Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Winantispyware, Drivecleaner & Gomyron - No I.e.


  • Please log in to reply
7 replies to this topic

#1 Ann G.

Ann G.

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:11 AM

Posted 26 May 2007 - 04:49 PM

Hello any lifesavers!

I am so very new to p.c. and I couldn't follow the directions because there are capitol letters that refer to something p.c. wise and I don't know what they mean.

I have About & c/net newsletters that help me learn a little more, but they, too, figure that's something everybody knows. (Not).

I have a Pentium III with Windows XP Pro Service Pack 2, and I don't think I have, (Don't know how to check it), enough memory to have completed the Corporate Pest Patrol I downloaded because I can't find it anywhere.

I run Pest Patrol, SpyBot S & D, Spyware Blaster/Guard, Lavasoft Ad-aware personal and Symanatec, which has caught nothing - ever.

I did everything you said to do, (I hope), but if I can't find Corporate Pest Patrol in my p.c., I don't think I had enough memory to complete it, so I guess I've really only got the other free ones, mentioned. If that's the case, I won't be able to download Panda, either.

I read somewhere, that I need to use I.E. 6 for this, but I can't access it.

I.E. says: Gomyron andWinAntispyware and also DriveCleaner plus Error.

Odd, after the "Corporate" Disk seemed to have finished it's noise, I suddenly had MozzilaFirefox again! (Coincidence?).
I am really sorry I am so ignorant and am trying to do everything right and so I hope someone will help me with this. It's sure dampened my love of surfing and using Hotmail - that's all I've got on here, so it's all I use. I have one of those antivirus free downloads, supposed to protect my browser, too.

I'll post, (I hope!), my HJT log, now and maybe somebody will understand it!

You have no idea how happy I will be, if you can explain this nasty stuff that has my p.c. messed up and let me email my grandkids, again!

Yours,

Ann
Logfile of HijackThis v1.99.1
Scan saved at 2:15:01 PM, on 23/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\IObit\Advanced WindowsCare V2\Awc.exe
C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Outlook Express\msimn.exe
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gomyron.com/MTE3MTA=/2/3948/free1/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKLM\..\Run: [Advanced WindowsCare V2 Personal] "C:\Program Files\IObit\Advanced WindowsCare V2\Awc.exe" /startup
O4 - HKLM\..\Run: [SmartDefrag] "C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /startup
O4 - HKLM\..\Run: [RAMBooster.Net] C:\Program Files\RAMBooster.Net\RAMBooster.exe -m
O4 - HKLM\..\Run: [sclick] C:\Program Files\WinMsg\sclick.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by106fd.bay106.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1175008582056
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

Oh my! What a mess!

I think a person reads this and emails me the understandable fix.

Bless you and many thanks.

Ann

BC AdBot (Login to Remove)

 


#2 didom

didom

  • Members
  • 1,389 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:11 PM

Posted 27 May 2007 - 07:37 AM

R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll

Have you installed that toolbar yourself? If so... you want to keep it? (link)

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Step #1

Scan again with HijackThis and check the following items:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gomyron.com/MTE3MTA=/2/3948/free1/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O4 - HKLM\..\Run: [sclick] C:\Program Files\WinMsg\sclick.exe

After checking these items, close all browser windows except HijackThis and click "Fix checked".

Step #2

We need to make sure all hidden files are showing so please:
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View tab.
  • Under the Hidden files and folders heading select Show hidden files and folders.
  • Uncheck the Hide file extensions for known types option.
  • Uncheck the Hide protected operating system files (recommended) option.
  • Click Yes to confirm.
  • Click OK.
Step #3

Reboot Your System in Safe Mode:
  • Restart the computer.
  • As soon as BIOS is loaded begin tapping the F8 key until the Advanced Options menu appears.
  • Use the arrow keys to select the Safe Mode menu item.
  • Press the Enter key.
Step #4

Find and delete this folder (if they are still there):
C:\Program Files\WinMsg <= this folder


Reboot your computer normally.

Step #5

Download Combofix to your desktop.
Doubleclick combofix.exe
Follow the prompts.
Don't click on the window while the fix is running, because that will cause your system to hang.

When finished and after reboot (in case it asks to reboot), it should open a log, combofix.txt.
Post this log in your next reply together with a new hijackthislog.
Do NOT post the ComboFix-quarantined-files.txt - unless I ask you to.

