.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R3 - URLSearchHook: US Class - {1FFED2CB-FC98-49f8-B3D0-678D03350F1E} - C:\WINDOWS\mscore.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SDWin32 Class - {108854C7-2FF8-4BFC-AE58-7409A3F301F3} - C:\WINDOWS\System32\dopkd.dll
O2 - BHO: RsyncHlpr Class - {16B238D5-80DE-47CE-8F17-B3ECE2C2248D} - C:\WINDOWS\System32\rsyncmon.dll
O2 - BHO: (no name) - {23E61553-8399-8814-C44F-D97836CFCBCC} - C:\WINDOWS\System32\kpv.dll
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll (file missing)
O2 - BHO: MSW.cIExplorer - {4B57B77A-B130-4EB8-8CFB-42B880F6D311} - C:\Documents and Settings\All Users\Application Data\msw\MSW.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: CAUN Object - {59F12660-2B92-4554-98F9-87295AD8A0CE} - C:\WINDOWS\System32\AUNBHO.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {7FAF7BA9-8F42-B60C-1249-55082D806E71} - C:\WINDOWS\System32\adfqlmwm\xnxubyjh.dll
O2 - BHO: (no name) - {D60CDD27-7155-E214-9764-76D5B21717D0} - C:\WINDOWS\System32\cktucdis\jyrgfkxb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-A1F6-FC7EB590A97D} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [wwodjf] c:\windows\system32\wwodjf.exe
O4 - HKLM\..\Run: [r2ia9idw] C:\Program Files\r2ia9idw\r2ia9idw.exe
O4 - HKLM\..\Run: [secure] C:\WINDOWS\system32\Osuoaa.exe
O4 - HKLM\..\Run: [RSync] C:\WINDOWS\System32\netsync.exe
O4 - HKLM\..\Run: [othuvbte] C:\WINDOWS\System32\qvoibld\othuvbte.exe
O4 - HKLM\..\Run: [eihc] C:\WINDOWS\System32\hvqhfx\eihc.exe
O4 - HKLM\..\Run: [qhhahao] C:\WINDOWS\System32\ggfcxycg\qhhahao.exe
O4 - HKLM\..\Run: [ytoqrhh] C:\WINDOWS\System32\cbngn\ytoqrhh.exe
O4 - HKLM\..\Run: [lauhfged] C:\WINDOWS\System32\tvqslep\lauhfged.exe
O4 - HKLM\..\Run: [cvsoli] C:\WINDOWS\System32\ubjauw\cvsoli.exe
O4 - HKLM\..\Run: [qleqf] C:\WINDOWS\System32\fkpwkix\qleqf.exe
O4 - HKLM\..\Run: [isfkiq] C:\WINDOWS\System32\pebahm\isfkiq.exe
O4 - HKLM\..\Run: [vecx] C:\WINDOWS\System32\tojkdoqd\vecx.exe
O4 - HKLM\..\Run: [pbxuhjv] C:\WINDOWS\System32\vfncsufw\pbxuhjv.exe
O4 - HKLM\..\Run: [ouqmbc] C:\WINDOWS\System32\gkii\ouqmbc.exe
O4 - HKLM\..\Run: [ksvg] C:\WINDOWS\System32\vuqf\ksvg.exe
O4 - HKLM\..\Run: [gtmdawp] C:\WINDOWS\System32\jfjtluwa\gtmdawp.exe
O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
O4 - HKLM\..\Run: [kdxu] C:\WINDOWS\System32\rwojfi\kdxu.exe
O4 - HKLM\..\Run: [satkj] C:\WINDOWS\System32\ukmiyao\satkj.exe
O4 - HKLM\..\Run: [chwkl] C:\WINDOWS\System32\bndsxq\chwkl.exe
O4 - HKLM\..\Run: [ieue] C:\WINDOWS\System32\qejtiapy\ieue.exe
O4 - HKLM\..\Run: [ksauinla] C:\WINDOWS\System32\mbpbkue\ksauinla.exe
O4 - HKLM\..\Run: [ophgggi] C:\WINDOWS\System32\xpmqdhxh\ophgggi.exe
O4 - HKLM\..\Run: [olmdgl] C:\WINDOWS\System32\rcwx\olmdgl.exe
O4 - HKLM\..\Run: [jgkunh] C:\WINDOWS\System32\dwkugil\jgkunh.exe
O4 - HKLM\..\Run: [BPT] "c:\Program Files\Bpt\bpt.exe"
O4 - HKLM\..\Run: [BPCv2] C:\Program Files\bpc_search\BPCv2.exe
O4 - HKLM\..\Run: [Makarzy] C:\WINDOWS\nyei.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [antiware] C:\windows\system32\eliteond32.exe
O4 - HKLM\..\RunOnce: [MicrosoftAntiSpywareCleaner] C:\Program Files\Microsoft AntiSpyware\gcASCleaner.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [pruttct] C:\WINDOWS\System32\pruttct.exe
O4 - HKCU\..\RunOnce: [pruttct] C:\WINDOWS\System32\pruttct.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O17 - HKLM\System\CCS\Services\Tcpip\..\{B0940A1B-F4F8-4FAF-B3A3-385F26F5764B}: NameServer = 192.168.0.8,192.168.0.111
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

