Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hjt Log Have Plhive And Maybe Others


  • This topic is locked This topic is locked
14 replies to this topic

#1 Ase

Ase

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:35 PM

Posted 29 May 2006 - 04:03 PM

Well hey guys this my first time here wootz! Lol well anyways lets get straight to the point I somehow got Surfside kick 3, Eg2 and plhive. I think I got rid of the 1st two but Ad-aware and Spybot cant seem to get rid of Plhive so Im here in hopes that you guys can help me out :thumbsup:. My HJT log oh and yes I use Xp Sp1 I like it better then Xp Sp2 and dont think ill change it im very stubborn :flowers: Thx in advance for any input or help.





Logfile of HijackThis v1.99.1
Scan saved at 1:51:38 PM, on 5/29/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\DOCUME~1\Freejf\LOCALS~1\Temp\svchost.exe
C:\WINDOWS\ms049989837-125.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Ares\Ares.exe
C:\WINDOWS\system32\owinrqez.exe
C:\WINDOWS\System32\rasi2s.exe
C:\Program Files\QuickTime\QTPlugin.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\rasi2s.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Freejf\Desktop\New Folder (3)\HijackThis.exe

O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [WindowsServicesStartup] C:\DOCUME~1\Freejf\LOCALS~1\Temp\svchost.exe 1
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [fqcmpwaA] C:\WINDOWS\fqcmpwaA.exe
O4 - HKLM\..\Run: [ms049989837-125] C:\WINDOWS\ms049989837-125.exe
O4 - HKLM\..\Run: [w18e45f2.dll] RUNDLL32.EXE w18e45f2.dll,I2 0011b54d018e45f2
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [{61-14-4B-B3-ZN}] c:\windows\system32\dwdsregt.exe GID003
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\spybotsd.exe" /autocheck
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [rasi2s] C:\WINDOWS\System32\rasi2s.exe
O4 - HKCU\..\RunOnce: [rasi2s] C:\WINDOWS\System32\rasi2s.exe
O4 - Startup: Reboot.exe
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\owinrqez.exe
O4 - Startup: Z_Start.lnk = C:\WINDOWS\system32\pqdsregq.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{03551BED-8355-461B-AC3F-C6002BDD3D80}: NameServer = 192.168.2.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{03551BED-8355-461B-AC3F-C6002BDD3D80}: NameServer = 192.168.2.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{03551BED-8355-461B-AC3F-C6002BDD3D80}: NameServer = 192.168.2.1
O20 - AppInit_DLLs: inicfg32.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:01:35 AM

Posted 01 June 2006 - 10:40 AM

Hi,

The forums are really busy, that explains why logs get behind. If you still need some help, please start with posting a new hijackthislog in this thread. Don't start with a new thread.
Then I'll take a look. :thumbsup:
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 Ase

Ase
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:35 PM

Posted 01 June 2006 - 04:12 PM

Hey thx alot its cool I know people have lots of things to do , well anyways last few days it seems to have goten stronger in the pop-up ads I get :thumbsup: . Also something strange happens now, it seems everytime I start and try to run Ad-aware something in my computer goes wrong and it has to restart. My new HJT log