Use the Add Reply button to post your new logs back here along with details of any problems you encountered performing the above steps and I will review it when it comes in.

Edited by didom, 27 May 2007 - 07:38 AM.


#3 Ann G.

Ann G.
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:11 AM

Posted 02 June 2007 - 01:46 PM

Hi Didom:

I followed your instructions but can't open the files for HJT & Combofix because they're PFiles. (?) I downloaded Adobe Reader, but they still won't open. I don't know what else to do so that I can open them and send them to you. (There's Newbie and then there's me).

I can't thank you enough for your help and patience!

I did see that I.E. icon came up on screen, after running Comboifix but when opened, it's says "Blank" so
I still can't use it, if needed for this process.

Looking forward to your reply.

Ann

:thumbsup:

#4 didom

didom

  • Members
  • 1,389 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:11 PM

Posted 03 June 2007 - 06:16 AM

Please download DAFT and save it to your desktop:
  • Double-click the daft.exe icon. Read the disclaimer and click OK.
  • Click on the Scan button.
  • Place a checkmark next to the following entries:

    .txt

  • Click the Fix button.
  • Re-scan and save a logfile. By default, it will save as daft.txt.
Post the contents of that logfile with your next post.

#5 Ann G.

Ann G.
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:11 AM

Posted 07 June 2007 - 02:00 PM

Didom - thanks!

Hope this is what you need to see:

"Anne" - 2007-06-02 11:39:12 Service Pack 2 NTFS
ComboFix 07-06-2.5.Ex - Running from: "C:\Documents and Settings\Anne\My Documents\"


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\kdflu.exe


((((((((((((((((((((((((( Files Created from 2007-05-02 to 2007-06-02 )))))))))))))))))))))))))))))))