BC AdBot (Login to Remove)

 


#2 picard_uk

picard_uk

  • Members
  • 123 posts
  • OFFLINE
  •  
  • Local time:01:46 AM

Posted 07 March 2005 - 06:21 PM

Hi motionb,

Welcome to the forums.

Please run both of these online scans. Reboot between each scan and let them fix what they find.
http://www3.ca.com/virusinfo/virusscan.aspx
http://www.bitdefender.com/scan/licence.php

Reboot.

Download and run a-squared. It just requires registration.
http://downloads-zdnet.com.com/3000-2239-10262215.html

Let it fix what it finds.


Reboot.

Let me know how you get on.


Run HiJackThis, scan and post a fresh log file.



picard.
Every day's a school day.

ASAP Proud member since 2005 Alliance of Security Analysis Professionals

#3 motionb

motionb
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:46 AM

Posted 08 March 2005 - 07:29 AM

Okay, I know it took a while, but this pc had some serious issues, its working ALOT better since running those scans you suggested, still got some popups, so here's the latest hijackthis logfile.
Again thanks.

Logfile of HijackThis v1.99.1
Scan saved at 6:25:05 AM, on 3/8/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\windows\system32\wwodjf.exe
C:\windows\system32\packager.exe
C:\WINDOWS\System32\mbpbkue\ksauinla.exe
C:\WINDOWS\System32\rcwx\olmdgl.exe
C:\WINDOWS\System32\rwojfi\kdxu.exe
C:\WINDOWS\System32\bndsxq\chwkl.exe
C:\WINDOWS\System32\xpmqdhxh\ophgggi.exe
C:\WINDOWS\System32\dwkugil\jgkunh.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\bpc_search\BPCv2.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Documents and Settings\Jimmy\Desktop\hijackthis-4\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://69.42.87.219/sidesearch.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R3 - URLSearchHook: US Class - {1FFED2CB-FC98-49f8-B3D0-678D03350F1E} - C:\WINDOWS\mscore.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SDWin32 Class - {108854C7-2FF8-4BFC-AE58-7409A3F301F3} - C:\WINDOWS\System32\dopkd.dll (file missing)
O2 - BHO: RsyncHlpr Class - {16B238D5-80DE-47CE-8F17-B3ECE2C2248D} - C:\WINDOWS\System32\rsyncmon.dll
O2 - BHO: (no name) - {23E61553-8399-8814-C44F-D97836CFCBCC} - C:\WINDOWS\System32\kpv.dll
O2 - BHO: MSW.cIExplorer - {4B57B77A-B130-4EB8-8CFB-42B880F6D311} - C:\Documents and Settings\All Users\Application Data\msw\MSW.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: CAUN Object - {59F12660-2B92-4554-98F9-87295AD8A0CE} - C:\WINDOWS\System32\AUNBHO.dll
O2 - BHO: IE Update Class - {5B4AB8E2-6DC5-477A-B637-BF3C1A2E5993} - C:\WINDOWS\isrvs\sysupd.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {7FAF7BA9-8F42-B60C-1249-55082D806E71} - C:\WINDOWS\System32\adfqlmwm\xnxubyjh.dll
