Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijack this log....please help


  • This topic is locked This topic is locked
14 replies to this topic

#1 mn0dah

mn0dah

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:00 AM

Posted 09 August 2005 - 11:14 AM

Hi,

Please see below my hijack this scan log and i would be eternally greateful if someone could help me t osort my computer out

Thanks

Logfile of HijackThis v1.99.1
Scan saved at 16:55:28, on 09/08/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\peterp\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn.com/en-us/srchasst/srchasst.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...B_PVER}&ar=home
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/en-us/srchasst/srchasst.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.microsoft.com/isapi/redir.dll?p....0&plcid=0x0809
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [RetroExpress] C:\PROGRA~1\Dantz\RETROS~1\RetroExpress.exe /h
O4 - HKLM\..\Run: [MXOBG] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [MircoSoft mRegConfgr32] SynGate32r.exe
O4 - HKLM\..\Run: [MS Home 32] mshome32.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [lanbrup] C:\WINDOWS\System32\lanbrup.exe
O4 - HKLM\..\Run: [System service62] C:\WINDOWS\etb\pokapoka62.exe
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\System32\krnklh.exe reg_run
O4 - HKLM\..\Run: [psmS36j] nsghpast.exe
O4 - HKLM\..\RunServices: [MircoSoft mRegConfgr32] SynGate32r.exe
O4 - HKLM\..\RunServices: [MS Home 32] mshome32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MircoSoft mRegConfgr32] SynGate32r.exe
O4 - HKCU\..\Run: [YB52RWH2X] ipmwvdrv.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: dnpd.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O18 - Filter: text/html - {8293D547-38DD-4325-B35A-F1817EDFA5FC} - (no file)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Retrospect Express HD Restore Helper (RetroExp Helper) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\rthlpsvc.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe

BC AdBot (Login to Remove)

 


#2 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:07:00 AM

Posted 11 August 2005 - 06:45 PM

Welcome to the BleepingComputer forum. We are currently studying your log and will have instructions for you shortly. Thank you for your patience.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#3 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:07:00 AM

Posted 11 August 2005 - 08:45 PM

We have some work to do.

Please move Hijackthis off your desktop (extract from zip)into a permanent folder. Example:
c:\program files\hijackthis\HiJackThis.exe. This will allow backups to be made and saved By HiJackThis in case something goes wrong.

Please go to the following web address and download Cleanup HERE CleanUp! is a powerful and easy-to-use application that removes temporary files created while surfing the web, empties the Recycle Bin, deletes files from your temporary folders and more. Do not run it yet.

Please disable Spyware Doctor to prevent it from interfering with the fixes that we are going to be doing. Take particular care to be certain OnGuard real-time blocking is disabled.

Please find instructions for use and download the EliteToolbar Remover

Run this tool.

You have a Qoologic/Narrator infection. To get rid of this infection:

Please download the trial version of Ewido Security Suite from
HERE. Install it and
update the program with the latest definitions. Setup the program
following the instructions HERE and then close it without running a scan.

Reboot into Safe Mode

Then please run Ewido security suite, and perform a full system scan.
Remove anything found,

Once the scan has completed, there will be a button located on the bottom of the screen named Save report

* Click Save report
* Save the report to your desktop.

Please reboot to normal mode.

You may want to print out this page. Make sure to work through the fixes in the order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) Do not worry if they are not there:

EliteToolbar

Use 'ctrl' + 'alt' + 'del' (Three keys together) to get task manager. Find these processes and 'end task' them.
OR]
Use the process viewer in Hijackthis, Open the Misc Tools Section then Open Process Manager, find these programs and ďkill processĒ the following running processes (Do not worry if they are not there)


SynGate32r.exe

mshome32.exe

lanbrup.exe

pokapoka62.exe

krnklh.exe

nsghpast.exe

ipmwvdrv.exe

dnpd.exe


Now we will address the HijackThis fixes.