Logfile of HijackThis v1.99.1
Scan saved at 2:04:22 PM, on 6/1/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\DOCUME~1\Freejf\LOCALS~1\Temp\svchost.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\windows\system32\pqdsregq.exe
C:\WINDOWS\System32\60dfa7ee.exe
C:\Program Files\ipwins\ipwins.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Ares\Ares.exe
C:\WINDOWS\System32\owinrqez.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\rasi2s.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\rasi2s.exe
C:\Documents and Settings\Freejf\Desktop\New Folder (3)\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://spywaresoftstop.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://spywaresoftstop.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://spywaresoftstop.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://spywaresoftstop.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://spywaresoftstop.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://spywaresoftstop.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://spywaresoftstop.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://spywaresoftstop.com/
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [WindowsServicesStartup] C:\DOCUME~1\Freejf\LOCALS~1\Temp\svchost.exe 1
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [fqcmpwaA] C:\WINDOWS\fqcmpwaA.exe
O4 - HKLM\..\Run: [ms049989837-125] C:\WINDOWS\ms049989837-125.exe
O4 - HKLM\..\Run: [w18e45f2.dll] RUNDLL32.EXE w18e45f2.dll,I2 0011b54d018e45f2
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [{61-14-4B-B3-ZN}] C:\windows\system32\pqdsregq.exe GID003
O4 - HKLM\..\Run: [Systems] C:\WINDOWS\System32\kerneld16.exe
O4 - HKLM\..\Run: [60dfa7ee.exe] C:\WINDOWS\System32\60dfa7ee.exe
O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\System32\owinrqez.exe GID003
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [rasi2s] C:\WINDOWS\System32\rasi2s.exe
O4 - HKCU\..\Run: [60dfa7ee.exe] C:\Documents and Settings\Freejf\Local Settings\Application Data\60dfa7ee.exe
O4 - HKCU\..\Run: [DNS] C:\Program Files\Common Files\mc-110-12-0000228.exe
O4 - HKCU\..\RunOnce: [rasi2s] C:\WINDOWS\System32\rasi2s.exe
O4 - Startup: Reboot.exe
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\owinrqez.exe
O4 - Startup: Z_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{03551BED-8355-461B-AC3F-C6002BDD3D80}: NameServer = 192.168.2.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{03551BED-8355-461B-AC3F-C6002BDD3D80}: NameServer = 192.168.2.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{03551BED-8355-461B-AC3F-C6002BDD3D80}: NameServer = 192.168.2.1
O20 - AppInit_DLLs: inicfg32.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

#4 Ase

Ase
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:35 PM

Posted 01 June 2006 - 04:38 PM

If your woundering by what I mean of comp restarting when I do ad-aware I took a SS of it dont know if it'll help or not.

http://img476.imageshack.us/img476/307/wtf3ss.jpg

#5 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:01:35 AM

Posted 01 June 2006 - 04:44 PM

Yes, this is indeed looking nasty :thumbsup:

It's better to print out the next instructions or save it in notepad, because you also have to work in safe mode without networking support, so this page wouldn't be available then.
It is also important you don't miss a step and perform everything in the right order!!

Open notepad and copy and paste next present in the quotebox below in it:
(don't forget to copy and paste REGEDIT4)

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="inicfg32.dllxxx"

[-HKEY_CLASSES_ROOT\CLSID\{3643ABC2-21BF-46B9-B230-F247DB0C6FD6}]

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]


Save this as fix.reg Choose to save as *all files and place it on your desktop.
It should look like this: Posted Image
Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes/ok.

* Please set your system to show all files; please see here if you're unsure how to do this.

Please download Ewido anti-malware ; it is a free version of the program.
  • Install ewido security suite
  • When installing, under "Additional Options" uncheck..
    • Install background guard
    • Install scan via context menu
  • Launch ewido by double-clicking on the icon on your desktop.
  • The program will now open to the main screen.
  • When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  • You will need to update ewido to the latest definition files.
    • On the left hand side of the main screen click update.
    • Then click on Start Update.
  • The update will start and a progress bar will show the updates being installed.
    (the status bar at the bottom will display ("Update successful")
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates
Don't run it yet.

* Reboot into Safe Mode`: ( without networking support !)
°To get into the Safe mode as the computer is booting press and hold your "F8 Key". Use your arrow keys to move to "Safe Mode" and press your Enter key.

* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://spywaresoftstop.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://spywaresoftstop.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://spywaresoftstop.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://spywaresoftstop.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://spywaresoftstop.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://spywaresoftstop.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://spywaresoftstop.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://spywaresoftstop.com/
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll
O4 - HKLM\..\Run: [WindowsServicesStartup] C:\DOCUME~1\Freejf\LOCALS~1\Temp\svchost.exe 1
O4 - HKLM\..\Run: [fqcmpwaA] C:\WINDOWS\fqcmpwaA.exe
O4 - HKLM\..\Run: [ms049989837-125] C:\WINDOWS\ms049989837-125.exe
O4 - HKLM\..\Run: [w18e45f2.dll] RUNDLL32.EXE w18e45f2.dll,I2 0011b54d018e45f2
O4 - HKLM\..\Run: [{61-14-4B-B3-ZN}] C:\windows\system32\pqdsregq.exe GID003
O4 - HKLM\..\Run: [Systems] C:\WINDOWS\System32\kerneld16.exe
O4 - HKLM\..\Run: [60dfa7ee.exe] C:\WINDOWS\System32\60dfa7ee.exe
O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\System32\owinrqez.exe GID003
O4 - HKCU\..\Run: [rasi2s] C:\WINDOWS\System32\rasi2s.exe
O4 - HKCU\..\Run: [60dfa7ee.exe] C:\Documents and Settings\Freejf\Local Settings\Application Data\60dfa7ee.exe
O4 - HKCU\..\Run: [DNS] C:\Program Files\Common Files\mc-110-12-0000228.exe
O4 - HKCU\..\RunOnce: [rasi2s] C:\WINDOWS\System32\rasi2s.exe
O4 - Startup: Reboot.exe
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\owinrqez.exe
O4 - Startup: Z_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe
O20 - AppInit_DLLs: inicfg32.dllxxx


* Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

* Using Windows Explorer, locate the following files/folders, and delete them if still present:

C:\windows\system32\pqdsregq.exe
C:\WINDOWS\System32\60dfa7ee.exe
C:\Program Files\ipwins <== folder
C:\WINDOWS\System32\owinrqez.exe
C:\WINDOWS\System32\rasi2s.exe
C:\Program Files\E2G <== folder
C:\WINDOWS\fqcmpwaA.exe
C:\WINDOWS\ms049989837-125.exe
C:\WINDOWS\System32\w18e45f2.dll
C:\WINDOWS\System32\kerneld16.exe
C:\Documents and Settings\Freejf\Local Settings\Application Data\60dfa7ee.exe
C:\Program Files\Common Files\mc-110-12-0000228.exe
C:\WINDOWS\system32\dwdsregt.exe
C:\WINDOWS\System32\inicfg32.dll

* Still in safe mode... * Clean your Cache and Cookies in IE:
  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Click the "Delete Cookies" button
  • Next to it, Click the "Delete Files" button
  • When prompted, place a check in: "Delete all offline content", click OK
* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
  • Go to Tools > Options.
  • Click Privacy in the menu on the left side of the Options window.
  • Click the Clear button located to the right of each option (History, Cookies, Cache).
  • Click OK to close the Options window
    Alternatively, you can clear all information stored while browsing by clicking Clear All.
    A confirmation dialog box will be shown before clearing the information.
* Clean other Temporary files + Recycle bin
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.
* Open Ewido anti-malware
Click on scanner

* Click Complete System Scan and the scan will begin.
* During the scan it will prompt you to clean files, click OK
* When the scan is finished, look at the bottom of the screen and click the Save report button.
* Save the report to your desktop

Close Ewido

* Reboot your system back to normal mode.

* Perform an onlinescan with panda: (please use this scanner instead of any other scanner!)
Panda Online
- Once you are on the Panda site click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- When download is complete, click on Local Disks to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.

* Open notepad and copy and paste next present in the quotebox in it:

cd %systemdrive%\
dir %Systemdrive%\60dfa7ee.exe /a h /s >> look.txt
start notepad look.txt


Save this as look.bat , choose to save as *all files and place it on your desktop.
It should look like this: Posted Image
Doubleclick on it and notepad should open.
Copy and paste the contents of it in your next reply, together with the contents of the Panda scan report in your next reply, the contents of ewido-log present on your desktop and a new HiJackThis log.

Edited by miekiemoes, 01 June 2006 - 04:45 PM.

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#6 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:01:35 AM

Posted 01 June 2006 - 05:42 PM

If your woundering by what I mean of comp restarting when I do ad-aware I took a SS of it dont know if it'll help or not.

http://img476.imageshack.us/img476/307/wtf3ss.jpg


Malware is causing this. And I guess there will be some hidden infections here as well. We'll find out later.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 Ase

Ase
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:35 PM

Posted 01 June 2006 - 08:37 PM

Did everything you wanted me to do and heres the info you wanted

look.bat


Volume in drive C has no label.
Volume Serial Number is B4E6-14B3
Volume in drive C has no label.
Volume Serial Number is B4E6-14B3



--------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 5:59:49 PM, 6/1/2006
+ Report-Checksum: EA886233

+ Scan result:

HKLM\SOFTWARE\Classes\IeBHOs.Control -> Adware.E2G : Error during cleaning
HKLM\SOFTWARE\Classes\IeBHOs.Control\CLSID -> Adware.E2G : Error during cleaning
HKLM\SOFTWARE\Classes\IeBHOs.Control\CurVer -> Adware.E2G : Error during cleaning
HKLM\SOFTWARE\Classes\IeBHOs.Control.1 -> Adware.E2G : Error during cleaning
HKU\S-1-5-21-1202660629-1563985344-682003330-1003\Software\DNS -> Adware.Shorty : Cleaned with backup
C:\Documents and Settings\Freejf\Application Data\Тasks\іеxplore.exe -> Adware.PurityScan : Cleaned with backup
C:\Documents and Settings\Freejf\Desktop\New Folder (3)\backups\backup-20060601-164528-425.dll -> Adware.E2Give : Cleaned with backup
C:\Documents and Settings\Freejf\Desktop\TagASaurus.exe -> Hijacker.Small : Cleaned with backup
C:\Documents and Settings\Freejf\Local Settings\Temp\1.dlb -> Trojan.Small : Cleaned with backup
C:\Documents and Settings\Freejf\Local Settings\Temp\5.dlb -> Downloader.Small : Cleaned with backup
C:\Documents and Settings\Freejf\Local Settings\Temp\6.dlb -> Trojan.Small : Cleaned with backup
C:\Documents and Settings\Freejf\Local Settings\Temp\7.dlb -> Trojan.Small : Cleaned with backup
C:\Documents and Settings\Freejf\Local Settings\Temp\Cookies\freejf@anat.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Freejf\Local Settings\Temp\Cookies\freejf@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Freejf\Local Settings\Temp\Cookies\freejf@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Freejf\Local Settings\Temp\Cookies\freejf@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Freejf\Local Settings\Temp\ErrorSafeFreeInstall.exe -> Not-A-Virus.Downloader.Win32.WinFixer.j : Cleaned with backup
C:\Documents and Settings\Freejf\Local Settings\Temp\i6D.tmp -> Adware.SurfSide : Cleaned with backup
C:\Documents and Settings\Freejf\Local Settings\Temp\ICD4.tmp\amm06.ocx -> Adware.MediaMotor : Cleaned with backup
C:\Documents and Settings\Freejf\Local Settings\Temp\ICD5.tmp\UERS_0001_N82M1105NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.j : Cleaned with backup
C:\Documents and Settings\Freejf\Local Settings\Temp\maxdd1.game -> Trojan.Dialer.pw : Cleaned with backup
C:\Documents and Settings\Freejf\Local Settings\Temp\win32.exe -> Trojan.Small : Cleaned with backup
C:\Documents and Settings\Freejf\Local Settings\Temp\~os116.tmp\OSMIM.dll -> Adware.RK : Cleaned with backup
C:\Documents and Settings\Freejf\Local Settings\Temp\~os116.tmp\ossproxy.exe -> Adware.RK : Cleaned with backup
C:\Documents and Settings\Freejf\Local Settings\Temp\~os116.tmp\rk.bin -> Adware.RK : Cleaned with backup
C:\Program Files\Common Files\misc001\webhc1.exe/whAgent.exe -> Adware.WebHancer : Cleaned with backup
C:\Program Files\Common Files\services.exe -> Adware.Maxifiles : Cleaned with backup
C:\Program Files\Common Files\svchostsys\svchostsys.exe -> Downloader.Small : Cleaned with backup
C:\Program Files\Common Files\svchostsys\svchostupdate.exe -> Downloader.Small : Cleaned with backup
C:\Program Files\DNS\Catcher.dll -> Adware.Maxifiles : Cleaned with backup
C:\Program Files\DNS\cwebpage.dll -> Adware.Maxifiles : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\UERS_0001_N82M1105NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.j : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\USDR6_0001_D08M0404NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Cleaned with backup
C:\WINDOWS\mtuninst.exe -> Adware.MediaTickets : Cleaned with backup
C:\WINDOWS\NDNuninstall7_22.exe -> Adware.NewDotNet : Cleaned with backup
C:\WINDOWS\pi1_36.exe -> Downloader.Small.cqy : Cleaned with backup
C:\WINDOWS\pop06ap2.exe -> Adware.MediaMotor : Cleaned with backup
C:\WINDOWS\system32\a.exe -> Hijacker.VB.lb : Cleaned with backup
C:\WINDOWS\system32\dlh9jkdq1.exe -> Trojan.Small : Cleaned with backup
C:\WINDOWS\system32\dlh9jkdq5.exe -> Downloader.Small : Cleaned with backup
C:\WINDOWS\system32\maxd641.exe -> Trojan.Dialer.pw : Cleaned with backup
C:\WINDOWS\system32\oins.exe -> Downloader.PurityScan.cp : Cleaned with backup
C:\WINDOWS\system32\rk.bin -> Adware.RK : Cleaned with backup
C:\WINDOWS\system32\rlls.dll -> Adware.RK : Cleaned with backup
C:\WINDOWS\system32\rlvknlg.exe -> Adware.RK : Cleaned with backup
C:\WINDOWS\system32\ylx.dll -> Adware.PurityScan : Cleaned with backup
C:\WINDOWS\ѕymbols\winlogon.exe -> Downloader.PurityScan.co : Cleaned with backup