O2 - BHO: (no name) - {D60CDD27-7155-E214-9764-76D5B21717D0} - C:\WINDOWS\System32\cktucdis\jyrgfkxb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-A1F6-FC7EB590A97D} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [wwodjf] c:\windows\system32\wwodjf.exe
O4 - HKLM\..\Run: [r2ia9idw] C:\Program Files\r2ia9idw\r2ia9idw.exe
O4 - HKLM\..\Run: [RSync] C:\WINDOWS\System32\netsync.exe
O4 - HKLM\..\Run: [othuvbte] C:\WINDOWS\System32\qvoibld\othuvbte.exe
O4 - HKLM\..\Run: [eihc] C:\WINDOWS\System32\hvqhfx\eihc.exe
O4 - HKLM\..\Run: [qhhahao] C:\WINDOWS\System32\ggfcxycg\qhhahao.exe
O4 - HKLM\..\Run: [ytoqrhh] C:\WINDOWS\System32\cbngn\ytoqrhh.exe
O4 - HKLM\..\Run: [lauhfged] C:\WINDOWS\System32\tvqslep\lauhfged.exe
O4 - HKLM\..\Run: [cvsoli] C:\WINDOWS\System32\ubjauw\cvsoli.exe
O4 - HKLM\..\Run: [qleqf] C:\WINDOWS\System32\fkpwkix\qleqf.exe
O4 - HKLM\..\Run: [isfkiq] C:\WINDOWS\System32\pebahm\isfkiq.exe
O4 - HKLM\..\Run: [vecx] C:\WINDOWS\System32\tojkdoqd\vecx.exe
O4 - HKLM\..\Run: [pbxuhjv] C:\WINDOWS\System32\vfncsufw\pbxuhjv.exe
O4 - HKLM\..\Run: [ouqmbc] C:\WINDOWS\System32\gkii\ouqmbc.exe
O4 - HKLM\..\Run: [ksvg] C:\WINDOWS\System32\vuqf\ksvg.exe
O4 - HKLM\..\Run: [gtmdawp] C:\WINDOWS\System32\jfjtluwa\gtmdawp.exe
O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
O4 - HKLM\..\Run: [kdxu] C:\WINDOWS\System32\rwojfi\kdxu.exe
O4 - HKLM\..\Run: [satkj] C:\WINDOWS\System32\ukmiyao\satkj.exe
O4 - HKLM\..\Run: [chwkl] C:\WINDOWS\System32\bndsxq\chwkl.exe
O4 - HKLM\..\Run: [ieue] C:\WINDOWS\System32\qejtiapy\ieue.exe
O4 - HKLM\..\Run: [ksauinla] C:\WINDOWS\System32\mbpbkue\ksauinla.exe
O4 - HKLM\..\Run: [ophgggi] C:\WINDOWS\System32\xpmqdhxh\ophgggi.exe
O4 - HKLM\..\Run: [olmdgl] C:\WINDOWS\System32\rcwx\olmdgl.exe
O4 - HKLM\..\Run: [jgkunh] C:\WINDOWS\System32\dwkugil\jgkunh.exe
O4 - HKLM\..\Run: [BPT] "c:\Program Files\Bpt\bpt.exe"
O4 - HKLM\..\Run: [BPCv2] C:\Program Files\bpc_search\BPCv2.exe
O4 - HKLM\..\Run: [Makarzy] C:\WINDOWS\nyei.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
O4 - HKLM\..\Run: [antiware] C:\windows\system32\eliteond32.exe
O4 - HKLM\..\RunOnce: [MicrosoftAntiSpywareCleaner] C:\Program Files\Microsoft AntiSpyware\gcASCleaner.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B0940A1B-F4F8-4FAF-B3A3-385F26F5764B}: NameServer = 192.168.0.8,192.168.0.111
O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - C:\WINDOWS\isrvs\mfiltis.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

#4 picard_uk

picard_uk

  • Members
  • 123 posts
  • OFFLINE
  •  
  • Local time:01:46 AM

Posted 08 March 2005 - 09:47 AM

Hi motionb,

There is still a lot going on in that log.

I'd like you to download and install this free program
http://cleanup.stevengould.org/
On the downloads page you will find Cleanup312.exe
Install this but do NOT run it yet.


Select Start, Control Panel, Add/Remove Programs and remove the following if found
BrowserAid or CashToolbar.