Please run HijackThis and click "Scan." Place checks next to the following entries (make sure not to miss any):

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn.com/en-us/srchasst/srchasst.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...B_PVER}&ar=home

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/en-us/srchasst/srchasst.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.microsoft.com/isapi/redir.dll?p....0&plcid=0x0809

R3 - Default URLSearchHook is missing

O4 - HKLM\..\Run: [MircoSoft mRegConfgr32] SynGate32r.exe

O4 - HKLM\..\Run: [MS Home 32] mshome32.exe

O4 - HKLM\..\Run: [lanbrup] C:\WINDOWS\System32\ lanbrup.exe

O4 - HKLM\..\Run: [System service62] C:\WINDOWS\etb\ pokapoka62.exe

O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\System32\ krnklh.exe reg_run

O4 - HKLM\..\Run: [psmS36j] nsghpast.exe

O4 - HKLM\..\RunServices: [MircoSoft mRegConfgr32] SynGate32r.exe

O4 - HKLM\..\RunServices: [MS Home 32] mshome32.exe

O4 - HKCU\..\Run: [MircoSoft mRegConfgr32] SynGate32r.exe

O4 - HKCU\..\Run: [YB52RWH2X] ipmwvdrv.exe

O4 - Global Startup: dnpd.exe

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab

O18 - Filter: text/html - {8293D547-38DD-4325-B35A-F1817EDFA5FC} - (no file)


Close all browsers and other windows except for HijackThis, and click "Fix Checked" to have HijackThis fix the entries you checked.

Then Reboot to safe mode. If you donít know how to boot in safe mode, there is a tutorial HERE .
NOTE: To avoid the risk of any of the files or folders not being found due to their having the 'Hidden' attribute, first make sure that in Folder Options > View hidden and operating system files are set to show:
http://www.xtra.co.nz/help/0,,4155-1916458,00.html
Or items 8 & 9 from this link :
http://www.russelltexas.com/malware/faqhijackthis.htm

Using Windows Explorer, locate the following files and DELETE them (Do not worry if they are not there):

C:\WINDOWS\System32\ lanbrup.exe

C:\WINDOWS\etb\ pokapoka62.exe

C:\WINDOWS\System32\ krnklh.exe reg_run

C:\WINDOWS\web\related.htm

Letís run Cleanup to ensure no malware is hiding in temporary folders and for general computer cleanup to free space on your computer.

You are currently using an unpatched version of Microsoft XP. It is CRITICAL that you update to Service Pack 1. Please visit this link:
Microsoft Service Pack 1 and install Service Pack 1. If you run into trouble, please post it here.

IMPORTANT: DO NOT update to Service pack 2. Doing so before your computer is clean can cause Windows to become unstable. We will update to SP2 when you are clean.

A HiJackThis log should always be scanned in normal mode if possible. This is because only essential processes are loaded in safe mode and therefore HiJackThis will not see or report a lot of the problems that will be visible in normal mode. If problems won't fix in normal mode, then we will boot into safe mode and then try the fix.

Please post back with a HiJackThis log, the Ewido scan and your computer running with Service pack 1 or with any problems you are having updating.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#4 mn0dah

mn0dah
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:00 AM

Posted 13 August 2005 - 04:02 AM

Hi
Right, thanks very much for all your advice - i have followed all the steps adn already my laptop is running much much better.

Below are the logs and scan reports you requested. I have also updated to SP1 aswell.

A few other questions too. After following the steps last ngiht my window appearnece has reverted to 'classic' style and i the option to go back to XP is not there any more. Not critical but any ideas how to get that back? Also, how do i protect my computer in the future to stop this happening again?

OK, thanks again

Logfile of HijackThis v1.99.1
Scan saved at 23:19:38, on 12/08/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\PROGRA~1\Dantz\RETROS~1\RetroExpress.exe
C:\WINDOWS\MXOALDR.EXE
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [RetroExpress] C:\PROGRA~1\Dantz\RETROS~1\RetroExpress.exe /h
O4 - HKLM\..\Run: [MXOBG] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [MircoSoft mRegConfgr32] SynGate32r.exe
O4 - HKLM\..\Run: [MS Home 32] mshome32.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [lanbrup] C:\WINDOWS\System32\lanbrup.exe
O4 - HKLM\..\Run: [psmS36j] nsghpast.exe
O4 - HKLM\..\RunServices: [MircoSoft mRegConfgr32] SynGate32r.exe
O4 - HKLM\..\RunServices: [MS Home 32] mshome32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MircoSoft mRegConfgr32] SynGate32r.exe
O4 - HKCU\..\Run: [YB52RWH2X] ipmwvdrv.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O18 - Filter: text/html - {8293D547-38DD-4325-B35A-F1817EDFA5FC} - (no file)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Retrospect Express HD Restore Helper (RetroExp Helper) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\rthlpsvc.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe


---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 23:02:28, 12/08/2005
+ Report-Checksum: 1C5602E9

+ Scan result:

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\dnpd.exe -> TrojanDownloader.Qoologic.u : Cleaned with backup
C:\Documents and Settings\peterp\Cookies\peterp@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\peterp\Cookies\peterp@ad1.clickhype[1].txt -> Spyware.Cookie.Clickhype : Cleaned with backup
C:\Documents and Settings\peterp\Cookies\peterp@adopt.euroclick[2].txt -> Spyware.Cookie.Euroclick : Cleaned with backup
C:\Documents and Settings\peterp\Local Settings\Temp\2V7989SF.dll -> Adware.SAHA : Cleaned with backup
C:\Documents and Settings\peterp\Local Settings\Temp\ptf_0009.exe -> Spyware.Pacer : Cleaned with backup
C:\Documents and Settings\peterp\Local Settings\Temp\SSK3_B5 Seedcorn 4.exe -> TrojanDropper.Small.qn : Cleaned with backup
C:\Documents and Settings\peterp\Local Settings\Temp\update.exe -> Adware.SAHA : Cleaned with backup
C:\Documents and Settings\peterp\Local Settings\Temporary Internet Files\Content.IE5\5WERBWB2\kw[1].exe -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\peterp\Local Settings\Temporary Internet Files\Content.IE5\ZZ5NF9WW\trk_0009[1].exe -> Spyware.Pacer : Cleaned with backup
C:\Program Files\Windows Media Player\wmplayer.exe.tmp -> Spyware.Pacer : Cleaned with backup
C:\RECYCLER\S-1-5-21-1935655697-920026266-842925246-1003\Dc11.exe -> TrojanDropper.Agent.hl : Cleaned with backup
C:\RECYCLER\S-1-5-21-1935655697-920026266-842925246-1003\Dc12.exe -> TrojanDownloader.Qoologic.u : Cleaned with backup
C:\RECYCLER\S-1-5-21-1935655697-920026266-842925246-1003\Dc13.dat -> TrojanDownloader.Qoologic.u : Cleaned with backup
C:\RECYCLER\S-1-5-21-1935655697-920026266-842925246-1003\Dc14.cpl -> TrojanDownloader.Qoologic.p : Cleaned with backup
C:\RECYCLER\S-1-5-21-1935655697-920026266-842925246-1003\Dc15.exe -> TrojanDownloader.Apropo.ae : Cleaned with backup
C:\RECYCLER\S-1-5-21-1935655697-920026266-842925246-1003\Dc17.exe -> Spyware.SafeSurfing : Cleaned with backup
C:\RECYCLER\S-1-5-21-1935655697-920026266-842925246-1003\Dc18.dll -> Spyware.SafeSurfing : Cleaned with backup
C:\RECYCLER\S-1-5-21-1935655697-920026266-842925246-1003\Dc20.exe -> Adware.BetterInternet : Cleaned with backup
C:\RECYCLER\S-1-5-21-1935655697-920026266-842925246-1003\Dc37\bin\nls.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\RECYCLER\S-1-5-21-1935655697-920026266-842925246-500\Dc13.exe -> TrojanDownloader.Qoologic.u : Cleaned with backup
C:\RECYCLER\S-1-5-21-1935655697-920026266-842925246-500\Dc14.dat -> TrojanDownloader.Qoologic.u : Cleaned with backup
C:\WINDOWS\etb\nt_hide62.dll -> Spyware.EliteBar : Cleaned with backup
C:\WINDOWS\etb\pokapoka62.exe -> Spyware.EliteBar : Cleaned with backup
C:\WINDOWS\etb\xud_62.dll -> Spyware.EliteBar : Cleaned with backup
C:\WINDOWS\system\xscvawwtq.exe -> TrojanDownloader.Small.ayh : Cleaned with backup
C:\WINDOWS\system32\cbrcxda.exe -> TrojanDownloader.Qoologic.u : Cleaned with backup
C:\WINDOWS\system32\eroeynk.dll -> TrojanDownloader.Qoologic.s : Cleaned with backup
C:\WINDOWS\system32\krnklh.exe -> TrojanDownloader.Qoologic.u : Cleaned with backup
C:\WINDOWS\system32\nsg27.dll -> Spyware.HotSearchBar : Cleaned with backup
C:\WINDOWS\system32\qpbqg.dat -> TrojanDownloader.Qoologic.u : Cleaned with backup
C:\WINDOWS\system32\ruqrg.dll -> TrojanDownloader.Qoologic.t : Cleaned with backup


