Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hotbar + Winantiviruspro + Couple More


  • Please log in to reply
8 replies to this topic

#1 DeLuk

DeLuk

  • Members
  • 228 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Portugal
  • Local time:10:29 AM

Posted 20 April 2007 - 06:44 AM

Hi. :huh:

My brother recently brought a friend's computer for a general revision/cleaning. (It pretty much seemed to be a rather neglected computer, running an expired Panda, last updated October 2005 :huh: not to mention the thousands of Internet temp files, as old as also from 2005 :huh: oh my!)

Anyways, keeping a long story short, I've firstly got rid of a couple known bad apps from Add/Remove Programs (Hotbar related), after which I ran a handful of scanners (Ad-Aware / SpyBot / SUPERAntiSpyware / AVG Anti-Spyware all of which run in Safe Mode + the online scans Panda ActiveScan / eTrust / F-Secure) which seemingly pretty much got it rid of the junk. (Also, afterwards, I've either uninstalled/installed/re-installed/updated a few other programs. As well I've reset System Restore.) Final scans on re-run of Ad-Aware / SpyBot / SUPERAntiSpyware / AVG Anti-Spyware / Panda ActiveScan / Kaspersky Online Scan all came clean.

Now I would very much appreciate if you could please just review the final HJT log just to double check whether there's any remainder in there which needs to be fixed?...

I'm mostly wondering about these entries:


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/search/index.html?src=ssb
O4 - HKLM\..\Run: [NI.UWFX5Z_0001_N660117] "C:\Documents and Settings\susana\Definições locais\Temporary Internet Files\Content.IE5\K1PTYWT7\WinFixer2005FreeInstall_pt[1].exe" -nag
O4 - HKLM\..\Run: [BearShare] "C:\Programas\BearShare\BearShare.exe" /pause
O4 - HKCU\..\Run: [Skype] "C:\Programas\Skype\Phone\Skype.exe" /nosplash /minimized


Note that neither BearShare nor Skype are not installed anylonger. (In fact, both these programs were no longer installed when the computer first got here, thus I assume they were certainly removed by the owner at some point, previously.) Also, I manually removed every leftover folder/file which I found associated with each of these programs, seen that they weren't installed anymore anyways. In any case, I thought I'd add an HJT uninstall list, along with a Windows boot log, for your reference/revision.

Also note that all temp files (from such location as that C:\Documents and Settings\susana\Definições locais\Temporary Internet Files\Content.IE5\, etc), all have been previously cleaned, as I ran CCleaner.

For comparison terms I'm also adding the preliminary HJT log taken before proceeding with the cleanup with those scanners as mentioned above.

As well, I'm adding a summed up list of the malware found by each of the scanners I had run, for your reference:

-----

Ad-Aware

ErrorSafe
WinAntiVirusPro

SpyBot

Winsoftware.WinAntiVirusPro2006
Bearshare
Hotbar
Winsoftware.Common

SUPERAntiSpyware

Trojan.WinAntiSpyware/WinAntiVirus 2006/2007
Trojan.ErrorSafe

Panda ActiveScan

Application/Winantivirus2006
Application/RealSpy

F-Secure and eTrust scans, both came clean

AVG Anti-Spyware

Adware.WinFixer

DrWeb-CureIt (which I used to rid of that RealSpy related file which had been traced by Panda ActiveScan but not eliminated by it; as when submitting this file to scan at VirusTotal, it was reported as detectable by DrWeb, so I considered running this additional scanner to eliminate it, which it did, as reported)

Trojan.Isbar.439

-----

This is no urgent case (as also the computer isn't here at the moment anyways). I'd really just appreciate your analysis of the final log for the sake of a rested conscience.


Then again, and if I may, I'd take the chance to ask about something else; this has nothing to do with the rest, still, I was kinda left intrigued; I wonder if the following folders are normal to exist?

Folder Documents and Settings found in:

C:\Documents and Settings\susana\Desktop\
C:\Documents and Settings\
C:\Documents and Settings\susana\Application Data\

Folder Application Data found in:

C:\Documents and Settings\susana\Desktop\
C:\Documents and Settings\susana\Application Data\
C:\

All these folders are empty, except for C:\Documents and Settings\susana\Desktop\, which does include one single file, a shortcut, My Computer.lnk.

I mean, I could only compare it with our XP Pro, while this friend's computer runs XP Home; yet, all "normal" Documents and Settings and Application Data folders which are on XP Pro, they are also on this XP Home, indeed they are; but these 6 "extra" ones, I did was intrigued by them, and also by the fact that they're empty (except for that one shortcut alone in one of them)... :flowers: I wonder so, are these folders also normal to exist?... Or should they maybe just be deleted, or on the other hand, just be left alone as are, or?...


Thank you so much for your time and help. :thumbsup:


---------------


preliminary HJT log

Logfile of HijackThis v1.99.1
Scan saved at 15:23:02, on 11-04-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programas\Ficheiros comuns\LightScribe\LSSrvc.exe
C:\Programas\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programas\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE
C:\WINDOWS\PowerS.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\sm56hlpr.exe
C:\Programas\HbTools\Bin\4.8.2.0\HbtOEAddOn.exe
C:\Programas\Hbtools\HBTV\HBTV.exe
C:\Programas\HP\HP Software Update\HPWuSchd2.exe
C:\Programas\HbTools\Bin\4.8.2.0\HbtWeatherOnTray.exe
C:\Programas\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programas\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe
C:\Programas\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programas\Prolink\PixelView PlayTV Pro 5.25\TVRMVCR.EXE
C:\Programas\Prolink\PixelView PlayTV Pro 5.25\TVSCHL.EXE
C:\Programas\HP\Digital Imaging\bin\hpqgalry.exe
C:\Programas\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe
C:\Programas\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe
C:\Programas\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe
C:\Programas\Ficheiros comuns\Panda Software\PavShld\pavprsrv.exe
C:\Programas\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe
C:\Programas\Panda Software\Panda Titanium Antivirus 2005\AVENGINE.EXE
C:\Programas\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe
C:\Programas\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\msiexec.exe
C:\Programas\Panda Software\Panda Titanium Antivirus 2005\WebProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programas\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/search/index.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = oi:10
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
O2 - BHO: ShprRprts - {2A8A997F-BB9F-48F6-AA2B-2762D50F9289} - C:\Programas\ShopperReports\Bin\2.0.20\ShprRprt.dll
O2 - BHO: TVEngine Helper /fleok=1D8A83A5C2E6107C91A475760EA83FA5EF80752B9499803B2A2303766A - {4B18DD50-C996-44fc-AC52-0FECFF82ED58} - c:\programas\hbtools\hbtv\hbtvhelper.dll
O2 - BHO: HbTools - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Programas\HbTools\Bin\4.8.2.0\HbtHostIE.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programas\google\googletoolbar3.dll
O3 - Toolbar: H&otbar - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Programas\HbTools\Bin\4.8.2.0\HbtHostIE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programas\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Programas\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [PowerS] C:\WINDOWS\PowerS.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [HbTools] C:\Programas\HbTools\Bin\4.8.2.0\HbtOEAddOn.exe
O4 - HKLM\..\Run: [degrpiyy] C:\WINDOWS\system32\pzxkffoz.exe
O4 - HKLM\..\Run: [NI.UWFX5Z_0001_N660117] "C:\Documents and Settings\susana\Definições locais\Temporary Internet Files\Content.IE5\K1PTYWT7\WinFixer2005FreeInstall_pt[1].exe" -nag
O4 - HKLM\..\Run: [HP Software Update] "C:\Programas\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [WeatherOnTray] C:\Programas\HbTools\Bin\4.8.2.0\HbtWeatherOnTray.exe
O4 - HKLM\..\Run: [BearShare] "C:\Programas\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programas\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programas\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Programas\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Programas\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programas\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Inicialização rápida do HP Image Zone.lnk = C:\Programas\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Remote Controller.lnk = C:\Programas\Prolink\PixelView PlayTV Pro 5.25\TVRMVCR.EXE
O4 - Global Startup: Scheduler.lnk = C:\Programas\Prolink\PixelView PlayTV Pro 5.25\TVSCHL.EXE
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\Programas\ShopperReports\Bin\2.0.20\ShprRprt.dll
O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\Programas\ShopperReports\Bin\2.0.20\ShprRprt.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/ES-ES/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1106842040940
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programas\Ficheiros comuns\LightScribe\LSSrvc.exe
O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Programas\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - C:\Programas\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe
O23 - Service: Panda Pavkre (Pavkre) - Panda Software - C:\Programas\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe
O23 - Service: Panda PavProt (PavProt) - Panda Software - C:\Programas\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Programas\Ficheiros comuns\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Programas\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Panda Preventium+ Service (PREVSRV) - Panda Software - C:\Programas\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Programas\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe


---------------


final HJT log

Logfile of HijackThis v1.99.1
Scan saved at 14:45:06, on 14-04-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programas\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\Programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Programas\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\PowerS.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\sm56hlpr.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe
C:\Programas\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Programas\Prolink\PixelView PlayTV Pro 5.25\TVRMVCR.EXE
C:\Programas\Prolink\PixelView PlayTV Pro 5.25\TVSCHL.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programas\Ficheiros comuns\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programas\Alwil Software\Avast4\ashWebSv.exe
C:\Programas\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programas\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/search/index.html?src=ssb
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = oi:10
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programas\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programas\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [PowerS] C:\WINDOWS\PowerS.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [NI.UWFX5Z_0001_N660117] "C:\Documents and Settings\susana\Definições locais\Temporary Internet Files\Content.IE5\K1PTYWT7\WinFixer2005FreeInstall_pt[1].exe" -nag
O4 - HKLM\..\Run: [BearShare] "C:\Programas\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programas\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Programas\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programas\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Programas\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Remote Controller.lnk = C:\Programas\Prolink\PixelView PlayTV Pro 5.25\TVRMVCR.EXE
O4 - Global Startup: Scheduler.lnk = C:\Programas\Prolink\PixelView PlayTV Pro 5.25\TVSCHL.EXE
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programas\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programas\Ficheiros comuns\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programas\Sygate\SPF\smc.exe