You may want to print this page or copy and paste it into Notepad and save it as a text file. You will be offline for part of the fix.


Run HiJackThis, scan and place a checkmark next to the following

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://69.42.87.219/sidesearch.html

R3 - URLSearchHook: US Class - {1FFED2CB-FC98-49f8-B3D0-678D03350F1E} - C:\WINDOWS\mscore.dll

O2 - BHO: SDWin32 Class - {108854C7-2FF8-4BFC-AE58-7409A3F301F3} - C:\WINDOWS\System32\dopkd.dll (file missing)
O2 - BHO: RsyncHlpr Class - {16B238D5-80DE-47CE-8F17-B3ECE2C2248D} - C:\WINDOWS\System32\rsyncmon.dll
O2 - BHO: (no name) - {23E61553-8399-8814-C44F-D97836CFCBCC} - C:\WINDOWS\System32\kpv.dll
O2 - BHO: MSW.cIExplorer - {4B57B77A-B130-4EB8-8CFB-42B880F6D311} - C:\Documents and Settings\All Users\Application Data\msw\MSW.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: CAUN Object - {59F12660-2B92-4554-98F9-87295AD8A0CE} - C:\WINDOWS\System32\AUNBHO.dll
O2 - BHO: IE Update Class - {5B4AB8E2-6DC5-477A-B637-BF3C1A2E5993} - C:\WINDOWS\isrvs\sysupd.dll

O2 - BHO: (no name) - {7FAF7BA9-8F42-B60C-1249-55082D806E71} - C:\WINDOWS\System32\adfqlmwm\xnxubyjh.dll
O2 - BHO: (no name) - {D60CDD27-7155-E214-9764-76D5B21717D0} - C:\WINDOWS\System32\cktucdis\jyrgfkxb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-A1F6-FC7EB590A97D} - (no file)

O4 - HKLM\..\Run: [wwodjf] c:\windows\system32\wwodjf.exe
O4 - HKLM\..\Run: [r2ia9idw] C:\Program Files\r2ia9idw\r2ia9idw.exe
O4 - HKLM\..\Run: [RSync] C:\WINDOWS\System32\netsync.exe
O4 - HKLM\..\Run: [othuvbte] C:\WINDOWS\System32\qvoibld\othuvbte.exe
O4 - HKLM\..\Run: [eihc] C:\WINDOWS\System32\hvqhfx\eihc.exe
O4 - HKLM\..\Run: [qhhahao] C:\WINDOWS\System32\ggfcxycg\qhhahao.exe
O4 - HKLM\..\Run: [ytoqrhh] C:\WINDOWS\System32\cbngn\ytoqrhh.exe
O4 - HKLM\..\Run: [lauhfged] C:\WINDOWS\System32\tvqslep\lauhfged.exe
O4 - HKLM\..\Run: [cvsoli] C:\WINDOWS\System32\ubjauw\cvsoli.exe
O4 - HKLM\..\Run: [qleqf] C:\WINDOWS\System32\fkpwkix\qleqf.exe
O4 - HKLM\..\Run: [isfkiq] C:\WINDOWS\System32\pebahm\isfkiq.exe
O4 - HKLM\..\Run: [vecx] C:\WINDOWS\System32\tojkdoqd\vecx.exe
O4 - HKLM\..\Run: [pbxuhjv] C:\WINDOWS\System32\vfncsufw\pbxuhjv.exe
O4 - HKLM\..\Run: [ouqmbc] C:\WINDOWS\System32\gkii\ouqmbc.exe
O4 - HKLM\..\Run: [ksvg] C:\WINDOWS\System32\vuqf\ksvg.exe
O4 - HKLM\..\Run: [gtmdawp] C:\WINDOWS\System32\jfjtluwa\gtmdawp.exe
O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
O4 - HKLM\..\Run: [kdxu] C:\WINDOWS\System32\rwojfi\kdxu.exe
O4 - HKLM\..\Run: [satkj] C:\WINDOWS\System32\ukmiyao\satkj.exe
O4 - HKLM\..\Run: [chwkl] C:\WINDOWS\System32\bndsxq\chwkl.exe
O4 - HKLM\..\Run: [ieue] C:\WINDOWS\System32\qejtiapy\ieue.exe
O4 - HKLM\..\Run: [ksauinla] C:\WINDOWS\System32\mbpbkue\ksauinla.exe
O4 - HKLM\..\Run: [ophgggi] C:\WINDOWS\System32\xpmqdhxh\ophgggi.exe
O4 - HKLM\..\Run: [olmdgl] C:\WINDOWS\System32\rcwx\olmdgl.exe
O4 - HKLM\..\Run: [jgkunh] C:\WINDOWS\System32\dwkugil\jgkunh.exe
O4 - HKLM\..\Run: [BPT] "c:\Program Files\Bpt\bpt.exe"
O4 - HKLM\..\Run: [BPCv2] C:\Program Files\bpc_search\BPCv2.exe
O4 - HKLM\..\Run: [Makarzy] C:\WINDOWS\nyei.exe
O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
O4 - HKLM\..\Run: [antiware] C:\windows\system32\eliteond32.exe