::Report End

#5 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:07:00 AM

Posted 13 August 2005 - 02:16 PM

Malware can be very stubborn but we are too. Your HiJackThis Log is looking better but we have a few more things to do.

Letís do this to help prevent further infection. I will have further recommendations when your HiJackThis log is clean.

Step 1

Please download and install SpywareBlaster SpywareBlaster will help to:
  • prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted software.
  • block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.
  • restrict the actions of potentially unwanted sites in Internet Explorer.
Step 2

You still have the RBot trojan. Please use RBOTGUI from Sophos. RBOTGUI is a disinfector for standalone Windows computers

* open RBOTGUI
* run it
* then click GO.

If you are disinfecting several computers; download it, save it to floppy disk, write-protect the floppy disk and run it from there.

Step 3

Please download the free tool Hoster from HERE

Unzip the file to your desktop. It will create a folder called: Hoster

Open the folder and doubleclick on Hoster.exe to run it.

Press 'Restore Original Hosts' and press 'OK'
Exit Program

Tutorial HERE

Step 4

Please use both of the following reputable online virus scanners.

TrendMicro Housecall

Panda ActiveScan

When you have completed the scans, if you get a report of files that canít be cleaned / deleted, please write down the filenames and locations and post that in your next reply

Step 5

Please read and follow the instructions here on Adware.casinoclient.html

Step 6

Letís run HiJackThis in safe mode and do not reboot until all steps are completed.

Step 7

Reboot to safe mode. If you donít know how to boot in safe mode, there is a tutorial HERE .
NOTE: To avoid the risk of any of the files or folders not being found due to their having the 'Hidden' attribute, first make sure that in Folder Options > View hidden and operating system files are set to show:
http://www.xtra.co.nz/help/0,,4155-1916458,00.html
Or items 8 & 9 from this link :
http://www.russelltexas.com/malware/faqhijackthis.htm

Step 8

Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) Do not worry if they are not there:

SafeSurfing

Step 9

Please run HijackThis and click "Scan." Place checks next to the following entries (make sure not to miss any) but do not worry if they are not there:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R3 - Default URLSearchHook is missing

O4 - HKLM\..\Run: [MircoSoft mRegConfgr32] SynGate32r.exe

O4 - HKLM\..\Run: [MS Home 32] mshome32.exe

O4 - HKLM\..\Run: [lanbrup] C:\WINDOWS\System32\ lanbrup.exe

O4 - HKLM\..\Run: [psmS36j] nsghpast.exe

O4 - HKLM\..\RunServices: [MircoSoft mRegConfgr32] SynGate32r.exe

O4 - HKLM\..\RunServices: [MS Home 32] mshome32.exe

O4 - HKCU\..\Run: [MircoSoft mRegConfgr32] SynGate32r.exe

O4 - HKCU\..\Run: [YB52RWH2X] ipmwvdrv.exe

O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab

O18 - Filter: text/html - {8293D547-38DD-4325-B35A-F1817EDFA5FC} - (no file)


Step 10

Close all browsers and other windows except for HijackThis, and click "Fix Checked" to have HijackThis fix the entries you checked.

Step 11

Using Windows Explorer, locate the following files and DELETE them (Do not worry if they are not there):

C:\WINDOWS\System32\ lanbrup.exe

Step 12
Reboot to safe mode. Scan with HiJackThis and post a new HiJackThis Log so we can see what we need to do next.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#6 mn0dah

mn0dah
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:00 AM

Posted 18 August 2005 - 04:01 PM

Thanks again for your help

Here are the requested logs etc to look at.....