---------------


HJT uninstall list

Actualização de Segurança para o Windows Media Player (KB911564)
Actualização de Segurança para o Windows Media Player 10 (KB911565)
Actualização de Segurança para o Windows Media Player 10 (KB917734)
Actualização de Segurança para o Windows Media Player 6.4 (KB925398)
Actualização de segurança para Windows XP (KB890046)
Actualização de segurança para Windows XP (KB893066)
Actualização de segurança para Windows XP (KB893756)
Actualização de segurança para Windows XP (KB896358)
Actualização de segurança para Windows XP (KB896422)
Actualização de segurança para Windows XP (KB896423)
Actualização de segurança para Windows XP (KB896424)
Actualização de segurança para Windows XP (KB896428)
Actualização de segurança para Windows XP (KB896688)
Actualização de segurança para Windows XP (KB899587)
Actualização de segurança para Windows XP (KB899588)
Actualização de segurança para Windows XP (KB899591)
Actualização de segurança para Windows XP (KB900725)
Actualização de segurança para Windows XP (KB901017)
Actualização de segurança para Windows XP (KB901214)
Actualização de segurança para Windows XP (KB902400)
Actualização de segurança para Windows XP (KB904706)
Actualização de segurança para Windows XP (KB905414)
Actualização de segurança para Windows XP (KB905749)
Actualização de segurança para Windows XP (KB905915)
Actualização de segurança para Windows XP (KB908519)
Actualização de segurança para Windows XP (KB908531)
Actualização de segurança para Windows XP (KB911280)
Actualização de segurança para Windows XP (KB911562)
Actualização de segurança para Windows XP (KB911567)
Actualização de segurança para Windows XP (KB911927)
Actualização de segurança para Windows XP (KB912812)
Actualização de segurança para Windows XP (KB912919)
Actualização de segurança para Windows XP (KB913446)
Actualização de segurança para Windows XP (KB913580)
Actualização de segurança para Windows XP (KB914388)
Actualização de segurança para Windows XP (KB914389)
Actualização de segurança para Windows XP (KB916281)
Actualização de segurança para Windows XP (KB917159)
Actualização de segurança para Windows XP (KB917344)
Actualização de segurança para Windows XP (KB917422)
Actualização de segurança para Windows XP (KB917953)
Actualização de segurança para Windows XP (KB918118)
Actualização de segurança para Windows XP (KB918439)
Actualização de segurança para Windows XP (KB918899)
Actualização de segurança para Windows XP (KB919007)
Actualização de segurança para Windows XP (KB920213)
Actualização de segurança para Windows XP (KB920214)
Actualização de segurança para Windows XP (KB920670)
Actualização de segurança para Windows XP (KB920683)
Actualização de segurança para Windows XP (KB920685)
Actualização de segurança para Windows XP (KB921398)
Actualização de segurança para Windows XP (KB921883)
Actualização de segurança para Windows XP (KB922616)
Actualização de segurança para Windows XP (KB922760)
Actualização de segurança para Windows XP (KB922819)
Actualização de segurança para Windows XP (KB923191)
Actualização de segurança para Windows XP (KB923414)
Actualização de Segurança para Windows XP (KB923689)
Actualização de segurança para Windows XP (KB923694)
Actualização de segurança para Windows XP (KB923980)
Actualização de segurança para Windows XP (KB924191)
Actualização de segurança para Windows XP (KB924270)
Actualização de segurança para Windows XP (KB924496)
Actualização de segurança para Windows XP (KB924667)
Actualização de segurança para Windows XP (KB925454)
Actualização de segurança para Windows XP (KB925486)
Actualização de segurança para Windows XP (KB925902)
Actualização de segurança para Windows XP (KB926255)
Actualização de segurança para Windows XP (KB926436)
Actualização de segurança para Windows XP (KB927779)
Actualização de segurança para Windows XP (KB927802)
Actualização de segurança para Windows XP (KB928090)
Actualização de segurança para Windows XP (KB928255)
Actualização de segurança para Windows XP (KB928843)
Actualização de segurança para Windows XP (KB929969)
Actualização de segurança para Windows XP (KB930178)
Actualização de segurança para Windows XP (KB931261)
Actualização de segurança para Windows XP (KB931784)
Actualização de segurança para Windows XP (KB932168)
Actualização para Windows XP (KB894391)
Actualização para Windows XP (KB896727)
Actualização para Windows XP (KB898461)
Actualização para Windows XP (KB900485)
Actualização para Windows XP (KB910437)
Actualização para Windows XP (KB916595)
Actualização para Windows XP (KB920872)
Actualização para Windows XP (KB922582)
Actualização para Windows XP (KB929338)
Actualização para Windows XP (KB931836)
Ad-Aware SE Personal
Adobe Flash Player ActiveX
Adobe Reader 8 - Português
Adobe Shockwave Player
avast! Antivirus
AVG Anti-Spyware 7.5
Black Gold Teletext Lite
CCleaner (remove only)
C-Media 3D Audio
Driver da Labtec® WebCam
eMule
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
HijackThis 1.99.1
Hotfix for Windows Media Format 11 SDK (KB929399)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Brazilian Portuguese Language Pack
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office FrontPage 2003
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Motorola SM56 Speakerphone Modem
MSXML 4.0 SP2 (KB927978)
Need For Speed Underground Demo
Nero PhotoShow Express
Nero Suite
NetWaiting
Philips TeleText
PixelView PlayTV Pro 5.25
Portable MP3 Player
Realtek AC'97 Audio
S3 S3Chromo
S3 S3Config3D
S3 S3Display
S3 S3Gamma2
S3 S3Info2
S3 S3Overlay
S3 S3RefreshLock
S3 S3TrayPlus
ShowShifter
Spelling Dictionaries Support For Adobe Reader 8
Spybot - Search & Destroy 1.4
SpywareBlaster v3.5.1
SUPERAntiSpyware Free Edition
Sygate Personal Firewall
USB 2.0 Card Reader
VIA Gestor de Dispositivo de Plataforma
VIA Rhine Family Fast Ethernet Adapter
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885626
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893086
Windows XP Service Pack 2