O17 - HKLM\System\CCS\Services\Tcpip\..\{B0940A1B-F4F8-4FAF-B3A3-385F26F5764B}: NameServer = 192.168.0.8,192.168.0.111

O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - C:\WINDOWS\isrvs\mfiltis.dll



Optional fixes. These are resource hogs that are not required at startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot


To disable "tkbell.exe" in the new version (1) Start RealOne Player (2) Tools -> Preferences (3) Automatic services in the Categories pane (4) Uncheck all options and then OK

With all windows and browser windows closed, including this one, hit "Fix checked"


Reboot, on restart, start in "Safe Mode".
How To
1. Restart the computer.
2. As the computer restarts, begin tapping the F8 key until the Windows XP startup menu appears.
3. Choose Safe mode from the startup menu, and then press Enter. Windows starts in Safe mode.


Show "Hidden files and folders".
How to
Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab.
In the Advanced settings box, under the "Hidden files" folder, select Show hidden files and folders
Remove the check mark from "Hide protected operating system files (Recommended)".
Click Apply, and then click OK.


Find and delete the following (Note, only delete the items in bold)


C:\windows\system32\packager.exe<--File only
c:\windows\system32\wwodjf.exe<--File only
C:\Program Files\r2ia9idw\<--Folder
C:\WINDOWS\System32\netsync.exe<--File only
C:\WINDOWS\System32\qvoibld\<--Folder
C:\WINDOWS\System32\hvqhfx\<--Folder
C:\WINDOWS\System32\ggfcxycg\<--Folder
C:\WINDOWS\System32\cbngn\<--Folder
C:\WINDOWS\System32\tvqslep\<--Folder
C:\WINDOWS\System32\ubjauw\<--Folder
C:\WINDOWS\System32\fkpwkix\<--Folder
C:\WINDOWS\System32\pebahm\<--Folder
C:\WINDOWS\System32\tojkdoqd\<--Folder
C:\WINDOWS\System32\vfncsufw\<--Folder
C:\WINDOWS\System32\gkii\<--Folder
C:\WINDOWS\System32\vuqf\<--Folder
C:\WINDOWS\System32\jfjtluwa\<--Folder
D0CE0C16B1<--File only
C:\WINDOWS\System32\rwojfi\<--Folder
C:\WINDOWS\System32\ukmiyao\<--Folder
C:\WINDOWS\System32\bndsxq\<--Folder
C:\WINDOWS\System32\qejtiapy\<--Folder
C:\WINDOWS\System32\mbpbkue\<--Folder
C:\WINDOWS\System32\xpmqdhxh\<--Folder
C:\WINDOWS\System32\rcwx\<--Folder
C:\WINDOWS\System32\dwkugil\<--Folder
c:\Program Files\Bpt\<--Folder
C:\Program Files\bpc_search\<--Folder
C:\WINDOWS\nyei.exe<--File only
C:\WINDOWS\isrvs\<--Folder
C:\windows\system32\eliteond32.exe<--File only
C:\WINDOWS\System32\adfqlmwm\<--Folder
C:\WINDOWS\System32\cktucdis\<--Folder
C:\Documents and Settings\All Users\Application Data\msw\<--Folder


Run the cleanup utility you downloaded earlier. This will delete the contents of C:\Temp, Windows Temporary Folder, Temporary Internet Files, cookies, Recycle Bin etc.


Reboot normally.