::Report End



Panda report


Incident Status Location

Adware:adware/pacimedia Not disinfected C:\Documents and Settings\Freejf\Desktop\Click to Find and Fix Errors.url
Hacktool:HackTool/ExitWin.A Not disinfected C:\Documents and Settings\Freejf\Desktop\New Folder (3)\backups\backup-20060601-164528-916-Reboot.exe
Adware:Adware/NewAds Not disinfected C:\Documents and Settings\Freejf\Local Settings\Temp\mc-110-12-0000103.exe
Spyware:Spyware/SafeSurf Not disinfected C:\Documents and Settings\Freejf\Local Settings\Temp\qms3.tmp
Spyware:Spyware/SafeSurf Not disinfected C:\Documents and Settings\Freejf\Local Settings\Temp\qms4.tmp
Spyware:Spyware/SafeSurf Not disinfected C:\Documents and Settings\Freejf\Local Settings\Temp\qms5.tmp
Spyware:Spyware/SafeSurf Not disinfected C:\Documents and Settings\Freejf\Local Settings\Temp\s1t4.b.exe
Virus:Trj/Agent.BZF Disinfected C:\Documents and Settings\Freejf\Local Settings\Temp\svchost.exe
Virus:Trj/Clicker.QE Not disinfected C:\Documents and Settings\Freejf\Local Settings\Temp\webhclick.exe[svchostsys.exe]
Virus:Trj/Clicker.QE Not disinfected C:\Documents and Settings\Freejf\Local Settings\Temp\webhclick.exe[sysstall.exe]
Adware:Adware/WebHancer Not disinfected C:\Documents and Settings\Freejf\Local Settings\Temp\webhclick.exe[webhc1.exe][whAgent.exe]
Adware:Adware/WebHancer Not disinfected C:\Documents and Settings\Freejf\Local Settings\Temp\webhclick.exe[webhc1.exe][whInstaller.exe]
Adware:Adware/WebHancer Not disinfected C:\Documents and Settings\Freejf\Local Settings\Temp\webhclick.exe[webhc1.exe][whSurvey.exe]
Adware:Adware/WebHancer Not disinfected C:\Documents and Settings\Freejf\Local Settings\Temp\webhclick.exe[webhc1.exe][webhdll.dll]
Adware:Adware/WebHancer Not disinfected C:\Documents and Settings\Freejf\Local Settings\Temp\webhclick.exe[webhc1.exe][whiehlpr.dll]
Spyware:spyware/surfsidekick Not disinfected C:\Documents and Settings\Freejf\Local Settings\Temporary Internet Files\Ssk.log
Virus:Trj/Agent.BZF Disinfected C:\Documents and Settings\Freejf\Shared\Fraps v2.6.0 (cracked).zip[Setup.exe]
Virus:Trj/Clicker.QE Disinfected C:\Program Files\Common Files\simtest\sysstall.exe
Adware:Adware/YazzleSudoku Not disinfected C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe
Adware:adware/dollarrevenue Not disinfected C:\WINDOWS\keyboard231.dat
Virus:Trj/Downloader.HPZ Not disinfected C:\WINDOWS\pf78.exe[pms111x.exe]
Virus:Trj/VB.MC Not disinfected C:\WINDOWS\pf78.exe[SYSC00.exe]
Potentially unwanted tool:Application/Restart Not disinfected C:\WINDOWS\system32\Tools\Restart.exe
Adware:Adware/Deskwizz Not disinfected C:\WINDOWS\system32\VSL03.exe[VSL.dl_]
Adware:Adware/Deskwizz Not disinfected C:\WINDOWS\system32\VSL03.exe[auxe.exe]
Adware:Adware/Deskwizz Not disinfected C:\WINDOWS\system32\VSL05.exe[VSL.dl_]
Adware:Adware/Deskwizz Not disinfected C:\WINDOWS\system32\VSL05.exe[auxe.exe]
Adware:Adware/EliteBar Not disinfected C:\WINDOWS\unstall.exe
Adware:Adware/CommAd Not disinfected C:\WINDOWS\ZnJlZWpm\tBL5tqDA.vbs

