Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown Win Ie Browser Hijacker


  • This topic is locked This topic is locked
13 replies to this topic

#1 jkd77

jkd77

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:01 PM

Posted 02 April 2006 - 01:32 PM

help! Even though i don't use ie much - much love for ff - but even when it's not running it just starts and launches an ad page of some kind. Ad url's are like such: //ad.cs102175.com/desktop/redirect.aspx?width=1&height=1&SiteID=adsi.3236/RON

//Mod edit to modify Hot Link above to protect others.//

I have followed all the instructions in the Bleepingcomputer.com preparation guide with no success.

Any help would be greatly appreciated.

Below is my log file from hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 1:20:16 PM, on 4/2/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel® Active Monitor\imontray.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe
C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Spybot\TeaTimer.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\MacOpener\MacName.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Program Files\MacOpener\FORMATM.EXE
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www.microsoft.com/isapi/redir.dll?p...UB_PVER}&ar=hom

e
N4 - Mozilla: user_pref("browser.startup.homepage", "http://www.mozilla.org/start/");

(C:\Documents and Settings\Paul Schlereth\Application

Data\Mozilla\Profiles\default\5zvd3fh2.slt\prefs.js)
N4 - Mozilla: user_pref("browser.search.defaultengine",

"engine://C%3A%5CProgram%20Files%5Cmozilla.org%5CMozilla%5Csearchplugins%5Cgoogle.src");

(C:\Documents and Settings\Paul Schlereth\Application

Data\Mozilla\Profiles\default\5zvd3fh2.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program

Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton

SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program

Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IMONTRAY] C:\Program Files\Intel\Intel® Active Monitor\imontray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe

/r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Lexmark X6100 Series] "C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe"
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security

Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [MacLicense] "C:\Program Files\MacOpener\MacLic.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot\TeaTimer.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat

5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common

Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: MacName.lnk = C:\Program Files\MacOpener\MacName.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe

(file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 -

{85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://free.aol.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -

http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -

http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) -

http://eu-housecall.trendmicro-europe.com/.../activex/hcImpl

.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -

http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - AppInit_DLLs: dlpclgfp.dll,EQMini.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd -

C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program

Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel® Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel®

Active Monitor\imonnt.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. -

C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MacFormatService - Unknown owner - C:\Program Files\MacOpener\FORMATM.EXE"

/SERVICE (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation -

C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program

Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -

C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation -

C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program

Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common

Files\Symantec Shared\Security Center\SymWSC.exe

Edited by KoanYorel, 02 April 2006 - 04:36 PM.


BC AdBot (Login to Remove)

 


m

#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:06:01 PM

Posted 06 April 2006 - 09:35 AM

Hi,

The forums are really busy, that explains why logs get behind. We start with the oldest logs first. If you still need some help, please start with posting a new hijackthislog in this thread. Don't start with a new thread.
Then I'll take a look. :thumbsup:

Also,

The current formatting of your log makes it difficult to read, so in notepad:
On top, click Format >uncheck Word Wrap
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 jkd77

jkd77
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:01 PM

Posted 08 April 2006 - 11:01 AM

miekiemoes,

thanks for the response. please help, this hijacker is really starting to annoy. below is a new hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 10:59:49 AM, on 4/8/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel® Active Monitor\imontray.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe
C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Program Files\MacOpener\FORMATM.EXE
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ViRobotXP\vrmonsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ViRobotXP\vrmonnt.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Spybot\TeaTimer.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\MacOpener\MacName.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...B_PVER}&ar=home
N4 - Mozilla: user_pref("browser.startup.homepage", "http://www.mozilla.org/start/"); (C:\Documents and Settings\Paul Schlereth\Application Data\Mozilla\Profiles\default\5zvd3fh2.slt\prefs.js)
N4 - Mozilla: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5Cmozilla.org%5CMozilla%5Csearchplugins%5Cgoogle.src"); (C:\Documents and Settings\Paul Schlereth\Application Data\Mozilla\Profiles\default\5zvd3fh2.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IMONTRAY] C:\Program Files\Intel\Intel® Active Monitor\imontray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Lexmark X6100 Series] "C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe"
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [MacLicense] "C:\Program Files\MacOpener\MacLic.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Vrmon] C:\Program Files\ViRobotXP\vrmonnt.exe Main
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot\TeaTimer.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: MacName.lnk = C:\Program Files\MacOpener\MacName.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://free.aol.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - AppInit_DLLs: dlpclgfp.dll,EQMini.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel® Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MacFormatService - Unknown owner - C:\Program Files\MacOpener\FORMATM.EXE" /SERVICE (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: ViRobot Expert Monitoring (vrmonsvc) - HAURI - C:\Program Files\ViRobotXP\vrmonsvc.exe