---------------


Windows boot log ntbtlog

Service Pack 2 4 14 2007 14:42:29.500
Controlador carregado \WINDOWS\system32\ntoskrnl.exe
Controlador carregado \WINDOWS\system32\hal.dll
Controlador carregado \WINDOWS\system32\KDCOM.DLL
Controlador carregado \WINDOWS\system32\BOOTVID.dll
Controlador carregado ACPI.sys
Controlador carregado \WINDOWS\System32\DRIVERS\WMILIB.SYS
Controlador carregado pci.sys
Controlador carregado isapnp.sys
Controlador carregado viaidexp.sys
Controlador carregado \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
Controlador carregado MountMgr.sys
Controlador carregado ftdisk.sys
Controlador carregado PartMgr.sys
Controlador carregado VolSnap.sys
Controlador carregado atapi.sys
Controlador carregado viamraid.sys
Controlador carregado \WINDOWS\System32\DRIVERS\SCSIPORT.SYS
Controlador carregado disk.sys
Controlador carregado \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
Controlador carregado fltmgr.sys
Controlador carregado sr.sys
Controlador carregado KSecDD.sys
Controlador carregado Ntfs.sys
Controlador carregado NDIS.sys
Controlador carregado viaagp.sys
Controlador carregado viaagp1.sys
Controlador carregado Teefer.sys
Controlador carregado Mup.sys
Controlador carregado \SystemRoot\System32\DRIVERS\intelppm.sys
Controlador carregado \SystemRoot\system32\DRIVERS\vtmini.sys
Controlador carregado \SystemRoot\system32\DRIVERS\AN983.sys
Controlador carregado \SystemRoot\system32\drivers\BT878.SYS
Controlador carregado \SystemRoot\system32\DRIVERS\smserial.sys
Controlador carregado \SystemRoot\System32\Drivers\Modem.SYS
Controlador carregado \SystemRoot\System32\DRIVERS\imapi.sys
Controlador carregado \SystemRoot\System32\DRIVERS\cdrom.sys
Controlador carregado \SystemRoot\System32\DRIVERS\redbook.sys
Controlador carregado \SystemRoot\System32\DRIVERS\usbuhci.sys
Controlador carregado \SystemRoot\System32\Drivers\vulfnth.sys
Controlador carregado \SystemRoot\System32\DRIVERS\usbehci.sys
Controlador carregado \SystemRoot\system32\drivers\ALCXWDM.SYS
Controlador carregado \SystemRoot\system32\drivers\ALCXSENS.SYS
Controlador carregado \SystemRoot\System32\DRIVERS\fetnd5b.sys
Controlador carregado \SystemRoot\System32\DRIVERS\fdc.sys
Controlador carregado \SystemRoot\System32\DRIVERS\serial.sys
Controlador carregado \SystemRoot\System32\DRIVERS\serenum.sys
Controlador carregado \SystemRoot\System32\DRIVERS\parport.sys
Controlador carregado \SystemRoot\System32\DRIVERS\i8042prt.sys
Controlador carregado \SystemRoot\System32\DRIVERS\mouclass.sys
Controlador carregado \SystemRoot\System32\DRIVERS\kbdclass.sys
Controlador carregado \SystemRoot\System32\DRIVERS\audstub.sys
Controlador carregado \SystemRoot\System32\DRIVERS\rasl2tp.sys
Controlador carregado \SystemRoot\System32\DRIVERS\ndistapi.sys
Controlador carregado \SystemRoot\System32\DRIVERS\ndiswan.sys
Controlador carregado \SystemRoot\System32\DRIVERS\raspppoe.sys
Controlador carregado \SystemRoot\System32\DRIVERS\raspptp.sys
Controlador carregado \SystemRoot\System32\DRIVERS\msgpc.sys
Controlador carregado \SystemRoot\System32\DRIVERS\psched.sys
Controlador carregado \SystemRoot\System32\DRIVERS\ptilink.sys
Controlador carregado \SystemRoot\System32\DRIVERS\raspti.sys
Controlador carregado \SystemRoot\System32\DRIVERS\termdd.sys
Controlador carregado \SystemRoot\System32\DRIVERS\swenum.sys
Controlador carregado \SystemRoot\System32\DRIVERS\update.sys
Controlador carregado \SystemRoot\System32\DRIVERS\mssmbios.sys
Controlador carregado \SystemRoot\System32\Drivers\NDProxy.SYS
O controlador nao foi carregado
\SystemRoot\System32\Drivers\NDProxy.SYS
Controlador carregado \SystemRoot\system32\drivers\BTTUNER.SYS
Controlador carregado \SystemRoot\system32\drivers\BTXBAR.SYS
Controlador carregado \SystemRoot\system32\drivers\MODEMCSA.sys
Controlador carregado \SystemRoot\System32\Drivers\vulfntr.sys
Controlador carregado \SystemRoot\System32\DRIVERS\usbhub.sys
Controlador carregado \SystemRoot\System32\DRIVERS\flpydisk.sys
O controlador nao foi carregado
\SystemRoot\System32\Drivers\lbrtfdc.SYS
O controlador nao foi carregado
\SystemRoot\System32\Drivers\Sfloppy.SYS
O controlador nao foi carregado
\SystemRoot\System32\Drivers\i2omgmt.SYS
O controlador nao foi carregado
\SystemRoot\System32\Drivers\Changer.SYS
O controlador nao foi carregado
\SystemRoot\System32\Drivers\Cdaudio.SYS
Controlador carregado \SystemRoot\System32\Drivers\Fs_Rec.SYS
Controlador carregado \SystemRoot\System32\Drivers\Null.SYS
Controlador carregado \SystemRoot\System32\Drivers\Beep.SYS
Controlador carregado \SystemRoot\System32\DRIVERS\AvgAsCln.sys
Controlador carregado \SystemRoot\System32\drivers\vga.sys
Controlador carregado \SystemRoot\System32\Drivers\mnmdd.SYS
Controlador carregado \SystemRoot\System32\DRIVERS\RDPCDD.sys
Controlador carregado \SystemRoot\System32\Drivers\Msfs.SYS
Controlador carregado \SystemRoot\System32\Drivers\Npfs.SYS
Controlador carregado \SystemRoot\System32\DRIVERS\rasacd.sys
Controlador carregado \SystemRoot\System32\DRIVERS\ipsec.sys
Controlador carregado \SystemRoot\System32\DRIVERS\tcpip.sys
Controlador carregado \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys
Controlador carregado \SystemRoot\System32\Drivers\aswTdi.SYS
Controlador carregado \SystemRoot\System32\DRIVERS\netbt.sys
Controlador carregado \SystemRoot\System32\drivers\afd.sys
Controlador carregado \SystemRoot\System32\DRIVERS\netbios.sys
O controlador nao foi carregado
\SystemRoot\System32\DRIVERS\processr.sys
O controlador nao foi carregado
\SystemRoot\System32\Drivers\PCIDump.SYS
Controlador carregado \??\C:\Programas\SUPERAntiSpyware\SASKUTIL.sys
Controlador carregado \??\C:\Programas\SUPERAntiSpyware\SASDIFSV.SYS
Controlador carregado \SystemRoot\System32\DRIVERS\ipnat.sys
Controlador carregado \SystemRoot\System32\DRIVERS\rdbss.sys
Controlador carregado \SystemRoot\System32\DRIVERS\mrxsmb.sys
Controlador carregado \SystemRoot\System32\DRIVERS\wanarp.sys
Controlador carregado \SystemRoot\System32\Drivers\Fips.SYS
Controlador carregado \??\C:\Programas\Grisoft\AVG Anti-Spyware 7.5\guard.sys
Controlador carregado \SystemRoot\System32\Drivers\Aavmker4.SYS
Controlador carregado \SystemRoot\System32\Drivers\Cdfs.SYS
Controlador carregado \SystemRoot\System32\DRIVERS\ndisuio.sys
Controlador carregado \SystemRoot\SYSTEM32\Drivers\wg3n.sys
Controlador carregado \SystemRoot\SYSTEM32\Drivers\wg4n.sys
Controlador carregado \SystemRoot\SYSTEM32\Drivers\wg5n.sys
Controlador carregado \SystemRoot\SYSTEM32\Drivers\wg6n.sys
Controlador carregado \SystemRoot\System32\Drivers\aswMon2.SYS
O controlador nao foi carregado
\SystemRoot\System32\DRIVERS\rdbss.sys
O controlador nao foi carregado
\SystemRoot\System32\DRIVERS\mrxsmb.sys
Controlador carregado \SystemRoot\system32\drivers\wdmaud.sys
Controlador carregado \SystemRoot\system32\drivers\sysaudio.sys
Controlador carregado \SystemRoot\system32\drivers\splitter.sys
Controlador carregado \SystemRoot\system32\drivers\aec.sys
Controlador carregado \SystemRoot\system32\drivers\swmidi.sys
Controlador carregado \SystemRoot\system32\drivers\DMusic.sys
Controlador carregado \SystemRoot\system32\drivers\kmixer.sys
Controlador carregado \SystemRoot\system32\drivers\drmkaud.sys
Controlador carregado \SystemRoot\System32\DRIVERS\mrxdav.sys
Controlador carregado \SystemRoot\System32\DRIVERS\HSF_FALL.sys
Controlador carregado \SystemRoot\System32\DRIVERS\HSF_FSKS.sys
Controlador carregado \SystemRoot\System32\DRIVERS\HSF_K56K.sys
Controlador carregado \SystemRoot\System32\DRIVERS\srv.sys
Controlador carregado \SystemRoot\System32\DRIVERS\secdrv.sys
Controlador carregado \SystemRoot\System32\DRIVERS\HSF_FAXX.sys
Controlador carregado \SystemRoot\System32\DRIVERS\HSF_TONE.sys
Controlador carregado \SystemRoot\System32\DRIVERS\HSF_V124.sys
O controlador nao foi carregado
\SystemRoot\System32\DRIVERS\ipnat.sys
Controlador carregado \SystemRoot\System32\Drivers\aswRdr.SYS
Controlador carregado \SystemRoot\System32\Drivers\HTTP.sys
Controlador carregado \SystemRoot\system32\drivers\kmixer.sys
Controlador carregado \SystemRoot\system32\drivers\kmixer.sys
Controlador carregado \SystemRoot\system32\drivers\kmixer.sys

