Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pc Infections. Pls Help Me


  • This topic is locked This topic is locked
7 replies to this topic

#1 ashish079

ashish079

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:26 AM

Posted 02 December 2006 - 05:27 AM

Hi, ive been getting this norton pop up that it has detected W32.Kelvir and downloader. but it cant seem to delete it. and also, somehow i managed to download 888bar onto my IE, but no matter how many times i uninstal it, it still stays on. Please tell me a way to fix it. Thanks a lot in advance.


Logfile of HijackThis v1.99.1
Scan saved at 10:20:18, on 02/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
J:\WINDOWS\System32\smss.exe
J:\WINDOWS\system32\winlogon.exe
J:\WINDOWS\system32\services.exe
J:\WINDOWS\system32\lsass.exe
J:\WINDOWS\system32\svchost.exe
J:\WINDOWS\System32\svchost.exe
J:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
J:\WINDOWS\system32\spoolsv.exe
J:\Program Files\Norton AntiVirus\navapsvc.exe
J:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
J:\WINDOWS\System32\nvsvc32.exe
J:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
J:\WINDOWS\System32\svchost.exe
J:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
J:\WINDOWS\Explorer.EXE
J:\Program Files\Common Files\Symantec Shared\ccApp.exe
J:\Program Files\Common Files\Real\Update_OB\realsched.exe
J:\Program Files\Common Files\?racle\s?anregw.exe
J:\DOCUME~1\USER\MYDOCU~1\YMBOLS~1\dvdplay.exe
J:\Program Files\Messenger\msmsgs.exe
J:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
J:\Program Files\Internet Explorer\iexplore.exe
J:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
J:\Program Files\Internet Explorer\iexplore.exe
J:\Program Files\Maple 10\bin.win\maplew.exe
J:\Program Files\Maple 10\jre\bin\maple.exe
J:\Program Files\Maple 10\bin.win\mserver.exe
J:\Program Files\Maple 10\bin.win\mserver.exe
J:\Program Files\Maple 10\bin.win\mserver.exe
J:\Program Files\MSN Messenger\msnmsgr.exe
J:\WINDOWS\system32\svchost.exe
J:\Program Files\Common Files\{EC19EE05-03E7-2057-0118-01032403002c}\Update.exe
J:\DOCUME~1\USER\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 80.1.224.14:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {8A9C95E6-2553-71D1-7640-5BD73F0D67BB} - J:\WINDOWS\system32\rpe.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - J:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - J:\PROGRA~1\Spybot\SDHelper.dll
O2 - BHO: (no name) - {8A9C95E6-2553-71D1-7640-5BD73F0D67BB} - J:\WINDOWS\system32\rpe.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - J:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - j:\program files\google\googletoolbar2.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - J:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: 888Bar - {C004DEC2-2623-438e-9CA2-C9043AB28508} - J:\PROGRA~1\COMMON~1\{3C19E~2\888Bar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - J:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - j:\program files\google\googletoolbar2.dll
O3 - Toolbar: 888Bar - {C004DEC2-2623-438e-9CA2-C9043AB28508} - J:\PROGRA~1\COMMON~1\{3C19E~2\888Bar.dll
O4 - HKLM\..\Run: [ccApp] J:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] J:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Advanced Tools Check] J:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE J:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] J:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [workflow] H:\installs\workflow.exe
O4 - HKLM\..\Run: [TkBellExe] "J:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [explorer] J:\Documents and Settings\USER\winstall.exe
O4 - HKLM\..\Run: [ERS_check] "J:\Program Files\Common Files\WinAntiVirus Pro 2006\ers_startupmon.exe"
O4 - HKLM\..\Run: [DC6_check] "J:\Program Files\Common Files\WinAntiVirus Pro 2006\dc6_startupmon.exe"
O4 - HKCU\..\Run: [alcfg.exe] J:\WINDOWS\system32\alcfg.exe
O4 - HKCU\..\Run: [Vom] J:\Program Files\Common Files\?racle\s?anregw.exe
O4 - HKCU\..\Run: [Pcac] "J:\DOCUME~1\USER\MYDOCU~1\YMBOLS~1\dvdplay.exe" -vt ndrv
O4 - HKCU\..\Run: [swg] J:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - Global Startup: Microsoft Office.lnk = J:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://J:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - J:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROProj.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - J:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - J:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (file missing)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.co.uk/SnapfishUKActivia.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} (Installer Class) - http://activex.matcash.com/speedtest2.dll
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) - http://67.15.101.3/g_bin/eng/snooker_2_0_0_28.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - J:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - J:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - J:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - J:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - J:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - J:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - J:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - J:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - J:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - J:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - J:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - J:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SCSI Helper Service - Sony Corporation - J:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - J:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - J:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - J:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:12:26 PM

Posted 02 December 2006 - 09:27 AM

Hello,

It is important you don't miss a step and perform everything in the right order!!

First of all, you didn't unzip/extract hijackthis.. and it's still in the tempfolder.
So I strongly advise to unzip/extract hijackthis.zip.
Read here how to unzip/extract properly:
http://metallica.geekstogo.com/xpcompressedexplanation.html
Create a permanent folder and move hijackthis.exe into it. The reason is because hijackthis creates backups and when it's in your temp-folder it can be accidentally deleted.
How do you make a permanent folder:

Click My Computer, then C:\ and then on Program Files.
In the menu bar, File->New->Folder.
That will create a folder named New Folder, which you can rename to "HJT" or "HijackThis".
Now you have C:\Program Files\HijackThis. Put your HijackThis.exe there.