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:06:01 PM

Posted 08 April 2006 - 11:15 AM

Hello,

Go to start > controlpanel > software > add/remove programs and look if EQAdvice is present and uninstall it.

Reboot afterwards.

After reboot,


* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:

O20 - AppInit_DLLs: dlpclgfp.dll,EQMini.dll

* Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

Reboot once again! Important.

Then delete next files and folder if still present:

C:\Windows\System32\dlpclgfp.dll
C:\Windows\System32\EQMini.dll
C:\Program Files\EQAdvice <== folder

* Clean your Cache and Cookies in IE:
  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Click the "Delete Cookies" button
  • Next to it, Click the "Delete Files" button
  • When prompted, place a check in: "Delete all offline content", click OK
* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
  • Go to Tools > Options.
  • Click Privacy in the menu on the left side of the Options window.
  • Click the Clear button located to the right of each option (History, Cookies, Cache).
  • Click OK to close the Options window
    Alternatively, you can clear all information stored while browsing by clicking Clear All.
    A confirmation dialog box will be shown before clearing the information.
* Clean other Temporary files + Recycle bin
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.
* Perform an onlinescan with panda: (please use this scanner instead of any other scanner!)
Panda Online
- Once you are on the Panda site click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- When download is complete, click on Local Disks to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
Post the contents of the Panda scan report together with a new hijackthislog.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 jkd77

jkd77
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:01 PM

Posted 08 April 2006 - 02:27 PM

panda active scan report:


Incident Status Location

Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Paul Schlereth\Application Data\Mozilla\Firefox\Profiles\gk8t9fmd.default\cookies.txt[]
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\Paul Schlereth\Application Data\Mozilla\Profiles\default\5zvd3fh2.slt\cookies.txt[]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Paul Schlereth\Application Data\Mozilla\Profiles\default\5zvd3fh2.slt\cookies.txt[5073161]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Paul Schlereth\Application Data\Mozilla\Profiles\default\5zvd3fh2.slt\cookies.txt[88244075]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Paul Schlereth\Application Data\Mozilla\Profiles\default\5zvd3fh2.slt\cookies.txt[91338698]
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Paul Schlereth\Application Data\Mozilla\Profiles\default\5zvd3fh2.slt\cookies.txt[]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Paul Schlereth\Application Data\Netscape\NSB\Profiles\2hwbb1ds.default\cookies.txt[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00000011.MOZ[]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\RECYCLER\NPROTECT\00000011.MOZ[10217293]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\RECYCLER\NPROTECT\00000011.MOZ[]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\RECYCLER\NPROTECT\00000011.MOZ[10217293]
Spyware:Cookie/QuestionMarket Not disinfected C:\RECYCLER\NPROTECT\00000011.MOZ[]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\RECYCLER\NPROTECT\00000011.MOZ[82761755]
Spyware:Cookie/Searchportal Not disinfected C:\RECYCLER\NPROTECT\00000011.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00000014.MOZ[]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\RECYCLER\NPROTECT\00000014.MOZ[10217293]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\RECYCLER\NPROTECT\00000014.MOZ[]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\RECYCLER\NPROTECT\00000014.MOZ[10217293]
Spyware:Cookie/QuestionMarket Not disinfected C:\RECYCLER\NPROTECT\00000014.MOZ[]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\RECYCLER\NPROTECT\00000014.MOZ[82761755]
Spyware:Cookie/Searchportal Not disinfected C:\RECYCLER\NPROTECT\00000014.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00000016.MOZ[]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\RECYCLER\NPROTECT\00000016.MOZ[10217293]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\RECYCLER\NPROTECT\00000016.MOZ[]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\RECYCLER\NPROTECT\00000016.MOZ[10217293]
Spyware:Cookie/QuestionMarket Not disinfected C:\RECYCLER\NPROTECT\00000016.MOZ[]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\RECYCLER\NPROTECT\00000016.MOZ[82761755]
Spyware:Cookie/Searchportal Not disinfected C:\RECYCLER\NPROTECT\00000016.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00000019.MOZ[]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\RECYCLER\NPROTECT\00000019.MOZ[10217293]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\RECYCLER\NPROTECT\00000019.MOZ[]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\RECYCLER\NPROTECT\00000019.MOZ[10217293]
Spyware:Cookie/QuestionMarket Not disinfected C:\RECYCLER\NPROTECT\00000019.MOZ[]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\RECYCLER\NPROTECT\00000019.MOZ[82761755]
Spyware:Cookie/Searchportal Not disinfected C:\RECYCLER\NPROTECT\00000019.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00000021.MOZ[]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\RECYCLER\NPROTECT\00000021.MOZ[10217293]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\RECYCLER\NPROTECT\00000021.MOZ[]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\RECYCLER\NPROTECT\00000021.MOZ[10217293]
Spyware:Cookie/QuestionMarket Not disinfected C:\RECYCLER\NPROTECT\00000021.MOZ[]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\RECYCLER\NPROTECT\00000021.MOZ[82761755]
Spyware:Cookie/Searchportal Not disinfected C:\RECYCLER\NPROTECT\00000021.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00000023.MOZ[]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\RECYCLER\NPROTECT\00000023.MOZ[10217293]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\RECYCLER\NPROTECT\00000023.MOZ[]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\RECYCLER\NPROTECT\00000023.MOZ[10217293]
Spyware:Cookie/QuestionMarket Not disinfected C:\RECYCLER\NPROTECT\00000023.MOZ[]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\RECYCLER\NPROTECT\00000023.MOZ[82761755]
Spyware:Cookie/Searchportal Not disinfected C:\RECYCLER\NPROTECT\00000023.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00000028.MOZ[]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\RECYCLER\NPROTECT\00000028.MOZ[10217293]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\RECYCLER\NPROTECT\00000028.MOZ[]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\RECYCLER\NPROTECT\00000028.MOZ[10217293]
Spyware:Cookie/QuestionMarket Not disinfected C:\RECYCLER\NPROTECT\00000028.MOZ[]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\RECYCLER\NPROTECT\00000028.MOZ[82761755]
Spyware:Cookie/Searchportal Not disinfected C:\RECYCLER\NPROTECT\00000028.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00000031.MOZ[]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\RECYCLER\NPROTECT\00000031.MOZ[10217293]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\RECYCLER\NPROTECT\00000031.MOZ[]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\RECYCLER\NPROTECT\00000031.MOZ[10217293]
Spyware:Cookie/QuestionMarket Not disinfected C:\RECYCLER\NPROTECT\00000031.MOZ[]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\RECYCLER\NPROTECT\00000031.MOZ[82761755]
Spyware:Cookie/Searchportal Not disinfected C:\RECYCLER\NPROTECT\00000031.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00000033.MOZ[]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\RECYCLER\NPROTECT\00000033.MOZ[10217293]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\RECYCLER\NPROTECT\00000033.MOZ[]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\RECYCLER\NPROTECT\00000033.MOZ[10217293]
Spyware:Cookie/QuestionMarket Not disinfected C:\RECYCLER\NPROTECT\00000033.MOZ[]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\RECYCLER\NPROTECT\00000033.MOZ[82761755]
Spyware:Cookie/Searchportal Not disinfected C:\RECYCLER\NPROTECT\00000033.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00000041.MOZ[]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\RECYCLER\NPROTECT\00000041.MOZ[10217293]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\RECYCLER\NPROTECT\00000041.MOZ[]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\RECYCLER\NPROTECT\00000041.MOZ[10217293]
Spyware:Cookie/QuestionMarket Not disinfected C:\RECYCLER\NPROTECT\00000041.MOZ[]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\RECYCLER\NPROTECT\00000041.MOZ[82761755]
Spyware:Cookie/Searchportal Not disinfected C:\RECYCLER\NPROTECT\00000041.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00000056.MOZ[]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\RECYCLER\NPROTECT\00000056.MOZ[10217293]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\RECYCLER\NPROTECT\00000056.MOZ[]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\RECYCLER\NPROTECT\00000056.MOZ[10217293]