(Note: "Controlador carregado" = "driver loaded" / "O controlador nao foi carregado" = "driver was not loaded")

---------------

Edited by DeLuk, 20 April 2007 - 06:46 AM.


BC AdBot (Login to Remove)

 


#2 Falu

Falu

  • Security Colleague
  • 3,001 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:29 AM

Posted 24 April 2007 - 05:01 PM

Hi DeLuk, :flowers:

If you still need help please post a fresh HijackThis log and I'll be happy to look at it for you.

Thanks for your patience. :thumbsup:

#3 DeLuk

DeLuk
  • Topic Starter

  • Members
  • 228 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Portugal
  • Local time:10:29 AM

Posted 25 April 2007 - 04:21 PM

Hi Falu, thank you so much for your reply. :thumbsup:

As I was saying above, this computer isn't here at the moment; do please let me just have my brother bring it back again, and I shall return shortly with a fresh HJT log for your review, ok?

And thanks to you, once more! :flowers:

Edited by DeLuk, 25 April 2007 - 07:16 PM.


#4 DeLuk

DeLuk
  • Topic Starter

  • Members
  • 228 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Portugal
  • Local time:10:29 AM

Posted 22 May 2007 - 06:02 AM

Hi again Falu. :huh:

I'm sorry for the time taken to return. :-S There hasn't been a chance to bring this computer back here. Luckily however I got to get in touch with the owner by e-mail and asked her to send me the required updated HJT log. I'd so appreciate you'd review it, and, whatever remainders may be there requiring to be fixed, I'll then send along detailed instructions to the owner of the computer, so she can proceed accordingly. (I point out those same 4 entries as mentioned in my initial post; don't know if any others?... I see that at this time she has installed some new additional program/toolbar for IE, this SweetIM thing; not too sure whether this is much recommendable to have?... Checking around in a few other threads, I see that this program is usually recommended best not to keep, as seemingly it collects data about the user, hmm... :flowers: Should I rather recommend her to uninstall this SweetIM, then, maybe?... Or?... Also I understand that this program relates with MSN Messenger, and, curiously, she says that lately she's been experiencing some trouble to being able to check her e-mails on MSN Messenger; it may be just a mere coincidence, of course, but, hmm, do you gather one thing may have any connection with the other by some chance?... Hmm, I wonder...)

Thank you so much, once more, for your assistance, and patience. :thumbsup:

-----

HJT log

Logfile of HijackThis v1.99.1
Scan saved at 20:14:23, on 21-05-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programas\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\Programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Programas\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\PowerS.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\sm56hlpr.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programas\Macrogaming\SweetIM\SweetIM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe
C:\Programas\eMule\emule.exe
C:\Programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programas\Ficheiros comuns\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programas\Prolink\PixelView PlayTV Pro 5.25\TVRMVCR.EXE
C:\Programas\Alwil Software\Avast4\ashMaiSv.exe
C:\Programas\Alwil Software\Avast4\ashWebSv.exe
C:\Programas\Prolink\PixelView PlayTV Pro 5.25\TVSCHL.EXE
C:\Programas\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/search/index.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.sweetim.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = oi:10
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programas\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programas\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programas\google\googletoolbar1.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programas\Macrogaming\SweetIMBarForIE\toolbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [PowerS] C:\WINDOWS\PowerS.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [NI.UWFX5Z_0001_N660117] "C:\Documents and Settings\susana\Definições locais\Temporary Internet Files\Content.IE5\K1PTYWT7\WinFixer2005FreeInstall_pt[1].exe" -nag
O4 - HKLM\..\Run: [BearShare] "C:\Programas\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programas\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [SweetIM] C:\Programas\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Programas\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [SweetIM] C:\Programas\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programas\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Programas\eMule\emule.exe -AutoStart
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programas\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Programas\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Remote Controller.lnk = C:\Programas\Prolink\PixelView PlayTV Pro 5.25\TVRMVCR.EXE
O4 - Global Startup: Scheduler.lnk = C:\Programas\Prolink\PixelView PlayTV Pro 5.25\TVSCHL.EXE
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programas\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programas\Ficheiros comuns\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programas\Sygate\SPF\smc.exe

-----

Edited by DeLuk, 22 May 2007 - 06:05 AM.