HIJACK THIS

Logfile of HijackThis v1.99.1
Scan saved at 20:23:18, on 18/08/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [MXOBG] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1123921718035
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1123921696013
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe

active scan


Incident Status Location

Adware:adware/afaenhance No disinfected C:\WINDOWS\SYSTEM\QBUninstaller.exe
Spyware:spyware/surfsidekick No disinfected C:\DOCUMENTS AND SETTINGS\PETERP\APPLICATION DATA\Sskcwrd.dll
Adware:adware program No disinfected C:\WINDOWS\SYSTEM32\cache32dsrf4535dfs
Adware:adware/elitebar No disinfected C:\WINDOWS\etb
Adware:adware/pacimedia No disinfected Windows Registry
Adware:Adware/Pacimedia No disinfected C:\Documents and Settings\peterp\Local Settings\Temporary Internet Files\Content.IE5\GH6JKLAB\trk_0009[1].exe
Virus:VBS/Psyme.C No disinfected C:\Documents and Settings\peterp\Local Settings\Temporary Internet Files\Content.IE5\GPY3KDIF\TRACK9[1].CHM[track9.htm]
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\system\QBUninstaller.exe
Trend Microscan

1 virus found

JS MHTREDIR.BR

C:\Documents and Settings\peterp\Local Settings\Temporary Internet Files\Content.IE5\01KL4507\track9[1].htm

THe RBOTGUI didn't detect anything?


hope this is everything you need

look forward to hearing back from you

#7 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:07:00 AM

Posted 18 August 2005 - 04:57 PM

We still have some work to do. The reason your computer is seriously infected is that you have not updated WindowsXP. Windows has some serious security holes. Until you update WindowsXP, you will continue to get infected. I will assist you in getting your computer cleaned this time, but if you have not updated WindowsXP, I donít think anyone will help you do it the second time. Most of the volunteers like me work on several forums and while we enjoy helping others, we and you would be wasting our time.

Please download L2mfix from one of these two locations:

http://www.atribune.org/downloads/l2mfix.exe
http://www.downloads.subratam.org/l2mfix.exe

Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log.Copy the contents of that log and paste it back into this thread, along with a new hijackthis log.

IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!

Edited by suebaby41, 18 August 2005 - 05:19 PM.

You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#8 mn0dah

mn0dah
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:00 AM

Posted 22 August 2005 - 02:38 PM

OK, I have had some problems, namely that when i tried to update XP an error message came up saying that the product key was not vaild and it could therefore could not update. This is obviously rather worrying and not some thing that has come up before - do you hav this any suggestions as to why this message has come up and is it in any way related to the infection? the computer was an old one from my work so i don't have the original XP packaging.
I do however have access to a new XP CD and product code - would it be simpler to back up my files and reinstall windows?
A further error msg has also appeared in the last week - when I try to load up my symantec antivirus programme from the taskbar (where the icons are in the bottom right of the screen) a message comes up saying "this application has failed to start because MSVCR71.dll was not found Reinstalling the application may fix this problem". I think the application it is refering to is vptray.exe as this is what comes up across on the title of the error message. Curiously if you click OK, Antivirus will then appear.

So, there still are a few things that are not satifactory - most notably the XP product key issue. Would the reinstallation option be the easiest option?

Thanks in advance, sorry for the cointinued issues

#9 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:07:00 AM

Posted 23 August 2005 - 04:29 PM

I do not usually suggest a reinstall because I hate for the viruses to win! However, in your case and the problem with the updates and product key, I think that this would be your best bet. Be sure to update immediately and get your virus and firewall installed as soon as possible and definitely before you do any internet surfing.

Do you have all your program disks as well? You will have to reinstall all the programs. Most of your programs you can download from the Internet.

Good luck! :thumbsup:
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#10 mn0dah

mn0dah
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:00 AM

Posted 24 August 2005 - 03:33 AM

Thanks for your help - i will definitely make sure i am updated i nthe future!