Go to start > controlpanel > software > add/remove programs and uninstall next if present:

888Bar
WinAntiVirus Pro 2006
Oin
Yazzle by Oin
YazzleActiveX By OIN
Purityscan by Oin
Snowballwars by Oin
Cowabanga by OIN
or anything similar with Oin in it.


Open notepad and copy and paste next present in the quotebox below in it:
(don't forget to copy and paste REGEDIT4)

REGEDIT4

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]

Save this as fix.reg Choose to save as *all files and place it on your desktop.
It should look like this: Posted Image
Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes/ok.
(In case you are unsure how to create a reg file, take a look here with screenshots.)

Reboot when done! Really important!

--------------------

* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following if still present (some entries won't be present anymore):


R3 - URLSearchHook: (no name) - {8A9C95E6-2553-71D1-7640-5BD73F0D67BB} - J:\WINDOWS\system32\rpe.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {8A9C95E6-2553-71D1-7640-5BD73F0D67BB} - J:\WINDOWS\system32\rpe.dll
O2 - BHO: 888Bar - {C004DEC2-2623-438e-9CA2-C9043AB28508} - J:\PROGRA~1\COMMON~1\{3C19E~2\888Bar.dll
O3 - Toolbar: 888Bar - {C004DEC2-2623-438e-9CA2-C9043AB28508} - J:\PROGRA~1\COMMON~1\{3C19E~2\888Bar.dll
O4 - HKLM\..\Run: [explorer] J:\Documents and Settings\USER\winstall.exe
O4 - HKLM\..\Run: [ERS_check] "J:\Program Files\Common Files\WinAntiVirus Pro 2006\ers_startupmon.exe"
O4 - HKLM\..\Run: [DC6_check] "J:\Program Files\Common Files\WinAntiVirus Pro 2006\dc6_startupmon.exe"
O4 - HKCU\..\Run: [alcfg.exe] J:\WINDOWS\system32\alcfg.exe
O4 - HKCU\..\Run: [Vom] J:\Program Files\Common Files\?racle\s?anregw.exe
O4 - HKCU\..\Run: [Pcac] "J:\DOCUME~1\USER\MYDOCU~1\YMBOLS~1\dvdplay.exe" -vt ndrv
O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} (Installer Class) - http://activex.matcash.com/speedtest2.dll


* Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!
Don't worry if some entries won't go away, we'll deal with that later...

---------------------

Please download, install, and update AVG Anti-Spyware
  • Load AVG Anti-Spyware and then click the Update tab at the top. Under Manual Update click Start update.
  • After the update finishes (the status bar at the bottom will display "Update successful")
  • Then click on the Scanner tab at the top. Click the "Settings" tab and then change the recommended action to Quarantine and click Automatically generate report after every scan. Click back to the "Scan" tab and then click on Complete System Scan. This scan can take quite a while to run, so be prepared.
  • AVG Anti-Spyware will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. AVG Anti-Spyware will display "All actions have been applied" on the right hand side.
  • Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).
  • Close AVG Anti-Spyware and reboot!!
    I need the log later.
-------------------------

* Download Combofix to your desktop.
Doubleclick combofix.exe
Follow the prompts.
Don't click on the window while the fix is running, because that will cause your system to hang.

When finished and after reboot, it should open a log, combofix.txt.
Post next logs in your following reply:
  • Log from combofix (combofix.txt)
  • Log from AVG Antispyware
  • New HijackThislog
You may need several replies to post the logs in case they won't fit in one reply.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 ashish079

ashish079
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:26 AM

Posted 03 December 2006 - 06:19 PM

USER - 06-12-03 23:11:08.82 Service Pack 2
ComboFix 06.11.27W - Running from: "J:\Documents and Settings\USER\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


J:\Documents and Settings\USER\Application Data\Install.dat
J:\Documents and Settings\All Users\Documents\Settings
J:\Program Files\outlook
J:\Program Files\Common Files\{3C19EE05-03E7-2057-0118-01032403002c}
J:\Program Files\Common Files\{3C19EE05-03E8-2057-0118-01032403002c}
J:\Program Files\Common Files\{EC19EE05-03E7-2057-0118-01032403002c}
J:\Program Files\Common Files\{EC19EE05-03E8-2057-0118-01032403002c}

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

J:\QooBox\Purity\Documents and Settings\USER\Application Data\CROSOF~1
J:\QooBox\Purity\Documents and Settings\USER\Application Data\ICROSO~1.NET
J:\QooBox\Purity\Documents and Settings\USER\My Documents\ECURIT~1
J:\QooBox\Purity\Documents and Settings\USER\My Documents\YMBOLS~1
J:\QooBox\Purity\Program Files\Common Files\RACLE~1
J:\QooBox\Purity\WINDOWS\system32\ECURIT~1


((((((((((((((((((((((((((((((( Files Created from 2006-11-03 to 2006-12-03 ))))))))))))))))))))))))))))))))))