#5 Falu

Falu

  • Security Colleague
  • 3,001 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:29 AM

Posted 25 May 2007 - 10:07 AM

Hi DeLuk, :thumbsup:

Welcome to BleepingComputer Forums.

Thank you so much, once more, for your assistance, and patience.


You're very welcome.

1.

I see that at this time she has installed some new additional program/toolbar for IE, this SweetIM thing; not too sure whether this is much recommendable to have?... Checking around in a few other threads, I see that this program is usually recommended best not to keep, as seemingly it collects data about the user, hmm... dry.gif Should I rather recommend her to uninstall this SweetIM, then, maybe?... Or?... Also I understand that this program relates with MSN Messenger, and, curiously, she says that lately she's been experiencing some trouble to being able to check her e-mails on MSN Messenger; it may be just a mere coincidence, of course, but, hmm, do you gather one thing may have any connection with the other by some chance?... Hmm, I wonder...)


You can read their EULA here! for more info. If you decide to uninstall it follow the instructions in step 2.

2. See here and here for information about Bearshare; as you see it may create security issues as outsiders are granted access to internal files and it's often bundled with Adware or Spyware.

Click on Start, Settings, Control Panel and double-click on Add or Remove Programs. From within Add or Remove Programs uninstall:

Macrogaming SweetIM<< If you decided to remove it.
Bearshare

3. Some anti-malware programs interfere with fixes when trying to clean your system. Temporarily disable AVG Anti-Spyware as follows:
  • Launch AVG Anti-Spyware by double-clicking its icon on your desktop or in the system tray.
  • The main "Status" menu will appear. Select "Change state" to inactivate 'Resident Shield' and 'Automatic Updates'.
  • Then right click on AVG Anti-Spyware in the system tray and uncheck "Start with Windows".
  • Go to Start > Run and type: services.msc
  • Press "OK".
  • Click the "Extended tab" and scroll down the list to find AVG Anti-Spyware guard.
  • When you find the guard service, double-click on it.
  • In the Properties Window > General Tab that opens, click the "Stop" button.
  • From the drop-down menu next to "Startup Type", click on "Manual".
  • Now click "Apply", then "OK" and close the Services window.
  • Reboot your computer.
  • (After your system is fully cleaned reenable AVG AS using the same steps but this time reverse them.)
4. Download VundoFix.exe to your desktop
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

5. Run HijackThis, click Scan and checkmark the following entries:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = oi:10
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [NI.UWFX5Z_0001_N660117] "C:\Documents and Settings\susana\Definições locais\Temporary Internet Files\Content.IE5\K1PTYWT7\WinFixer2005FreeInstall_pt[1].exe" -nag


If you decided to remove Bearshare checkmark these as well:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/search/index.html?src=ssb
O4 - HKLM\..\Run: [BearShare] "C:\Programas\BearShare\BearShare.exe" /pause


Close all browsers and windows, except for HijackThis and click the Fix Checked button; close HijackThis!

6. Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete the following folder in bold if it still exists:

C:\Programas\BearShare<< If you decided to remove Bearshare.

7. Download ATF Cleaner by Atribune.

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

8. Finally run the F-Secure Online Scanner
Note: This Scanner is for Internet Explorer Only!
Follow the Instruction here for installation.
Accept the License Agreement.
Once the ActiveX installs,Click Full System Scan
Once the download completes, the scan will begin automatically.
The scan will take some time to finish, so please be patient.
When the scan completes, click the Automatic cleaning (recommended) button.
Click the Show Report button and Copy&Paste the entire report in your next reply.

Please reboot and post the F-Secure report together with C:\vundofix.txt and a fresh HIjackThis log!

#6 DeLuk

DeLuk
  • Topic Starter

  • Members
  • 228 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Portugal
  • Local time:10:29 AM

Posted 29 May 2007 - 11:26 AM

Hi again Falu, thanks for your reply. :huh:

I shall now forward these new instructions to the owner of the pc, for her to proceed accordingly. I apologise already, though, for the time I may take to get back with the new reports as requested, as I'll now have to wait untill she completes the instructions and then sends me the logs; I ask for your comprehension on this.

-----

Then again, in the meantime, a couple notes, which I believe you may have missed, from my previous posts... :huh:

Regarding BearShare:

Note that neither BearShare nor Skype are not installed anylonger. (In fact, both these programs were no longer installed when the computer first got here, thus I assume they were certainly removed by the owner at some point, previously.) Also, I manually removed every leftover folder/file which I found associated with each of these programs, seen that they weren't installed anymore anyways.


The only BearShare leftovers remaining are indeed only those entries showing on HJT, which shall then be fixed now, of course:


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/search/index.html?src=ssb
O4 - HKLM\..\Run: [BearShare] "C:\Programas\BearShare\BearShare.exe" /pause


And then speaking of Skype, as I was saying, as this program is no longer installed either, and all other related leftovers were previously removed as well, please do only confirm whether the entry referring to it on HJT can be checkmarked for fixing too:


O4 - HKCU\..\Run: [Skype] "C:\Programas\Skype\Phone\Skype.exe" /nosplash /minimized


-----

Also, a doubt: step 7 refers to running AFT Cleaner. I wonder if it is ok if CCleaner is used instead? This is the temp files cleaner that I use myself, and, as mentioned in my initial post, also the one that I have then installed on this other computer.