#11 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:07:00 AM

Posted 24 August 2005 - 12:12 PM

Please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and enable system restore to make sure there are no infected files found in a restore point.
    You can find instructions on how to disable and enable system restore here:
    Managing Windows Millennium System Restore
    or
    Windows XP System Restore Guide
  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialise and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
    • When all these settings have been made, click on the OK button.
    • If it asks you if you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Use IE-SPYAD Add another level of protection to your Internet Explorer browser by blocking certain sites that are known to contain malware. IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all. IE-SPYAD may be found HERE
  • Use an Anti Virus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. See this link for a listing of on line & stand-alone anti virus programs:
    Computer Safety On line - Anti-Virus
  • Update your Anti Virus Software - It is imperative that you update your Anti virus software at least once a week (Even more if you wish). If you do not update your anti virus software, then it will not be able to catch any of the new variants that may come out.
  • Use a Firewall - I cannot stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. For an article on Firewalls and a listing of some available ones see the link below:
    Computer Safety On line - Software Firewalls
  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit Microsoftís Windows Update regularly. This will ensure your computer has the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option.
    This will provide real-time spyware & hijacker protection on your computer alongside your virus protection. You should scan your computer with Spybot S&D on a regular basis just as you would an anti- virus software. A tutorial on installing & using this product can be found here:
    Instructions for - Spybot S & D and Ad-aware
  • Install Ad-Aware - Install and download Ad-Aware. You should scan your computer with Ad-Aware as well as Spybot S&D and your anti-virus program on a regular basis. A tutorial on installing & using this product can be found here:
    Instructions for - Spybot S & D and Ad-aware
  • Install SpywareBlaster - SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs. An article on anti-malware products with links for this program and others can be found here:
    Computer Safety on line - Anti-Malware
  • Use the hosts file:
    Every version of windows has a hosts file as part of them. In a very basic sense, they are used to locate webpages. We can customize a hosts file so that it blocks certain webpages. However, it can slow down certain computers. This is why using a hosts file is optional.
    Download it HERE. Make sure you read the instructions on how to install the hosts file. There is a good tutorial HERE If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps:
    • Click the start button on the task bar at the bottom of your screen
    • Click run
    • In the dialog box, type services.msc
    • hit enter, then locate dns client
    • Highlight it, then double-click it.
    • On the dropdown box, change the setting from automatic to manual.
    • Click ok..
  • Use an alternative instant messenger program.Trillian and Miranda-Im These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
  • Please read Tony Klein's excellent article: How I got Infected in the First Place
  • Please read Understanding Spyware, Browser Hijackers, and Dialers
  • Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from HERE
  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow these steps and your potential for being infected again will reduce dramatically.

Good luck!
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#12 mn0dah

mn0dah
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:00 AM

Posted 26 August 2005 - 04:00 AM

Hello

Thanks for all the advice.

I wiped my hard drive and reinstalled XP Professional last night which all went well. i have also installed Norton Antivirus, Ad aware, Spybot, IE-spyad and spy blaster.
There still however seems to be a problem trying to get SP2 installed. The XP Pro I put on was a few yrs old and so only had SP1 included. I went to windows update pretty much imemdiately i connected the net but SP2 was still not on the list of updates after it checked my computer. Is there any reason for this? Are any of the above spyware anti virus stuff stopping it getting on? I have checked my comupter and it is definitely SP1 on there.
I have searched on the net this morning and found what appear to be legitimate SP2 download (see link below). Should I go ahead and try to install it that way?
http://www.softwarepatch.com/windows/xpsp2.html

Thanks again (and sorry for keeping coming back!)

#13 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:07:00 AM

Posted 26 August 2005 - 10:46 AM

Have you activated your XP and have you validated your copy? Microsoft Windows now require that your XP be validated. If you have done both and still cannot update via Windows Update site, check out this site. I would recommend that you order the free Windows SP2 CD to have on hand. I do not know anything about that site you mentioned, but it would probably be ok to download SP2 from there
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#14 mn0dah

mn0dah
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:00 AM

Posted 27 August 2005 - 03:59 AM

Just to let you know SP2 has now finally loaded - it seems that a number of updates had to be installed from Windows Update before it was ready to install SP2

Thanks!

#15 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:07:00 AM

Posted 27 August 2005 - 03:47 PM

Great!
Since your problem appears to be resolved, this thread will now be closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users