2006-12-03 21:51 3,968 --a------ J:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-12-03 21:51 <DIR> d-------- J:\Program Files\Grisoft
2006-12-02 19:31 <DIR> d-------- J:\Program Files\Yahoo!
2006-12-02 19:31 <DIR> d-------- J:\Documents and Settings\All Users\Application Data\Yahoo!
2006-12-01 20:27 <DIR> d-------- J:\Program Files\Common Files\Companion Wizard
2006-12-01 20:24 <DIR> d--hs---- J:\WA6P
2006-11-28 20:45 <DIR> d-------- J:\Program Files\GanymedeNet
2006-11-13 20:47 <DIR> d-------- J:\Program Files\RM to MP3 Converter
2006-11-04 14:14 1,245,696 --a------ J:\WINDOWS\system32\msxml4.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-12-03 23:12 -------- d-a------ J:\Program Files\Common Files
2006-12-03 23:04 -------- d-------- J:\Program Files\Common Files\Symantec Shared
2006-12-03 21:39 -------- d-------- J:\Program Files\Mozilla Firefox
2006-12-02 10:15 -------- d-------- J:\Program Files\Internet Explorer
2006-12-01 21:16 -------- d-------- J:\Documents and Settings\USER\Application Data\uTorrent
2006-12-01 20:27 704 --a------ J:\Documents and Settings\USER\Application Data\update.log
2006-11-26 19:44 -------- d-------- J:\Documents and Settings\USER\Application Data\dvdcss
2006-11-24 20:29 -------- d-------- J:\Program Files\MSN Messenger
2006-11-16 17:06 -------- d-------- J:\Program Files\Symantec
2006-11-14 19:43 120272 --a------ J:\Documents and Settings\USER\Application Data\GDIPFONTCACHEV1.DAT
2006-11-02 20:53 36864 --a------ J:\WINDOWS\system32\maplec.dll
2006-11-02 20:53 155648 --a------ J:\WINDOWS\system32\WMIMPLEX.dll
2006-11-02 20:53 -------- d--h----- J:\Program Files\Zero G Registry
2006-11-02 20:53 -------- d-------- J:\Program Files\Maple 10
2006-11-02 11:31 -------- d-------- J:\Program Files\Common Files\Motive
2006-10-27 10:49 -------- d-------- J:\Program Files\Sony Ericsson
2006-10-27 10:49 -------- d-------- J:\Program Files\Common Files\Teleca Shared
2006-10-26 19:43 -------- d--h----- J:\Program Files\InstallShield Installation Information
2006-10-26 19:32 -------- d-------- J:\Program Files\LG PC Suite
2006-10-26 18:08 -------- d-------- J:\Program Files\LG Electronics
2006-10-15 19:19 -------- d-------- J:\Program Files\Sony
2006-10-15 19:19 -------- d-------- J:\Program Files\Common Files\Sony Shared
2006-10-14 22:09 -------- d-------- J:\Program Files\Google
2006-10-13 12:35 65536 --a------ J:\WINDOWS\system32\nwwks.dll
2006-10-13 12:35 64000 --a------ J:\WINDOWS\system32\nwapi32.dll
2006-10-13 12:35 142336 --a------ J:\WINDOWS\system32\nwprovau.dll
2006-10-13 10:23 163584 --a------ J:\WINDOWS\system32\drivers\nwrdr.sys
2006-10-04 17:52 -------- d-------- J:\Documents and Settings\USER\Application Data\Google
2006-10-01 09:28 43520 --a------ J:\WINDOWS\system32\CmdLineExt03.dll
2006-09-15 22:52 91904 --a------ J:\WINDOWS\system32\S32EVNT1.DLL
2006-09-13 05:01 1084416 --a------ J:\WINDOWS\system32\msxml3.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"swg"="J:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.908.5008\\GoogleToolbarNotifier.exe"
"Yahoo! Pager"="\"J:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ccApp"="J:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"
"ccRegVfy"="J:\\Program Files\\Common Files\\Symantec Shared\\ccRegVfy.exe"
"Advanced Tools Check"="J:\\PROGRA~1\\NORTON~1\\AdvTools\\ADVCHK.EXE"
"NvCplDaemon"="RUNDLL32.EXE J:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"NeroFilterCheck"="J:\\WINDOWS\\system32\\NeroCheck.exe"
"workflow"="H:\\installs\\workflow.exe"
"TkBellExe"="\"J:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"!AVG Anti-Spyware"="\"J:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,e6,00,00,00,00,00,00,00,9a,03,00,00,44,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="J:\\WINDOWS\\System32\\CTFMON.EXE"
"ALUAlert"="J:\\Program Files\\Symantec\\LiveUpdate\\ALUNotify.exe"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="J:\\WINDOWS\\System32\\CTFMON.EXE"
"ALUAlert"="J:\\Program Files\\Symantec\\LiveUpdate\\ALUNotify.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{64EDD259-DA06-49B0-BE6C-A5F68C74FFB2}"="OLE Object"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TkBellExe"="\"J:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\J:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
"backup"="J:\\WINDOWS\\pss\\Adobe Gamma Loader.lnkCommon Startup"
"location"="Common Startup"
"command"="J:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
"item"="Adobe Gamma Loader"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\J:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"backup"="J:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="J:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\J:^Documents and Settings^All Users^Start Menu^Programs^Startup^LG SyncManager.lnk]
"backup"="J:\\WINDOWS\\pss\\LG SyncManager.lnkCommon Startup"
"location"="Common Startup"
"item"="LG SyncManager"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\J:^Documents and Settings^USER^Start Menu^Programs^Startup^Norton Disk Doctor.LNK]
"backup"="J:\\WINDOWS\\pss\\Norton Disk Doctor.LNKStartup"
"location"="Startup"
"command"="H:\\NU\\NDD32.EXE /Q"
"item"="Norton Disk Doctor"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\J:^Documents and Settings^USER^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]
"backup"="J:\\WINDOWS\\pss\\PowerReg Scheduler V3.exeStartup"
"location"="Startup"
"item"="PowerReg Scheduler V3"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Ares"
"hkey"="HKCU"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\B'sCLiP]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="IBurn"
"hkey"="HKLM"
"command"="J:\\PROGRA~1\\CYBERL~2\\INSTAN~1\\Win2K\\IBurn.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\banmanpro]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="banmanpro"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\drsmartloadb]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="drsmartloadb"
"hkey"="HKLM"
"command"="c:\\\\drsmartloadb.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\enewsletterpro]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="enewsletterpro"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchList]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LaunchList"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mmtask"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mm_tray"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"J:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="J:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nwiz"
"hkey"="HKLM"
"command"="nwiz.exe /install"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PayTime]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="paytime"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Power2GoExpress"
"hkey"="HKCU"
"command"="\"J:\\Program Files\\CyberLink\\Power2Go\\Power2GoExpress.exe\" /Startup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pro]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="tool2"
"hkey"="HKCU"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shell]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ibm00005"
"hkey"="HKCU"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Skype"
"hkey"="HKCU"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="J:\\Program Files\\Java\\jre1.5.0_05\\bin\\jusched.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"J:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows installer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="winstall"
"hkey"="HKCU"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"