Spyware:Cookie/QuestionMarket Not disinfected C:\RECYCLER\NPROTECT\00000056.MOZ[]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\RECYCLER\NPROTECT\00000056.MOZ[82761755]
Spyware:Cookie/Searchportal Not disinfected C:\RECYCLER\NPROTECT\00000056.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00000059.MOZ[]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\RECYCLER\NPROTECT\00000059.MOZ[10217293]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\RECYCLER\NPROTECT\00000059.MOZ[]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\RECYCLER\NPROTECT\00000059.MOZ[10217293]
Spyware:Cookie/QuestionMarket Not disinfected C:\RECYCLER\NPROTECT\00000059.MOZ[]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\RECYCLER\NPROTECT\00000059.MOZ[82761755]
Spyware:Cookie/Searchportal Not disinfected C:\RECYCLER\NPROTECT\00000059.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00000064.MOZ[]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\RECYCLER\NPROTECT\00000064.MOZ[10217293]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\RECYCLER\NPROTECT\00000064.MOZ[]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\RECYCLER\NPROTECT\00000064.MOZ[10217293]
Spyware:Cookie/QuestionMarket Not disinfected C:\RECYCLER\NPROTECT\00000064.MOZ[]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\RECYCLER\NPROTECT\00000064.MOZ[82761755]
Spyware:Cookie/Searchportal Not disinfected C:\RECYCLER\NPROTECT\00000064.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00000066.MOZ[]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\RECYCLER\NPROTECT\00000066.MOZ[10217293]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\RECYCLER\NPROTECT\00000066.MOZ[]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\RECYCLER\NPROTECT\00000066.MOZ[10217293]
Spyware:Cookie/QuestionMarket Not disinfected C:\RECYCLER\NPROTECT\00000066.MOZ[]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\RECYCLER\NPROTECT\00000066.MOZ[82761755]
Spyware:Cookie/Searchportal Not disinfected C:\RECYCLER\NPROTECT\00000066.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00000081.MOZ[]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\RECYCLER\NPROTECT\00000081.MOZ[10217293]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\RECYCLER\NPROTECT\00000081.MOZ[]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\RECYCLER\NPROTECT\00000081.MOZ[10217293]
Spyware:Cookie/QuestionMarket Not disinfected C:\RECYCLER\NPROTECT\00000081.MOZ[]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\RECYCLER\NPROTECT\00000081.MOZ[82761755]
Spyware:Cookie/Searchportal Not disinfected C:\RECYCLER\NPROTECT\00000081.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00000083.MOZ[]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\RECYCLER\NPROTECT\00000083.MOZ[10217293]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\RECYCLER\NPROTECT\00000083.MOZ[]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\RECYCLER\NPROTECT\00000083.MOZ[10217293]
Spyware:Cookie/QuestionMarket Not disinfected C:\RECYCLER\NPROTECT\00000083.MOZ[]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\RECYCLER\NPROTECT\00000083.MOZ[82761755]
Spyware:Cookie/Searchportal Not disinfected C:\RECYCLER\NPROTECT\00000083.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00000093.MOZ[]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\RECYCLER\NPROTECT\00000093.MOZ[10217293]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\RECYCLER\NPROTECT\00000093.MOZ[]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\RECYCLER\NPROTECT\00000093.MOZ[10217293]
Spyware:Cookie/QuestionMarket Not disinfected C:\RECYCLER\NPROTECT\00000093.MOZ[]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\RECYCLER\NPROTECT\00000093.MOZ[82761755]
Spyware:Cookie/Searchportal Not disinfected C:\RECYCLER\NPROTECT\00000093.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00000097.MOZ[]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\RECYCLER\NPROTECT\00000097.MOZ[10217293]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\RECYCLER\NPROTECT\00000097.MOZ[]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\RECYCLER\NPROTECT\00000097.MOZ[10217293]
Spyware:Cookie/QuestionMarket Not disinfected C:\RECYCLER\NPROTECT\00000097.MOZ[]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\RECYCLER\NPROTECT\00000097.MOZ[82761755]
Spyware:Cookie/Searchportal Not disinfected C:\RECYCLER\NPROTECT\00000097.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00000101.MOZ[]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\RECYCLER\NPROTECT\00000101.MOZ[10217293]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\RECYCLER\NPROTECT\00000101.MOZ[]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\RECYCLER\NPROTECT\00000101.MOZ[10217293]
Spyware:Cookie/QuestionMarket Not disinfected C:\RECYCLER\NPROTECT\00000101.MOZ[]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\RECYCLER\NPROTECT\00000101.MOZ[82761755]
Spyware:Cookie/Searchportal Not disinfected C:\RECYCLER\NPROTECT\00000101.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00000103.MOZ[]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\RECYCLER\NPROTECT\00000103.MOZ[10217293]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\RECYCLER\NPROTECT\00000103.MOZ[]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\RECYCLER\NPROTECT\00000103.MOZ[10217293]
Spyware:Cookie/QuestionMarket Not disinfected C:\RECYCLER\NPROTECT\00000103.MOZ[]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\RECYCLER\NPROTECT\00000103.MOZ[82761755]
Spyware:Cookie/Searchportal Not disinfected C:\RECYCLER\NPROTECT\00000103.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00000106.MOZ[]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\RECYCLER\NPROTECT\00000106.MOZ[10217293]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\RECYCLER\NPROTECT\00000106.MOZ[]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\RECYCLER\NPROTECT\00000106.MOZ[10217293]
Spyware:Cookie/QuestionMarket Not disinfected C:\RECYCLER\NPROTECT\00000106.MOZ[]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\RECYCLER\NPROTECT\00000106.MOZ[82761755]
Spyware:Cookie/Searchportal Not disinfected C:\RECYCLER\NPROTECT\00000106.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00000107.MOZ[]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\RECYCLER\NPROTECT\00000107.MOZ[10217293]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\RECYCLER\NPROTECT\00000107.MOZ[]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\RECYCLER\NPROTECT\00000107.MOZ[10217293]
Spyware:Cookie/QuestionMarket Not disinfected C:\RECYCLER\NPROTECT\00000107.MOZ[]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\RECYCLER\NPROTECT\00000107.MOZ[82761755]
Spyware:Cookie/Searchportal Not disinfected C:\RECYCLER\NPROTECT\00000107.MOZ[]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00000108.MOZ[]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\RECYCLER\NPROTECT\00000108.MOZ[10217293]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\RECYCLER\NPROTECT\00000108.MOZ[]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\RECYCLER\NPROTECT\00000108.MOZ[10217293]
Spyware:Cookie/QuestionMarket Not disinfected C:\RECYCLER\NPROTECT\00000108.MOZ[]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\RECYCLER\NPROTECT\00000108.MOZ[82761755]
Spyware:Cookie/Searchportal Not disinfected C:\RECYCLER\NPROTECT\00000108.MOZ[]