Also note that all temp files (from such location as that C:\Documents and Settings\susana\Definições locais\Temporary Internet Files\Content.IE5\, etc), all have been previously cleaned, as I ran CCleaner.


So I wonder, if this step can be completed by using CCleaner instead, or is it mandatory that ATF Cleaner is used?

-----

Then, a bit of curiosity of my own, arising from your instructions. As I use to say (in my humble ignorance), asking is one step forward to learning, right? :huh: Do allow me to ask, then... You mention about VundoFix. Which, I assume, implies that some (remaining?) trace of the infamous Vundo infection has been detected, in your analisis, yes? Might I be curious, then, to ask what (remaining?) trace of Vundo was it, that was detected?... Any entry on HJT?... (Or will we be running VundoFix rather for double-checking/precaution, to make sure that all of it is gone by now? I understand that those references to WinFixer and WinAntiSpyware, as reported by AVG Anti-Spyware and SUPERAntiSpyware, relate to Vundo infections, correct?)

Also I wonder, by any chance, does the entry R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = oi:10 have any connection with that, too? Otherwise, just what does that entry refer to anyway (and then, why is it being fixed)? :flowers: Couldn't seem to find much about it...

-----

Lastly, also allow me to repeat my "off-topic curiosity" from my initial post, if I may (I know this is not pertinent to the main subject, yet, I do indeed keep curious about this)... :huh:

I'd take the chance to ask about something else; this has nothing to do with the rest, still, I was kinda left intrigued; I wonder if the following folders are normal to exist?

Folder Documents and Settings found in:


C:\Documents and Settings\susana\Desktop\
C:\Documents and Settings\
C:\Documents and Settings\susana\Application Data\


Folder Application Data found in:


C:\Documents and Settings\susana\Desktop\
C:\Documents and Settings\susana\Application Data\
C:\


All these folders are empty, except for C:\Documents and Settings\susana\Desktop\, which does include one single file, a shortcut, My Computer.lnk.

I mean, I could only compare it with our XP Pro, while this friend's computer runs XP Home; yet, all "normal" Documents and Settings and Application Data folders which are on XP Pro, they are also on this XP Home, indeed they are; but these 6 "extra" ones, I did was intrigued by them, and also by the fact that they're empty (except for that one shortcut alone in one of them)... :thumbsup: I wonder so, are these folders also normal to exist?... Or should they maybe just be deleted, or on the other hand, just be left alone as are, or?...


-----

One time again, thank you greatly, for your time and help! :huh:

Edited by DeLuk, 29 May 2007 - 11:30 AM.


#7 Falu

Falu

  • Security Colleague
  • 3,001 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:29 AM

Posted 31 May 2007 - 07:39 AM

Hi DeLuk, :thumbsup:

I shall now forward these new instructions to the owner of the pc, for her to proceed accordingly. I apologise already, though, for the time I may take to get back with the new reports as requested, as I'll now have to wait untill she completes the instructions and then sends me the logs; I ask for your comprehension on this.


No problem, I'll see them whenever she's ready.

1.

And then speaking of Skype, as I was saying, as this program is no longer installed either, and all other related leftovers were previously removed as well, please do only confirm whether the entry referring to it on HJT can be checkmarked for fixing too:

O4 - HKCU\..\Run: [Skype] "C:\Programas\Skype\Phone\Skype.exe" /nosplash /minimized


Yes you may. I think you should wait for the reports/logs and we deal with that entry together with possible others.

2.

Also, a doubt: step 7 refers to running AFT Cleaner. I wonder if it is ok if CCleaner is used instead? This is the temp files cleaner that I use myself, and, as mentioned in my initial post, also the one that I have then installed on this other computer.


I use ATF Cleaner since it does a better job.

3.

Which, I assume, implies that some (remaining?) trace of the infamous Vundo infection has been detected, in your analisis, yes? Might I be curious, then, to ask what (remaining?) trace of Vundo was it, that was detected?... Any entry on HJT?...


This one refers to Winfixer: O4 - HKLM\..\Run: [NI.UWFX5Z_0001_N660117] "C:\Documents and Settings\susana\Definições locais\Temporary Internet Files\Content.IE5\K1PTYWT7\WinFixer2005FreeInstall_pt[1].exe" -nag

and is fixed with VundoFix.

4.

Also I wonder, by any chance, does the entry R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = oi:10 have any connection with that, too? Otherwise, just what does that entry refer to anyway (and then, why is it being fixed)? unsure.gif Couldn't seem to find much about it...


I couldn't find anything either. The point is that it means nothing, so probably is a leftover of some kind, so may be fixed.
Furthermore it's obvious you didn't set it.

5. Regarding your question about the Documents and Settings/Application Data - folder.

For security reasons the computer should be set to hide some specific folders/files. This means that you can see C:\Documents and Settings\susana\Desktop\
but not the Application Data-folder, since that one is hidden; should be hidden that is. Some of the folders may be empty for the same reason.

I suggest that you check the settings: Click Start >My Computer > Tools > Folder Options >View. Check "Show hidden files and folders", uncheck "Hide protected operating system files" and "Hide extensions for known file types". Click "Apply to all folders" >Apply then OK. Now you can see whatever is in all those folders.
Remember that it's best to reset the computer to hide specific folders/files; reverse the instructions to do that.

#8 DeLuk

DeLuk
  • Topic Starter

  • Members
  • 228 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Portugal
  • Local time:10:29 AM

Posted 05 June 2007 - 10:27 AM

Thank you, Falu, for further reply. :huh:

No reports yet, I'm sorry... :huh:

Still, I'd have a couple questions on my own, if I may?...

This one refers to Winfixer: O4 - HKLM\..\Run: [NI.UWFX5Z_0001_N660117] "C:\Documents and Settings\susana\Definições locais\Temporary Internet Files\Content.IE5\K1PTYWT7\WinFixer2005FreeInstall_pt[1].exe" -nag

and is fixed with VundoFix.