~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

backup-20061203-214922-120
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.co.uk/SnapfishUKActivia.cab
backup-20061203-214922-298
O4 - HKCU\..\Run: [alcfg.exe] J:\WINDOWS\system32\alcfg.exe
backup-20061203-214922-201
O4 - HKLM\..\Run: [DC6_check] "J:\Program Files\Common Files\WinAntiVirus Pro 2006\dc6_startupmon.exe"
backup-20061203-214922-806
O4 - HKLM\..\Run: [ERS_check] "J:\Program Files\Common Files\WinAntiVirus Pro 2006\ers_startupmon.exe"
backup-20061203-214922-578
O4 - HKLM\..\Run: [explorer] J:\Documents and Settings\USER\winstall.exe

Contents of the 'Scheduled Tasks' folder
J:\WINDOWS\tasks\Symantec NetDetect.job
J:\WINDOWS\tasks\XoftSpy.job

Completion time: 06-12-03 23:13:40.32
J:\ComboFix.txt ... 06-12-03 23:13


---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 23:02:00 03/12/2006

+ Scan result:



J:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll -> Adware.Minibug : Cleaned.
J:\RECYCLER\NPROTECT\00281738.dll -> Adware.PurityScan : Cleaned.
J:\Program Files\Common Files\Companion Wizard\WapCHK.dll -> Adware.WinAntiVirus : Cleaned.
J:\RECYCLER\NPROTECT\00282501.dat -> Adware.WinAntiVirus : Cleaned.
J:\RECYCLER\NPROTECT\00282502.sys -> Adware.WinAntiVirus : Cleaned.
J:\RECYCLER\NPROTECT\00282503.sys -> Adware.WinAntiVirus : Cleaned.
J:\RECYCLER\NPROTECT\00282504.exe -> Adware.WinAntiVirus : Cleaned.
J:\RECYCLER\NPROTECT\00282506.bin -> Adware.WinAntiVirus : Cleaned.
J:\RECYCLER\NPROTECT\00282507.bin -> Adware.WinAntiVirus : Cleaned.
J:\RECYCLER\NPROTECT\00282508.dll -> Adware.WinAntiVirus : Cleaned.
J:\RECYCLER\NPROTECT\00282509.exe -> Adware.WinAntiVirus : Cleaned.
J:\RECYCLER\NPROTECT\00282513.dll -> Adware.WinAntiVirus : Cleaned.
J:\RECYCLER\NPROTECT\00282514.dat -> Adware.WinAntiVirus : Cleaned.
J:\RECYCLER\NPROTECT\00282515.sys -> Adware.WinAntiVirus : Cleaned.
J:\RECYCLER\NPROTECT\00282516.dll -> Adware.WinAntiVirus : Cleaned.
J:\RECYCLER\NPROTECT\00282517.exe -> Adware.WinAntiVirus : Cleaned.
J:\RECYCLER\NPROTECT\00282518.ini -> Adware.WinAntiVirus : Cleaned.
J:\RECYCLER\NPROTECT\00282519.dll -> Adware.WinAntiVirus : Cleaned.
J:\RECYCLER\NPROTECT\00282521.exe -> Adware.WinAntiVirus : Cleaned.
J:\RECYCLER\NPROTECT\00282522.dll -> Adware.WinAntiVirus : Cleaned.
J:\RECYCLER\NPROTECT\00282524.dll -> Adware.WinAntiVirus : Cleaned.
J:\RECYCLER\NPROTECT\00282525.cpl -> Adware.WinAntiVirus : Cleaned.
J:\RECYCLER\NPROTECT\00282526.dll -> Adware.WinAntiVirus : Cleaned.
J:\RECYCLER\NPROTECT\00282529.dat -> Adware.WinAntiVirus : Cleaned.
J:\RECYCLER\NPROTECT\00282531.dat -> Adware.WinAntiVirus : Cleaned.
J:\RECYCLER\NPROTECT\00282532.dat -> Adware.WinAntiVirus : Cleaned.
J:\RECYCLER\NPROTECT\00282533.dat -> Adware.WinAntiVirus : Cleaned.
J:\RECYCLER\NPROTECT\00282546.exe -> Adware.WinAntiVirus : Cleaned.
J:\RECYCLER\NPROTECT\00282547.exe -> Adware.WinAntiVirus : Cleaned.
J:\RECYCLER\NPROTECT\00282548.swf -> Adware.WinAntiVirus : Cleaned.
J:\RECYCLER\NPROTECT\00282551.exe -> Adware.WinAntiVirus : Cleaned.
J:\RECYCLER\NPROTECT\00282552.exe -> Adware.WinAntiVirus : Cleaned.
J:\RECYCLER\NPROTECT\00282553.exe -> Adware.WinAntiVirus : Cleaned.
J:\RECYCLER\NPROTECT\00282560.sys -> Adware.WinAntiVirus : Cleaned.
J:\RECYCLER\NPROTECT\00282566.dll -> Adware.WinAntiVirus : Cleaned.
J:\RECYCLER\NPROTECT\00287407.dll -> Adware.WinAntiVirus : Cleaned.
J:\WINDOWS\system32\SpOrder.dll -> Adware.WinAntiVirus : Cleaned.
J:\Program Files\Mozilla Firefox\plugins\npclntax.dll -> Adware.Zango : Cleaned.
J:\WINDOWS\system32\mcc.exe -> Downloader.Agent.bca : Cleaned.
J:\Program Files\Common Files\rofi\rofid\vocabulary -> Downloader.TSUpdate.j : Cleaned.
J:\RECYCLER\NPROTECT\00288002.EXE -> Dropper.Small : Cleaned.
J:\RECYCLER\NPROTECT\00287338.DLL -> Not-A-Virus.Downloader.Win32.InsTool.a : Cleaned.
J:\Documents and Settings\USER\Local Settings\Temporary Internet Files\Content.IE5\OFOVY1S7\ErrorSafeNewReleaseInstall[1].cab/UERS_9999_N91S2507NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned.
J:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned.
J:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWAS6_0001_N91M1508NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned.
J:\WINDOWS\Downloaded Program Files\CONFLICT.2\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned.
J:\WINDOWS\Downloaded Program Files\CONFLICT.2\UWAS6_0001_N91M1508NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned.
J:\WINDOWS\Downloaded Program Files\CONFLICT.3\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned.
J:\WINDOWS\Downloaded Program Files\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned.
J:\WINDOWS\Downloaded Program Files\UWAS6_0001_N91M1508NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned.
J:\WINDOWS\Downloaded Program Files\USDR6_0001_D19M2108NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.q : Cleaned.
:mozilla.17:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.247realmedia : Cleaned.
:mozilla.18:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.247realmedia : Cleaned.
:mozilla.19:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.247realmedia : Cleaned.