#6 jkd77

jkd77
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:01 PM

Posted 08 April 2006 - 02:29 PM

hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 2:22:54 PM, on 4/8/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel® Active Monitor\imontray.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe
C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ViRobotXP\vrmonnt.exe
C:\Program Files\Spybot\TeaTimer.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\MacOpener\MacName.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Program Files\MacOpener\FORMATM.EXE
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ViRobotXP\vrmonsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...B_PVER}&ar=home
N4 - Mozilla: user_pref("browser.startup.homepage", "http://www.mozilla.org/start/"); (C:\Documents and Settings\Paul Schlereth\Application Data\Mozilla\Profiles\default\5zvd3fh2.slt\prefs.js)
N4 - Mozilla: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5Cmozilla.org%5CMozilla%5Csearchplugins%5Cgoogle.src"); (C:\Documents and Settings\Paul Schlereth\Application Data\Mozilla\Profiles\default\5zvd3fh2.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IMONTRAY] C:\Program Files\Intel\Intel® Active Monitor\imontray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Lexmark X6100 Series] "C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe"
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [MacLicense] "C:\Program Files\MacOpener\MacLic.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Vrmon] C:\Program Files\ViRobotXP\vrmonnt.exe Main
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot\TeaTimer.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: MacName.lnk = C:\Program Files\MacOpener\MacName.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://free.aol.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel® Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MacFormatService - Unknown owner - C:\Program Files\MacOpener\FORMATM.EXE" /SERVICE (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: ViRobot Expert Monitoring (vrmonsvc) - HAURI - C:\Program Files\ViRobotXP\vrmonsvc.exe