2007-06-02 11:00 <DIR> d-------- C:\backups
2007-05-30 18:20 <DIR> d-------- C:\Program Files\CCleaner
2007-05-30 15:39 <DIR> d-------- C:\WINDOWS\pss
2007-05-22 20:04 159,744 --a------ C:\WINDOWS\system32\lfpng13n.dll
2007-05-16 12:03 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2007-05-10 01:14 218,112 --a------ C:\HijackThis.exe
2007-05-09 14:21 <DIR> d-------- C:\Program Files\Advanced Spyware Remover
2007-05-05 18:05 <DIR> d-------- C:\Program Files\YourWare Solutions
2007-05-04 10:19 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
2007-05-04 10:19 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll
2007-05-04 10:19 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
2007-05-04 10:19 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
2007-05-04 10:19 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
2007-05-04 10:19 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
2007-05-04 10:19 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
2007-05-04 10:19 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-02 15:49:53 -------- d-----w C:\Program Files\PestPatrol
2007-05-30 21:37:55 -------- d-----w C:\Program Files\SpywareGuard
2007-05-30 21:19:19 -------- d-----w C:\Program Files\SpywareBlaster
2007-05-30 20:54:12 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-05-30 20:54:09 -------- d-----w C:\Program Files\Symantec
2007-05-29 12:26:27 1,740 ----a-w C:\WINDOWS\system32\d3d8caps.dat
2007-05-28 01:01:59 -------- d-----w C:\Program Files\Macrogaming
2007-05-15 17:37:36 -------- d-----w C:\Program Files\Common Files\Scanner
2007-05-05 16:42:54 -------- d-----w C:\DOCUME~1\Anne\APPLIC~1\Image Zone Express
2007-04-28 21:29:36 -------- d-----w C:\DOCUME~1\Anne\APPLIC~1\Sammsoft
2007-04-28 17:17:20 -------- d-----w C:\Program Files\Windows Media Connect 2
2007-04-26 16:40:40 -------- d-----w C:\Program Files\Common Files\InstallShield
2007-04-24 17:41:45 -------- d-----w C:\DOCUME~1\Anne\APPLIC~1\Help
2007-04-23 17:07:38 -------- d-----w C:\Program Files\IObit
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 21:12:59 -------- d-----w C:\Program Files\WebmailRetrieverHotmail
2007-04-16 01:08:00 -------- d--h--r C:\DOCUME~1\Anne\APPLIC~1\yahoo!
2007-04-15 20:27:18 112,897 ----a-w C:\WINDOWS\hpoins07.dat
2007-04-15 20:16:23 -------- d-----w C:\Program Files\HP
2007-04-15 20:11:05 -------- d-----w C:\Program Files\Common Files\Hewlett-Packard
2007-04-15 19:47:50 -------- d-----w C:\DOCUME~1\Anne\APPLIC~1\HP
2007-04-14 07:22:34 -------- d-----w C:\Program Files\Common Files\Real
2007-04-12 23:38:15 -------- d-----w C:\DOCUME~1\Anne\APPLIC~1\Real
2007-04-12 23:24:56 -------- d-----w C:\Program Files\Real
2007-04-07 00:14:52 -------- d-----w C:\DOCUME~1\Anne\APPLIC~1\Lavasoft
2007-04-07 00:13:27 -------- d-----w C:\Program Files\Lavasoft
2007-04-06 20:01:56 -------- d-----w C:\Program Files\Yahoo!
2007-04-05 13:22:56 -------- d-----w C:\Program Files\a-squared Anti-Malware
2007-04-04 16:08:43 1,407 ----a-w C:\WINDOWS\mozver.dat
2007-04-02 18:48:32 -------- d-----w C:\Program Files\Google
2007-04-02 18:19:28 -------- d-----w C:\Program Files\MSXML 4.0
2007-04-02 14:27:30 -------- d-----w C:\Program Files\Opera
2007-04-02 14:10:10 0 ----a-w C:\WINDOWS\nsreg.dat
2007-04-01 15:23:08 90,643 ----a-w C:\WINDOWS\hpiins01.dat
2007-03-26 20:40:00 0 --sh--r C:\MSDOS.SYS
2007-03-26 20:40:00 0 --sh--r C:\IO.SYS
2007-03-26 20:40:00 0 ------w C:\CONFIG.SYS
2007-03-26 20:40:00 0 ------w C:\AUTOEXEC.BAT
2007-03-26 20:31:18 21,640 ----a-w C:\WINDOWS\system32\emptyregdb.dat
2007-03-23 10:07:56 1,683,280 ------w C:\WINDOWS\system32\XpsSvcs.dll
2007-03-23 10:07:54 583,504 ------w C:\WINDOWS\system32\XPSSHHDR.dll
2007-03-23 00:25:02 124,928 ------w C:\WINDOWS\system32\prntvpt.dll
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{53707962-6F74-2D53-2644-206D7942484F}=C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2005-05-31 01:04]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PestPatrol Control Center"="C:\PROGRA~1\PESTPA~1\PPControl.exe" [2004-11-15 11:49]
"PestPatrolCL"="" []
"PPMemCheck"="C:\PROGRA~1\PESTPA~1\PPMemCheck.exe" [2003-04-19 07:53]
"CookiePatrol"="C:\PROGRA~1\PESTPA~1\CookiePatrol.exe" [2005-01-10 09:35]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-09-24 00:08]
"eTrustPPAP"="C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe" []
"Advanced WindowsCare V2 Personal"="C:\Program Files\IObit\Advanced WindowsCare V2\Awc.exe" [2006-12-17 22:20]
"SmartDefrag"="C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" [2007-02-04 22:59]
"RAMBooster.Net"="C:\Program Files\RAMBooster.Net\RAMBooster.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 08:00]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2006-01-24 11:37]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24]
"FreeRAM XP"="C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2006-03-23 00:13]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoResolveSearch"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*


Contents of the 'Scheduled Tasks' folder
2007-06-02 15:51:02 C:\WINDOWS\tasks\SmartDefrag.job

**************************************************************************

catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-02 11:49:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
MsnMsgr = "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background?g

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-02 11:53:40 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-06-02 11:53

--- E O F ---


Logfile of HijackThis v1.99.1
Scan saved at 10:57:31 AM, on 02/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\IObit\Advanced WindowsCare V2\Awc.exe
C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gomyron.com/MTE3MTA=/2/3948/free1/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKLM\..\Run: [Advanced WindowsCare V2 Personal] "C:\Program Files\IObit\Advanced WindowsCare V2\Awc.exe" /startup
O4 - HKLM\..\Run: [SmartDefrag] "C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /startup
O4 - HKLM\..\Run: [RAMBooster.Net] C:\Program Files\RAMBooster.Net\RAMBooster.exe -m
O4 - HKLM\..\Run: [sclick] C:\Program Files\WinMsg\sclick.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by106fd.bay106.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1175008582056
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe



"Anne" - 2007-06-07 13:50:52 Service Pack 2 NTFS
ComboFix 07-06-2.5.Ex - Running from: "C:\Documents and Settings\Anne\My Documents\"


((((((((((((((((((((((((( Files Created from 2007-05-07 to 2007-06-07 )))))))))))))))))))))))))))))))


2007-06-02 11:53 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-02 11:00 <DIR> d-------- C:\backups
2007-05-30 18:20 <DIR> d-------- C:\Program Files\CCleaner
2007-05-30 15:39 <DIR> d-------- C:\WINDOWS\pss
2007-05-22 20:04 159,744 --a------ C:\WINDOWS\system32\lfpng13n.dll
2007-05-16 12:03 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2007-05-10 01:14 218,112 --a------ C:\HijackThis.exe
2007-05-09 14:21 <DIR> d-------- C:\Program Files\Advanced Spyware Remover


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-07 17:17:05 -------- d-----w C:\Program Files\PestPatrol
2007-05-30 21:37:55 -------- d-----w C:\Program Files\SpywareGuard
2007-05-30 21:19:19 -------- d-----w C:\Program Files\SpywareBlaster
2007-05-30 20:54:12 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-05-30 20:54:09 -------- d-----w C:\Program Files\Symantec
2007-05-29 12:26:27 1,740 ----a-w C:\WINDOWS\system32\d3d8caps.dat
2007-05-28 01:01:59 -------- d-----w C:\Program Files\Macrogaming
2007-05-15 17:37:36 -------- d-----w C:\Program Files\Common Files\Scanner
2007-05-05 22:05:18 -------- d-----w C:\Program Files\YourWare Solutions
2007-05-05 16:42:54 -------- d-----w C:\DOCUME~1\Anne\APPLIC~1\Image Zone Express
2007-04-28 21:29:36 -------- d-----w C:\DOCUME~1\Anne\APPLIC~1\Sammsoft
2007-04-28 17:17:20 -------- d-----w C:\Program Files\Windows Media Connect 2
2007-04-26 16:40:40 -------- d-----w C:\Program Files\Common Files\InstallShield
2007-04-24 17:41:45 -------- d-----w C:\DOCUME~1\Anne\APPLIC~1\Help
2007-04-23 17:07:38 -------- d-----w C:\Program Files\IObit
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 02:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 02:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 02:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 02:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 02:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 02:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 02:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 02:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-16 21:12:59 -------- d-----w C:\Program Files\WebmailRetrieverHotmail
2007-04-16 01:08:00 -------- d--h--r C:\DOCUME~1\Anne\APPLIC~1\yahoo!
2007-04-15 20:27:18 112,897 ----a-w C:\WINDOWS\hpoins07.dat
2007-04-15 20:16:23 -------- d-----w C:\Program Files\HP
2007-04-15 20:11:05 -------- d-----w C:\Program Files\Common Files\Hewlett-Packard
2007-04-15 19:47:50 -------- d-----w C:\DOCUME~1\Anne\APPLIC~1\HP
2007-04-14 07:22:34 -------- d-----w C:\Program Files\Common Files\Real
2007-04-12 23:38:15 -------- d-----w C:\DOCUME~1\Anne\APPLIC~1\Real
2007-04-12 23:24:56 -------- d-----w C:\Program Files\Real
2007-04-07 00:14:52 -------- d-----w C:\DOCUME~1\Anne\APPLIC~1\Lavasoft
2007-04-07 00:13:27 -------- d-----w C:\Program Files\Lavasoft
2007-04-04 16:08:43 1,407 ----a-w C:\WINDOWS\mozver.dat
2007-04-02 14:10:10 0 ----a-w C:\WINDOWS\nsreg.dat
2007-04-01 15:23:08 90,643 ----a-w C:\WINDOWS\hpiins01.dat
2007-03-26 20:40:00 0 --sh--r C:\MSDOS.SYS
2007-03-26 20:40:00 0 --sh--r C:\IO.SYS
2007-03-26 20:40:00 0 ------w C:\CONFIG.SYS
2007-03-26 20:40:00 0 ------w C:\AUTOEXEC.BAT
2007-03-26 20:31:18 21,640 ----a-w C:\WINDOWS\system32\emptyregdb.dat
2007-03-23 10:07:56 1,683,280 ------w C:\WINDOWS\system32\XpsSvcs.dll
2007-03-23 10:07:54 583,504 ------w C:\WINDOWS\system32\XPSSHHDR.dll
2007-03-23 00:25:02 124,928 ------w C:\WINDOWS\system32\prntvpt.dll
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{53707962-6F74-2D53-2644-206D7942484F}=C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2005-05-31 01:04]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PestPatrol Control Center"="C:\PROGRA~1\PESTPA~1\PPControl.exe" [2004-11-15 11:49]
"PestPatrolCL"="" []
"PPMemCheck"="C:\PROGRA~1\PESTPA~1\PPMemCheck.exe" [2003-04-19 07:53]
"CookiePatrol"="C:\PROGRA~1\PESTPA~1\CookiePatrol.exe" [2005-01-10 09:35]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-09-24 00:08]
"eTrustPPAP"="C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe" []
"Advanced WindowsCare V2 Personal"="C:\Program Files\IObit\Advanced WindowsCare V2\Awc.exe" [2006-12-17 22:20]
"SmartDefrag"="C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" [2007-02-04 22:59]
"RAMBooster.Net"="C:\Program Files\RAMBooster.Net\RAMBooster.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 08:00]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2006-01-24 11:37]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24]
"FreeRAM XP"="C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2006-03-23 00:13]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoResolveSearch"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*