:mozilla.155:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.20:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.21:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.22:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.23:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.24:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.25:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.26:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.27:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.28:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.29:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.30:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.427:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.428:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.434:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.439:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.463:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.522:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.56:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.6:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.7:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.8:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.9:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.317:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Aavalue : Cleaned.
:mozilla.318:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Aavalue : Cleaned.
:mozilla.319:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Aavalue : Cleaned.
:mozilla.320:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Aavalue : Cleaned.
:mozilla.41:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Aavalue : Cleaned.
:mozilla.810:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Aavalue : Cleaned.
:mozilla.811:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Aavalue : Cleaned.
:mozilla.812:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Aavalue : Cleaned.
:mozilla.59:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Adbrite : Cleaned.
:mozilla.60:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Adbrite : Cleaned.
:mozilla.61:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Adbrite : Cleaned.
:mozilla.75:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Adtech : Cleaned.
:mozilla.76:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Adtech : Cleaned.
:mozilla.135:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Burstnet : Cleaned.
:mozilla.783:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Clickhype : Cleaned.
:mozilla.157:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Com : Cleaned.
:mozilla.799:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Counted : Cleaned.
:mozilla.776:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Cqcounter : Cleaned.
:mozilla.856:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Cqcounter : Cleaned.
:mozilla.204:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Esomniture : Cleaned.
:mozilla.205:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Esomniture : Cleaned.
:mozilla.206:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Esomniture : Cleaned.
:mozilla.207:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Esomniture : Cleaned.
:mozilla.208:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Esomniture : Cleaned.
:mozilla.209:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Esomniture : Cleaned.
:mozilla.210:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Esomniture : Cleaned.
:mozilla.211:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Esomniture : Cleaned.
:mozilla.212:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Esomniture : Cleaned.
:mozilla.213:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Esomniture : Cleaned.
:mozilla.214:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Esomniture : Cleaned.
:mozilla.215:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Esomniture : Cleaned.
:mozilla.216:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Esomniture : Cleaned.
:mozilla.217:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Esomniture : Cleaned.
:mozilla.218:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Esomniture : Cleaned.
:mozilla.219:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Esomniture : Cleaned.
:mozilla.220:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Esomniture : Cleaned.
:mozilla.221:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Esomniture : Cleaned.
:mozilla.222:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Esomniture : Cleaned.
:mozilla.223:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Esomniture : Cleaned.
:mozilla.224:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Esomniture : Cleaned.
:mozilla.225:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Esomniture : Cleaned.
:mozilla.226:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Esomniture : Cleaned.
:mozilla.227:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Esomniture : Cleaned.
:mozilla.228:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Esomniture : Cleaned.
:mozilla.229:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Esomniture : Cleaned.
:mozilla.230:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Esomniture : Cleaned.
:mozilla.231:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Esomniture : Cleaned.
:mozilla.232:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Esomniture : Cleaned.
:mozilla.233:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Esomniture : Cleaned.
:mozilla.234:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Esomniture : Cleaned.
:mozilla.235:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Esomniture : Cleaned.
:mozilla.236:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Esomniture : Cleaned.
:mozilla.237:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Esomniture : Cleaned.
:mozilla.238:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Esomniture : Cleaned.
:mozilla.239:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Esomniture : Cleaned.
:mozilla.240:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Esomniture : Cleaned.
:mozilla.241:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Esomniture : Cleaned.
:mozilla.278:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Estat : Cleaned.
:mozilla.62:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Euroclick : Cleaned.