Configure Ad-Aware for a full scan
First, in the main window, look in the bottom right corner and click on Check for updates now and download the latest reference files.


Click on the Gear icon (second from the left) to access the preferences/settings window

1. In the General window make sure the following are selected:
* Automatically save log-file
* Automatically quarantine objects prior to removal
* Safe Mode (always request confirmation)

2. Click on the Scanning button on the left and select :
* Scan Within Archives
* Scan Active Processes
* Scan Registry
* Deep Scan Registry
* Scan my IE favorites for banned URL’s
* Scan my Hosts file
* Under Click here to select drives + folders, choose:
* All of your hard drives

Click on the Advanced button on the left and select:
* Include additional process information
* Include additional file information
* Include environment information

Click the Tweak button and select:
* Under the Scanning Engine:
o Unload recognized processes & modules during scan
o Include additional Ad-aware settings in logfile
* Under the Cleaning Engine:
o Let Windows remove files in use at next reboot

Click on Proceed to save the settings.

Click Start and on the next screen choose Activate in-depth Scan at the bottom of the page and then choose:
* Use Custom Scanning Options

Click Next and Ad-aware will scan your hard drive(s) with the options you have selected.

Save the log file when it asks and then click Finish

When finished, mark everything for removal and get rid of it. (Right-click the window and choose Select All from the drop down menu and click Next).

Reboot your computer.


Turn off your System Restore.
Right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

I'd like you to run this online virus scan.
http://housecall.trendmicro.com/housecall/start_corp.asp

Let it fix what it finds.


Reboot. Run HiJackThis, scan and post a fresh log file.



picard.
Every day's a school day.

ASAP Proud member since 2005 Alliance of Security Analysis Professionals

#5 motionb

motionb
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:46 AM

Posted 08 March 2005 - 11:53 AM

Okay, whew!
what a mess, this is by far the worst pc i have had to clean. I need to start charging for this !! hehe
Thanks for all your help, this pc is running 1000 time better than when i started.
Anyway, followed all your instructions, and here is the latest hijackthis logfile

Logfile of HijackThis v1.99.1
Scan saved at 10:50:53 AM, on 3/8/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Jimmy\Desktop\hijackthis-4\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
O4 - HKLM\..\Run: [version] C:\WINDOWS\system32\dealhelper.exe
O4 - HKLM\..\Run: [antiware] C:\windows\system32\eliteond32.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-beta.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B0940A1B-F4F8-4FAF-B3A3-385F26F5764B}: NameServer = 192.168.0.111
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

#6 picard_uk

picard_uk

  • Members
  • 123 posts
  • OFFLINE
  •  
  • Local time:01:46 AM

Posted 08 March 2005 - 06:16 PM

Hi motionb,

Can you submit this file for analysis

C:\windows\system32\eliteond32.exe

here
http://virusscan.jotti.org/

Copy and paste the file location into the box at the top of the screen.



Let me know the results.


picard.
Every day's a school day.

ASAP Proud member since 2005 Alliance of Security Analysis Professionals

#7 motionb

motionb
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:46 AM

Posted 08 March 2005 - 06:33 PM

The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file


I turned off windows xp firewall, but still got the same message
any suggestions?

Thanks,

#8 motionb

motionb
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:46 AM

Posted 08 March 2005 - 06:38 PM

Hey wait nevermind, that file doesnt exist
I cant find it with a search of the computer

#9 picard_uk

picard_uk

  • Members
  • 123 posts
  • OFFLINE
  •  
  • Local time:01:46 AM

Posted 10 March 2005 - 03:08 PM

Hi motionb,

Sorry for the delay. I picked up a little virus of my own, flu.

Can you please post a fresh HiJackThis log?


picard.
Every day's a school day.

ASAP Proud member since 2005 Alliance of Security Analysis Professionals

#10 motionb

motionb
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:46 AM

Posted 13 March 2005 - 04:22 PM

Logfile of HijackThis v1.99.1
Scan saved at 3:19:26 PM, on 3/13/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Documents and Settings\Jimmy\Desktop\hijackthis-4\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-beta.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

#11 Daisuke

Daisuke

    Cleaner on Duty


  • Members
  • 5,575 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Romania
  • Local time:12:46 AM

Posted 13 March 2005 - 04:38 PM

Hi :thumbsup:

Please print or copy these instructions because you are not able to access the Internet in SafeMode.