New HJT log



Logfile of HijackThis v1.99.1
Scan saved at 6:28:36 PM, on 6/1/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\DOCUME~1\Freejf\LOCALS~1\Temp\svchost.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Freejf\Desktop\New Folder (3)\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://spywaresoftstop.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://spywaresoftstop.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://spywaresoftstop.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://spywaresoftstop.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://spywaresoftstop.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://spywaresoftstop.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://spywaresoftstop.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://spywaresoftstop.com/
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [fqcmpwaA] C:\WINDOWS\fqcmpwaA.exe
O4 - HKLM\..\Run: [ms049989837-125] C:\WINDOWS\ms049989837-125.exe
O4 - HKLM\..\Run: [w18e45f2.dll] RUNDLL32.EXE w18e45f2.dll,I2 0011b54d018e45f2
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [{61-14-4B-B3-ZN}] C:\windows\system32\pqdsregq.exe GID003
O4 - HKLM\..\Run: [Systems] C:\WINDOWS\System32\kerneld16.exe
O4 - HKLM\..\Run: [60dfa7ee.exe] C:\WINDOWS\System32\60dfa7ee.exe
O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\System32\owinrqez.exe GID003
O4 - HKLM\..\RunOnce: [Panda_cleaner_272726] C:\WINDOWS\System32\ActiveScan\pavdr.exe xPanda ActiveScan 272726
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [rasi2s] C:\WINDOWS\System32\rasi2s.exe
O4 - HKCU\..\Run: [60dfa7ee.exe] C:\Documents and Settings\Freejf\Local Settings\Application Data\60dfa7ee.exe
O4 - HKCU\..\Run: [DNS] C:\Program Files\Common Files\mc-110-12-0000228.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{03551BED-8355-461B-AC3F-C6002BDD3D80}: NameServer = 192.168.2.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{03551BED-8355-461B-AC3F-C6002BDD3D80}: NameServer = 192.168.2.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{03551BED-8355-461B-AC3F-C6002BDD3D80}: NameServer = 192.168.2.1
O20 - AppInit_DLLs: inicfg32.dllxxx
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

#8 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:01:35 AM

Posted 02 June 2006 - 04:03 AM

Hello,

From what I can see in your previous logs, it looks like you missed some steps...

Please reboot first, because Panda has a task to perform after reboot..

Then, after reboot,

* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://spywaresoftstop.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://spywaresoftstop.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://spywaresoftstop.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://spywaresoftstop.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://spywaresoftstop.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://spywaresoftstop.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://spywaresoftstop.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://spywaresoftstop.com/
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll (file missing)
O4 - HKLM\..\Run: [fqcmpwaA] C:\WINDOWS\fqcmpwaA.exe
O4 - HKLM\..\Run: [ms049989837-125] C:\WINDOWS\ms049989837-125.exe
O4 - HKLM\..\Run: [w18e45f2.dll] RUNDLL32.EXE w18e45f2.dll,I2 0011b54d018e45f2
O4 - HKLM\..\Run: [{61-14-4B-B3-ZN}] C:\windows\system32\pqdsregq.exe GID003
O4 - HKLM\..\Run: [Systems] C:\WINDOWS\System32\kerneld16.exe
O4 - HKLM\..\Run: [60dfa7ee.exe] C:\WINDOWS\System32\60dfa7ee.exe
O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\System32\owinrqez.exe GID003
O4 - HKCU\..\Run: [rasi2s] C:\WINDOWS\System32\rasi2s.exe
O4 - HKCU\..\Run: [60dfa7ee.exe] C:\Documents and Settings\Freejf\Local Settings\Application Data\60dfa7ee.exe
O4 - HKCU\..\Run: [DNS] C:\Program Files\Common Files\mc-110-12-0000228.exe
O20 - AppInit_DLLs: inicfg32.dllxxx


* Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!
Ignore the error you'll get and just press ok when the error appears.

Please set your system to show all files.
Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.