:mozilla.63:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Euroclick : Cleaned.
:mozilla.310:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Gamershell : Cleaned.
:mozilla.876:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.348:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Hotlog : Cleaned.
:mozilla.830:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Liveperson : Cleaned.
:mozilla.831:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Liveperson : Cleaned.
:mozilla.833:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Onestat : Cleaned.
:mozilla.834:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Onestat : Cleaned.
:mozilla.835:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Onestat : Cleaned.
:mozilla.836:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Onestat : Cleaned.
:mozilla.837:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Onestat : Cleaned.
:mozilla.838:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Onestat : Cleaned.
:mozilla.839:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Onestat : Cleaned.
:mozilla.507:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Overture : Cleaned.
:mozilla.508:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Overture : Cleaned.
:mozilla.527:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Overture : Cleaned.
:mozilla.69:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Pointroll : Cleaned.
:mozilla.70:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Pointroll : Cleaned.
:mozilla.71:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Pointroll : Cleaned.
:mozilla.72:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Pointroll : Cleaned.
:mozilla.541:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Qksrv : Cleaned.
:mozilla.542:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Qksrv : Cleaned.
:mozilla.543:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.544:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.545:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.844:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.845:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.846:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.847:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.848:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.849:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.850:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.851:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.587:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Revenue : Cleaned.
:mozilla.267:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Ru4 : Cleaned.
:mozilla.133:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.606:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.607:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.608:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.609:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.610:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.166:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.167:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.168:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.169:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.815:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Sitestat : Cleaned.
:mozilla.816:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Sitestat : Cleaned.
:mozilla.854:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Sitestat : Cleaned.
:mozilla.855:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Sitestat : Cleaned.
:mozilla.632:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Spylog : Cleaned.
:mozilla.332:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Starware : Cleaned.
:mozilla.333:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Starware : Cleaned.
:mozilla.853:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Starware : Cleaned.
:mozilla.645:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.646:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Tacoda : Cleaned.
:mozilla.680:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.681:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.682:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.580:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Valuead : Cleaned.
:mozilla.581:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Valuead : Cleaned.
:mozilla.582:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Valuead : Cleaned.
:mozilla.583:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Valuead : Cleaned.
:mozilla.584:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Valuead : Cleaned.
:mozilla.706:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Valueclick : Cleaned.
:mozilla.717:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Web-stat : Cleaned.
:mozilla.718:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Web-stat : Cleaned.
:mozilla.719:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Web-stat : Cleaned.
:mozilla.757:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Yadro : Cleaned.
:mozilla.758:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Yadro : Cleaned.
:mozilla.777:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.778:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.779:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.780:J:\RECYCLER\NPROTECT\00287998.MOZ -> TrackingCookie.Yieldmanager : Cleaned.
J:\WINDOWS\hosts -> Trojan.Qhosts.HE : Cleaned.
J:\RECYCLER\NPROTECT\00281755.exe -> Trojan.Small : Cleaned.
J:\RECYCLER\NPROTECT\00282340.exe -> Trojan.Small : Cleaned.
J:\WINDOWS\U2hyZXN0aGE\oZ1VtrhXu3H.vbs -> Trojan.Small : Cleaned.
J:\WINDOWS\system32\wcpsvit.exe -> Trojan.Small : Cleaned.