Sorry for yet this remaining doubt, but, by saying that *this* is fixed with VundoFix, do you mean to refer to the file itself (C:\Documents and Settings\susana\Definições locais\Temporary Internet Files\Content.IE5\K1PTYWT7\WinFixer2005FreeInstall_pt[1].exe) which VundoFix is due to eliminate, or to the entry in the registry (HKLM\..\Run: [NI.UWFX5Z_0001_N660117] "C:\Documents and Settings\susana\Definições locais\Temporary Internet Files\Content.IE5\K1PTYWT7\WinFixer2005FreeInstall_pt[1].exe" -nag) which VundoFix is due to fix?

Doubt comes from the fact that, in step 5 of your instructions, (after in previous step 4, instructions being to run VundoFix), among the entries to fix in HJT, entry O4 - HKLM\..\Run: [NI.UWFX5Z_0001_N660117] "C:\Documents and Settings\susana\Definições locais\Temporary Internet Files\Content.IE5\K1PTYWT7\WinFixer2005FreeInstall_pt[1].exe" -nag is also still referred for fixing. I suppose then that VundoFix does not fix that entry in the registry?... (Otherwise it wouldn't be referred to be fixed in HJT in the following step, if it had been fixed in the previous step when running VundoFix, correct? Or?...)

But then again, so, if VundoFix is indeed being run with solely the objective to eliminate the file C:\Documents and Settings\susana\Definições locais\Temporary Internet Files\Content.IE5\K1PTYWT7\WinFixer2005FreeInstall_pt[1].exe, I wonder then whether that would eventually be an unnecessary/skippable step (?) since, as I mentioned previously, this file no longer exists in fact, (as all temp files in such temp directories have actually been deleted previously, when running CCleaner), or?... (Or should VundoFix still be run even in this case that the file does no longer exist; for, as I said before, precaution/double-checking?... Please do advise.)

-----

Also, regarding my question about the Documents and Settings and Application Data folders, I believe you may perhaps have missed my doubt, or perhaps I missed to explain it in the best way (I'm sorry!)... :huh:

5. Regarding your question about the Documents and Settings/Application Data - folder.

For security reasons the computer should be set to hide some specific folders/files. This means that you can see C:\Documents and Settings\susana\Desktop\
but not the Application Data-folder, since that one is hidden; should be hidden that is. Some of the folders may be empty for the same reason.

I suggest that you check the settings: Click Start >My Computer > Tools > Folder Options >View. Check "Show hidden files and folders", uncheck "Hide protected operating system files" and "Hide extensions for known file types". Click "Apply to all folders" >Apply then OK. Now you can see whatever is in all those folders.
Remember that it's best to reset the computer to hide specific folders/files; reverse the instructions to do that.


Yes, I do know and am aware that some specific folders and files are set to be hidden for security reasons. :huh: And in fact, actually I did all my searches having hidden files showing. :flowers:

Do allow me to re-explain my doubt, then. :huh: What I meant before was that, besides all the Documents and Settings and Application Data folders which normally exist in Windows (at least comparing with our XP Pro, though this friend's computer runs XP Home, and I'm not aware whether there is any difference in this between both OS's), there are these 6 "extra" (?) folders, namely:



C:\Documents and Settings\susana\Desktop\Documents and Settings\
C:\Documents and Settings\Documents and Settings\
C:\Documents and Settings\susana\Application Data\Documents and Settings\

C:\Documents and Settings\susana\Desktop\Application Data\
C:\Documents and Settings\susana\Application Data\Application Data\
C:\Application Data\


Note: Before, when I said:

All these folders are empty, except for C:\Documents and Settings\susana\Desktop\, which does include one single file, a shortcut, My Computer.lnk


Erroneously, I missed to write the full path I meant, which was C:\Documents and Settings\susana\Desktop\Application Data\, and not C:\Documents and Settings\susana\Desktop\, I'm terribly sorry for this fault, which I hope has not misled you in interpreting my question in the first place. :o

But so, as I was saying before, all these folders are indeed empty, except for C:\Documents and Settings\susana\Desktop\Application Data\, which does include that one single file, My Computer.lnk. Also, all folders are actually visible, except for C:\Application Data\, which is the only one set as hidden.

Thus I go on wondering... are these 6 folders normal to exist, after all, or?... :thumbsup: Really got me intrigued...

-----

Ah! And I was only wondering also; you said:

I use ATF Cleaner since it does a better job.


I wonder then (just for the sake of knowing :)), would it be ok to have installed, simultaneously, more than one of these temp files cleaners (for checking out how each works, in comparison, untill finally deciding for one of them eventually)?... (Or would such not be recommendable at all?... Might it cause conflicts whatsoever?...)


Once more, thank you so much, for your patience. :)

Edited by DeLuk, 05 June 2007 - 12:02 PM.


#9 DeLuk

DeLuk
  • Topic Starter

  • Members
  • 228 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Portugal
  • Local time:10:29 AM

Posted 02 July 2007 - 01:16 PM

Greetings Falu. :huh:

I'm sorry to say, but there has been no reply to me from the owner of this computer with regards to this final fix, so I believe this is a "dead" case by now (over a month has passed already)... :-S I greatly apologise for having troubled you and taken of your precious time in vain, as it's been, I'm truly sorry. :flowers:

So, at the end of it, I stick only to my own personal "curiosities": regarding those "weird" Documents and Settings and Application Data folders which do intrigue me; and as well regarding having installed more than one temp files cleaners simultaneously. I do would still appreciate your further enlightenment with regards to both these, as I say, "curiosities" of mine; thank you. :huh:

Other than that, so I believe you may close this topic now, if you see fit, please do. (If by chance there's ever again any feedback from the owner of this computer, I'll then ask you to please re-open the thread.) Once more, thank you so much for your help and kindest patience. :thumbsup: (And once more as well, I'm sorry indeed, to have bothered you with a topic for nothing. :-S)

All the best and cheers to BC!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users