Delete next folders and files if still present:

C:\Documents and Settings\Freejf\Desktop\Click to Find and Fix Errors.url
C:\Documents and Settings\Freejf\Local Settings\Temporary Internet Files\Ssk.log
C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe
C:\WINDOWS\keyboard231.dat
C:\WINDOWS\pf78.exe
C:\WINDOWS\system32\VSL03.exe
C:\WINDOWS\system32\VSL05.exe
C:\WINDOWS\unstall.exe
C:\WINDOWS\ZnJlZWpm <== folder

Please hide your hidden files and folders afterwards again, because above instructions to set your system to show all files, unhide legit files and folders as well.
And I don't want you to delete them because they may look suspicious. To hide them again, just perform the above instructions in the opposite way.

Perform next step again, because you forgot that previously:

* Clean your Cache and Cookies in IE:
  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Click the "Delete Cookies" button
  • Next to it, Click the "Delete Files" button
  • When prompted, place a check in: "Delete all offline content", click OK
* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
  • Go to Tools > Options.
  • Click Privacy in the menu on the left side of the Options window.
  • Click the Clear button located to the right of each option (History, Cookies, Cache).
  • Click OK to close the Options window
    Alternatively, you can clear all information stored while browsing by clicking Clear All.
    A confirmation dialog box will be shown before clearing the information.
* Clean other Temporary files + Recycle bin
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.
Reboot and post a new hijackthislog in your next reply.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 Ase

Ase
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:35 PM

Posted 03 June 2006 - 09:36 AM

My new HJT log it seems everythings clear but I still get some pop-up ads :thumbsup: .




Logfile of HijackThis v1.99.1
Scan saved at 7:52:04 PM, on 6/2/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Ares\Ares.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Freejf\Desktop\New Folder (3)\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{03551BED-8355-461B-AC3F-C6002BDD3D80}: NameServer = 192.168.2.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{03551BED-8355-461B-AC3F-C6002BDD3D80}: NameServer = 192.168.2.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{03551BED-8355-461B-AC3F-C6002BDD3D80}: NameServer = 192.168.2.1
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

#10 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:01:35 AM

Posted 03 June 2006 - 09:38 AM

Hi,

Perform next:

Download Silent Runners
Unzip it to a permanent folder.
Start SilentRunners.vbs
When your antivirus is giving an alert, do not block this. Allow the script.
Please wait until it prompts you the scan is finished!
Copy and paste the content of the txtfile you get afterwards in your next reply.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#11 Ase

Ase
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:35 PM

Posted 03 June 2006 - 11:28 AM

Hey, heres what you wanted.



"Silent Runners.vbs", revision 45, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\
"rasi2s" = "C:\WINDOWS\System32\rasi2s.exe" [file not found]

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"MSMSGS" = ""C:\Program Files\Messenger\MSMSGS.EXE" /background" [MS]
"ares" = ""C:\Program Files\Ares\Ares.exe" -h" ["Ares Development Group"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"NWEReboot" = (empty string)
"NeroFilterCheck" = "C:\WINDOWS\System32\NeroCheck.exe" ["Ahead Software Gmbh"]
"ATICCC" = ""C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay" [null data]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"AVG7_CC" = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {HKLM...CLSID} = "Display Panning CPL Extension"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {HKLM...CLSID} = "Portable Media Devices"
\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]
"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"
-> {HKLM...CLSID} = "NeroDigitalIconHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\lib\NeroDigitalExt.dll" ["Nero AG"]
"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"
-> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\lib\NeroDigitalExt.dll" ["Nero AG"]
"{5E2121EE-0300-11D4-8D3B-444553540000}" = "Catalyst Context Menu extension"
-> {HKLM...CLSID} = "SimpleShlExt Class"
\InProcServer32\(Default) = "C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll" [empty string]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]
"{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]
"{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]
"{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{8B5BEC73-70B1-4D1A-986E-AA1E6111658B}" = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\ismon.dll" [file not found]
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension"
-> {HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension"
-> {HKLM...CLSID} = "AVG7 Find Extension Class"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
"{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}" = "UnlockerShellExtension"
-> {HKLM...CLSID} = "UnlockerShellExtension"
\InProcServer32\(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{54D9498B-CF93-414F-8984-8CE7FDE0D391}" = "ewido shell guard"
-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
\InProcServer32\(Default) = "C:\Program Files\ewido anti-malware\shellhook.dll" ["TODO: <Firmenname>"]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"
-> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\lib\NeroDigitalExt.dll" ["Nero AG"]
{CE3A44D8-BC88-4D62-A890-42D96245F8D6}\(Default) = "{CE3A44D8-BC88-4D62-A890-42D96245F8D6}"
-> {HKLM...CLSID} = "Columns class"
\InProcServer32\(Default) = "C:\WINDOWS\System32\dmonwv.dll" [file not found]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
UnlockerShellExtension\(Default) = "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}"
-> {HKLM...CLSID} = "UnlockerShellExtension"
\InProcServer32\(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]