::Report end

#4 ashish079

ashish079
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:26 AM

Posted 03 December 2006 - 06:22 PM

Logfile of HijackThis v1.99.1
Scan saved at 23:17:43, on 03/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
J:\WINDOWS\System32\smss.exe
J:\WINDOWS\system32\winlogon.exe
J:\WINDOWS\system32\services.exe
J:\WINDOWS\system32\lsass.exe
J:\WINDOWS\system32\svchost.exe
J:\WINDOWS\System32\svchost.exe
J:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
J:\WINDOWS\system32\spoolsv.exe
J:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
J:\Program Files\Norton AntiVirus\navapsvc.exe
J:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
J:\WINDOWS\System32\nvsvc32.exe
J:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
J:\WINDOWS\System32\svchost.exe
J:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
J:\WINDOWS\Explorer.EXE
J:\Program Files\Common Files\Symantec Shared\ccApp.exe
J:\Program Files\Common Files\Real\Update_OB\realsched.exe
J:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
J:\WINDOWS\system32\wscntfy.exe
J:\Program Files\Internet Explorer\iexplore.exe
J:\Program Files\Messenger\msmsgs.exe
G:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 80.1.224.14:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - J:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - J:\PROGRA~1\Spybot\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - J:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - j:\program files\google\googletoolbar2.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - J:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - J:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - j:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ccApp] J:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] J:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Advanced Tools Check] J:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE J:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] J:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [workflow] H:\installs\workflow.exe
O4 - HKLM\..\Run: [TkBellExe] "J:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "J:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [swg] J:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "J:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: Microsoft Office.lnk = J:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://J:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) - http://67.15.101.3/g_bin/eng/snooker_2_0_0_28.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - J:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - J:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - J:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - J:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - J:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - J:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - J:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - J:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - J:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - J:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - J:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - J:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - J:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SCSI Helper Service - Sony Corporation - J:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - J:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - J:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - J:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe



[b]THANKS A LOT FOR YOUR HELP. I REALLY APPRECIATE IT[/b]

#5 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:12:26 PM

Posted 04 December 2006 - 01:24 AM

Looking much better...

Please set your system to show all files.
Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.

Please hide your hidden files and folders afterwards again, when we are done with this thread and your problems are solved, because above instructions to set your system to show all files, unhide legit files and folders as well.
And I don't want you to delete them because they may look suspicious. To hide them again, just perform the above instructions in the opposite way.


Delete next folders:

J:\Program Files\Common Files\Companion Wizard
J:\WA6P

Open notepad and copy and paste next present in the quotebox below in it:
(don't forget to copy and paste REGEDIT4)

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{64EDD259-DA06-49B0-BE6C-A5F68C74FFB2}"=-

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\banmanpro]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\drsmartloadb]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\enewsletterpro]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PayTime]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pro]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shell]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows installer]

Save this as fix.reg Choose to save as *all files and place it on your desktop.
It should look like this: Posted Image
Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes/ok.
(In case you are unsure how to create a reg file, take a look here with screenshots.)

* Clean your Cache and Cookies in IE:
  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Under Browsing History, click "Delete".
  • Click "Delete Files", "Delete cookies" and "Delete history"
  • Click Close below.
* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
  • Go to Tools > Options.
  • Click Privacy in the menu..
  • Click the Clear now button below.. A new window will popup what to clear.
  • Select all and click the Clear button again.
  • Click OK to close the Options window
* Clean other Temporary files + Recycle bin
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.
Update your Sun Java, because previous versions are vulnerable:
Updating Java:
  • Go to Start > Control Panel double-click on the Software icon > add/remove programs.
  • Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )
    It should have next icon next to it: Posted Image
    Select it and click Remove.
  • Then Download and install the newest version from here:http://www.java.com/en/download/manual.jsp
Let me know in your next reply how things are now.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#6 ashish079

ashish079
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:26 AM

Posted 07 December 2006 - 02:50 PM

HI THANKS A LOT FOR YOUR HELP UP TILL NOW. I REALLY APPRECIATE IT. IF ITS NOT TOO MUCH TROUBE THEN COULD YOU PLEASE HELP ME ONE LAST TIME. I DONT KNOW WHY BUT THE PROBLEM SEEMED TO HAVE WORSEN NOW. THE AVG THING YOU TOLD ME DOWNLOAD KEEPS FINDING NEW MALWARE AND ADAWARES AND ON TOP OF THAT MY NORTON ANTIVIRUS KEEPS GETTIN DISABLED WHEN I OPEN MY COMPUTER. I HAVE TO MANUALLY ENABLE IT. AND NO MATTER HOW MANY TIME I REMOVE 888 FROM ADD/REMOVE...I CANT GET RID OF ITS TOOLBAR ON MY IE.
FINALLY THIS IS A PROBLEM IVE BEEN HAVING FOR A WHILE BUT NEVER REALLY CARED MUCH OF IT. BUT IF YOU KNOW WHAT COULD BE WRONG WITH IT THEN IT WOULD BE A GREAT HELP. BASICALLY THE NORMAL WINDOWS FIREWALL ON MY COMPUTER IS ALWAYS DISABLED. EVERYTIME I TRY TO ENABLE IT, IT SAYS THE SECURITY CENTRE COULDNT TURN IT ON. I HAVE INCLUDED MY NEW HIJACK LOG ONCE AGAIN IF THAT WILL HELP. THANKS A LOT ONCE AGAIN