Download Ad-aware SE 1.05: here
Install it. When you get the last screen, with the "Finish" button and 3 options, uncheck those three items.
Open AdAware and click the "Check for updates now" link. Close AdAware. Don't use it yet.

Download System Security Suite here:
System Security Suite Download. Unzip it to your desktop. Install the program. Don't use it yet.

Make sure you are set to show hidden files and folders:
A. On the Tools menu in Windows Explorer, click Folder Options.
B. Click the View tab.
C. Under Hidden files and folders, click Show hidden files and folders.
D. Uncheck Hide extensions for known filetypes and Hide protected operating system files.
How to see hidden files in Windows

REBOOT into SafeMode by tapping F8 key repeatedly at bootup: Starting your computer in Safe mode

Run HijackThis!, press Scan, and put a check mark next to all these:

O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe

Close all other windows and browsers, and press the Fix Checked button.

Delete these folders, if present:
C:\WINDOWS\isrvs\ <-- this folder

Run AdAware, press the "Start" button, uncheck "Scan for negligible risk entries", select "Perform full system scan" and press "Next". Let AdAware remove anything it finds.

With all windows and browsers closed.
Clean out temporary and Temporary Internet Files.
A. Open System Security Suite.
B. In the Items to Clear tab thick:
- Internet Explorer (left pane): Cookies & Temporary files
- My Computer (right pane): Temporary files & Recycle Bin
Press the Clear Selected Items button.
Close the program.

REBOOT normally.

Run HijackThis! again and post a new log please.
Everyday is virus day. Do you know where your recovery CDs are ?
Did you create them yet ?

Posted Image

#12 motionb

motionb
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:46 AM

Posted 17 March 2005 - 03:46 PM

This is a Dell laptop XP pro, can browse the network but neither Internet Explorer nor Firefox can surf the net, wandering if maybe its some sort of virus/spyware or something. Tried running winsockxpfix.exe no difference, and lspfix.exe and still no difference.
Hope someone can help

Logfile of HijackThis v1.99.1
Scan saved at 2:42:12 PM, on 3/17/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\NORTON~3\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\Program Files\Dual-Band Wireless A+G Notebook Adapter\WPC55AG.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\System32\svchost.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://education.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bellsouth.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bellsouth.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://education.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://education.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by BellSouth
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [WPC55AG.exe] C:\Program Files\Dual-Band Wireless A+G Notebook Adapter\WPC55AG.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.bellsouth.net
O16 - DPF: symsupportutil - https://www-secure.symantec.com/techsupp/ac...supportutil.CAB
O16 - DPF: {01112B00-3E00-11D2-8470-0060089874ED} (Support.com RemoteControl Class) - http://support.fastaccess.com/sdccommon/download/tgrc.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.fastaccess.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200207...meInstaller.exe
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://ftp.us.dell.com/fixes/PROFILER.CAB
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by1fd.bay1.hotmail.msn.com/activex/HMAtchmt.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{8CB1B09A-AD73-47A3-87C8-DFF5C576D96E}: NameServer = 192.168.0.111
O17 - HKLM\System\CCS\Services\Tcpip\..\{C826FA12-220D-408D-8AE5-0F7C75C2AC29}: NameServer = 192.168.0.111
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~3\SPEEDD~1\nopdb.exe

#13 motionb

motionb
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:46 AM

Posted 17 March 2005 - 03:48 PM

Oh yeah, forgot to mention that it will ping outside internet addresses ie google.com or yahoo.com places like that

#14 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,639 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:46 AM

Posted 17 March 2005 - 06:05 PM

Because you are posting all over the place you are making extra work for myself and helpers. Please when you reply to a helper, reply to the ORIGINAL TOPIC! Do not create a new topic as if you read through this thread you will see that you had two people working on your log, and now I am involved.

Either daisuke or picard will pick this up when they are able to. Do not post a new topic or it will be deleted. Stick to this topic.

#15 motionb

motionb
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:46 AM

Posted 17 March 2005 - 06:10 PM

What are you talking about " posting all over the place "
I posted this thread a week or two ago, that computer is over and done with
The one i posted today was about an entirely different computer, and I only posted ONCE, then replied to add more information to the post so.
Please clarify what your talking about




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users