#7 jkd77

jkd77
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:01 PM

Posted 08 April 2006 - 03:02 PM

hijacked ie popups seem to have gone

#8 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:06:01 PM

Posted 08 April 2006 - 03:04 PM

Hello,

Your hijackthislog looks clean again.

I see Panda mainly flagged cookies in your Firefox, so did you perform that step to delete cookies in firefox as I asked you previously? If not, please perform again.

I also see panda Flagged cookies in your Norton protected recyclebin.
To delete these, rightclick your recycle bin > and choose to delete the Norton Protected Files.

How are things running now?
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 jkd77

jkd77
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:01 PM

Posted 08 April 2006 - 03:21 PM

running well

deleted all cookies, ie and ff, prior to launching tests, not sure why some remain

option to delete norton protected files is grayed out, can i just delete these directly?

#10 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:06:01 PM

Posted 08 April 2006 - 03:25 PM

option to delete norton protected files is grayed out, can i just delete these directly?


No, just leave them. They will automatically be gone after a week. They are just cookies and already in your recycle bin. :thumbsup:

To keep this clean in the future, I would suggest the following things:

Install Spywareblaster
SpywareBlaster doesn`t scan and clean for so-called spyware, but prevents it from being installed in the first place. It blocks the popular spyware ActiveX controls, and also prevents the installation of any of them via a webpage.

* Avoid illegal sites, because that's where most malware is present.
* Don't click on links inside popups.
* Don't click on links in spam messages claiming to offer anti-spyware software; because most of these so called removers ARE spyware.
* Download free software only from sites you know and trust. Because a lot of free software can bundle other software, including spyware.

Let your antispywarescanner(s) scan frequently and don't forget to update before.

And I do suggest you perform an online virusscan once in a while. (Housecall and/or Bitdefender). Because what one virusscanner can't find another one maybe can.
Also make sure that your virusscanner, the one that is installed on your system is always up to date!

Make sure your windows has the latest updates, so visit asap: http://windowsupdate.microsoft.com/ to update to SP2!

If you are having XP SP2, read here how to configure Security Features for Internet Explorer:
http://www.microsoft.com/technet/security/...xp/iesecxp.mspx

Also visit this Free Online Scanner for PC Health and Safety and Microsoft Security At Home for tips to Protect your Pc, Protect yourself and Protect your Family.

More info on how to prevent malware you can also find here (By Tony Klein)
and here: http://wiki.castlecops.com/Malware_Prevent...nt_Re-infection

If you want to fight back the Malware Writers that have made your life a misery, please take a look here and read what you can do against it.

Happy surfing again! :flowers:

Edited by miekiemoes, 08 April 2006 - 03:25 PM.

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#11 jkd77

jkd77
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:01 PM

Posted 08 April 2006 - 03:26 PM

well, i also have mozilla and opera installed, though i just deleted mozilla's cookies

#12 jkd77

jkd77
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:01 PM

Posted 08 April 2006 - 03:32 PM

thanks again! your help was right on target!

#13 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:06:01 PM

Posted 08 April 2006 - 03:34 PM

Ah yes, those cookies were in your Mozilla...not in Firefox. That explains it. :thumbsup:

You should be ok now. ;)
Just Perform a full scan with an updated Adaware SE and/or Spybot S&D to get rid of some leftovers if still present.
If you don't have those programs yet, you can find the downloadlocations in my sig.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#14 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:06:01 PM

Posted 12 April 2006 - 05:47 AM

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users