Contents of the 'Scheduled Tasks' folder
2007-06-07 17:17:40 C:\WINDOWS\tasks\SmartDefrag.job

**************************************************************************

catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-07 13:53:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
MsnMsgr = "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background?g

scanning hidden files ...

**************************************************************************

Completion time: 2007-06-07 13:55:43
C:\ComboFix-logfile.txt ... 2007-06-02 11:57
C:\ComboFix-quarantined-files.txt ... 2007-06-07 13:55
C:\ComboFix2.txt ... 2007-06-02 11:53

--- E O F ---

Many, many thanks.

Ann

#6 didom

didom

  • Members
  • 1,389 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:11 PM

Posted 07 June 2007 - 03:24 PM

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Step #1

Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if it exists:

Advanced Spyware Remover

This is rogueware (or known to be rogueware in the past) and we highly recommend that you uninstall it. Rogue/Suspect means that this product is of unknown, questionable, or dubious value as anti-spyware protection.

Step #2

Scan again with HijackThis and check the following items:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gomyron.com/MTE3MTA=/2/3948/free1/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O4 - HKLM\..\Run: [sclick] C:\Program Files\WinMsg\sclick.exe

After checking these items, close all browser windows except HijackThis and click "Fix checked".

Reboot your computer

Step #3

Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report
Start HijackThis, perform a new scan and save the log file.

Use the Add Reply button to post your new logs back here along with details of any problems you encountered performing the above steps and I will review it when it comes in.

#7 Ann G.

Ann G.
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:11 AM

Posted 07 June 2007 - 05:13 PM

Hi Didom:

The HJT didn't list any of the things you wanted me to check off but I did save it, as you said.

I can't scan with Panda because it needs I.E. 5, or greater, (I can access only my Mozilla Firefox), but whatever's wrong with this p.c. - the I.E. 6 says, "blank" and I can't use it.
Before I checked off things recommended in the very first HJT scan, I got I.E. back, but still can't use it, though - soon!

I'm sorry to be such a pain and I really do appreciate you!

Geez, I'm sure amazed at all this stuff you're helping me with!

Thanks,

Ann

#8 didom

didom

  • Members
  • 1,389 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:11 PM

Posted 16 June 2007 - 05:12 AM

Download Combofix to your desktop.
Doubleclick combofix.exe
Follow the prompts.
Don't click on the window while the fix is running, because that will cause your system to hang.

When finished and after reboot (in case it asks to reboot), it should open a log, combofix.txt.
Post this log in your next reply together with a new hijackthislog.
Do NOT post the ComboFix-quarantined-files.txt - unless I ask you to.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users