Active Desktop and Wallpaper:
-----------------------------

Active Desktop is enabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\Documents and Settings\Freejf\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

Active Desktop web content:

HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\0\
"FriendlyName" = ""
"Source" = "C:\Program Files\WindowsUpdate\howynyj.html"
"SubscribedURL" = ""


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\

HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\1\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000004\LibraryPath = "%SystemRoot%\System32\nwprovau.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 27
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

6to4, 6to4, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\6to4svc.dll" [MS]}
AVG E-mail Scanner, AVGEMS, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe" ["GRISOFT, s.r.o."]
AVG7 Alert Manager Server, Avg7Alrt, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe" ["GRISOFT, s.r.o."]
AVG7 Update Service, Avg7UpdSvc, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe" ["GRISOFT, s.r.o."]
ewido security suite control, ewido security suite control, "C:\Program Files\ewido anti-malware\ewidoctrl.exe" ["ewido networks"]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\System32\wdfmgr.exe" [MS]


----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 128 seconds.
+ The search for all Registry CLSIDs containing dormant Explorer Bars
took 218 seconds.
---------- (total run time: 804 seconds)

#12 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:01:35 AM

Posted 03 June 2006 - 11:38 AM

Interesting here..

Delete next file:

C:\Program Files\WindowsUpdate\howynyj.html

* Go to start > control panel > Display properties > Desktop > Customize Desktop... > Web tab
Uncheck and delete everything you find in there. (except for "My current home page")

Then, Open notepad and copy and paste next present in the quotebox below in it:
(don't forget to copy and paste REGEDIT4)

REGEDIT4

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{CE3A44D8-BC88-4D62-A890-42D96245F8D6}]

[-HKEY_CLASSES_ROOT\CLSID\{CE3A44D8-BC88-4D62-A890-42D96245F8D6}]


Save this as fix.reg Choose to save as *all files and place it on your desktop.
It should look like this: Posted Image
Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes/ok.

Let me know if that solved your problem..

Edited by miekiemoes, 03 June 2006 - 11:38 AM.

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#13 Ase

Ase
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:35 PM

Posted 03 June 2006 - 09:22 PM

Yea it did fix the problem I had. Thanks a lot I do appreciate you helping me and going through all this nonsense of mine :thumbsup: . Much <3 I ever get into any more problems in the future I know where to go :flowers: .

#14 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:01:35 AM

Posted 04 June 2006 - 03:16 AM

Glad I could help. :thumbsup:

To keep this clean in the future, I would suggest the following things:

Install Spywareblaster
SpywareBlaster doesn`t scan and clean for so-called spyware, but prevents it from being installed in the first place. It blocks the popular spyware ActiveX controls, and also prevents the installation of any of them via a webpage.

* Avoid illegal sites, because that's where most malware is present.
* Don't click on links inside popups.
* Don't click on links in spam messages claiming to offer anti-spyware software; because most of these so called removers ARE spyware.
* Download free software only from sites you know and trust. Because a lot of free software can bundle other software, including spyware.

Let your antispywarescanner(s) scan frequently and don't forget to update before.

And I do suggest you perform an online virusscan once in a while. (Housecall and/or Bitdefender). Because what one virusscanner can't find another one maybe can.
Also make sure that your virusscanner, the one that is installed on your system is always up to date!

Make sure your windows has the latest updates, so visit asap: http://windowsupdate.microsoft.com/ to update to SP2!

If you are having XP SP2, read here how to configure Security Features for Internet Explorer:
http://www.microsoft.com/technet/security/...xp/iesecxp.mspx

Also visit this Free Online Scanner for PC Health and Safety and Microsoft Security At Home for tips to Protect your Pc, Protect yourself and Protect your Family.

More info on how to prevent malware you can also find here (By Tony Klein)
and here: http://wiki.castlecops.com/Malware_Prevent...nt_Re-infection

If you want to fight back the Malware Writers that have made your life a misery, please take a look here.

Happy surfing again! :flowers:
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#15 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:01:35 AM

Posted 04 June 2006 - 06:21 PM

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users