Logfile of HijackThis v1.99.1
Scan saved at 19:42:28, on 07/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
J:\WINDOWS\System32\smss.exe
J:\WINDOWS\system32\winlogon.exe
J:\WINDOWS\system32\services.exe
J:\WINDOWS\system32\lsass.exe
J:\WINDOWS\system32\svchost.exe
J:\WINDOWS\System32\svchost.exe
J:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
J:\WINDOWS\system32\spoolsv.exe
J:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
J:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
J:\WINDOWS\System32\nvsvc32.exe
J:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
J:\WINDOWS\System32\svchost.exe
J:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
J:\WINDOWS\Explorer.EXE
J:\Program Files\Common Files\Symantec Shared\ccApp.exe
J:\Program Files\Common Files\Real\Update_OB\realsched.exe
J:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
J:\Program Files\Common Files\{EC19EE05-03E8-2057-0118-01032403002c}\Update.exe
J:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
J:\WINDOWS\system32\wscntfy.exe
J:\Program Files\Norton AntiVirus\navapsvc.exe
J:\WINDOWS\system32\msiexec.exe
J:\Program Files\Internet Explorer\iexplore.exe
J:\Program Files\Messenger\msmsgs.exe
G:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 80.1.224.14:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - J:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - J:\PROGRA~1\Spybot\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - J:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - J:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - j:\program files\google\googletoolbar2.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - J:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: 888Bar - {C004DEC2-2623-438e-9CA2-C9043AB28508} - J:\PROGRA~1\COMMON~1\{3C19E~1\888Bar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - J:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - j:\program files\google\googletoolbar2.dll
O3 - Toolbar: 888Bar - {C004DEC2-2623-438e-9CA2-C9043AB28508} - J:\PROGRA~1\COMMON~1\{3C19E~1\888Bar.dll
O4 - HKLM\..\Run: [ccApp] J:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] J:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Advanced Tools Check] J:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE J:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] J:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [workflow] H:\installs\workflow.exe
O4 - HKLM\..\Run: [TkBellExe] "J:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "J:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [explorer] J:\Documents and Settings\USER\Desktop\wi.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "J:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] J:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "J:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: Microsoft Office.lnk = J:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://J:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - J:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - J:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} (Installer Class) - http://activex.matcash.com/speedtest2.dll
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) - http://67.15.101.3/g_bin/eng/snooker_2_0_0_28.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - J:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - J:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: hksrv.dll - {A90B2CF5-54B0-4B29-8AFE-5C3F3C37DA30} - hksrv.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - J:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - J:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - J:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - J:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - J:\WINDOWS\system32\msasvc.exe (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - J:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - J:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - J:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - J:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - J:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - J:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - J:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SCSI Helper Service - Sony Corporation - J:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - J:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - J:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - J:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

#7 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:12:26 PM

Posted 07 December 2006 - 03:17 PM

Hello,

Your problem is -- you got reinfected again :flowers:
Most probably you clicked a bad link in messenger or visited a bad site / watched an "infected" movie..

So we have to start all over........ I am going to post instructions again I posted earlier - this to make sure you perform every step in the right order - otherwise this won't work.

Please don't post text with caps-lock on, because it looks like you are shouting and I don't want to become deaf after finishing this thread :thumbsup:

Perform my steps in the right order please.....

* Go to start > controlpanel > software > add/remove programs and uninstall 888Bar and MSN Messenger - Windows Live Messenger (this because it may be infected in this case. You can reinstall it afterwards, after I say that everything is clean again - not before!)

* I asked you in my first post to create a regfix called fix.reg
I hope you still have it, in case you don't, you have to recreate it.
Then doubleclick Fix.reg and when it asks if you want to add it to the registry, click yes/ok

Reboot afterwards! Important!

--------------------
After reboot....

* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following if still present (some entries won't be present anymore):

O2 - BHO: 888Bar - {C004DEC2-2623-438e-9CA2-C9043AB28508} - J:\PROGRA~1\COMMON~1\{3C19E~1\888Bar.dll
O3 - Toolbar: 888Bar - {C004DEC2-2623-438e-9CA2-C9043AB28508} - J:\PROGRA~1\COMMON~1\{3C19E~1\888Bar.dll
O4 - HKLM\..\Run: [explorer] J:\Documents and Settings\USER\Desktop\wi.exe
O4 - Global Startup: Microsoft Office.lnk = J:\Program Files\Microsoft Office\Office10\OSA.EXE
<<= this is a resource hog
O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} (Installer Class) - http://activex.matcash.com/speedtest2.dll
O21 - SSODL: hksrv.dll - {A90B2CF5-54B0-4B29-8AFE-5C3F3C37DA30} - hksrv.dll (file missing)
O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - J:\WINDOWS\system32\msasvc.exe (file missing)


* Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!
Don't worry if some entries won't go away, we'll deal with that later...

* Go to start > run and copy and paste next command in the field:

sc delete MsaSvc Hit enter

---------------------

Update AVG Anti-Spyware
  • Load AVG Anti-Spyware and then click the Update tab at the top. Under Manual Update click Start update.
  • After the update finishes (the status bar at the bottom will display "Update successful")
  • Then click on the Scanner tab at the top. Click the "Settings" tab and then change the recommended action to Quarantine and click Automatically generate report after every scan. Click back to the "Scan" tab and then click on Complete System Scan. This scan can take quite a while to run, so be prepared.
  • AVG Anti-Spyware will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. AVG Anti-Spyware will display "All actions have been applied" on the right hand side.
  • Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).
  • Close AVG Anti-Spyware and reboot!!
    I need the log later.
-------------------------

Doubleclick combofix.exe (you should still have it, cause I asked you to download it previously)
Follow the prompts.
Don't click on the window while the fix is running, because that will cause your system to hang.

When finished and after reboot, it should open a log, combofix.txt.
Post next logs in your following reply:
  • Log from combofix (combofix.txt)
  • Log from AVG Antispyware
  • New HijackThislog
You may need several replies to post the logs in case they won't fit in one reply.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#8 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:12:26 PM

Posted 16 December 2006 - 02:48 PM

Due to the lack of feedback, this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users