29 replies to this topic

[shelf life]

hi weenie,

uhmmm annoying nastie. ok thanks for looking, lets do this;
-----------------------------------------------

Written by Atribune

Please download Look2Me-Destroyer.exe to your desktop.

Close all windows before continuing.
Double-click Look2Me-Destroyer.exe to run it.
Put a check next to Run this program as a task.

You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 10 seconds. Click OK
When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
Once it's done scanning, click the Remove L2M button.

You will receive a Done Scanning message, click OK.
When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
Your computer will then shutdown.

Turn your computer back on.
Please post the contents of C:\Look2Me-Destroyer.txt and a new HiJackThis log.
If you receive a message from your firewall about this program accessing the internet please allow it.

If you receive a runtime error '339' please download MSWINSCK.OCX from the link below and place it in your C:\Windows\System32 Directory.
http://www.ascentive...ib/MSWINSCK.OCX

[weenie]

Ok got it done - Still had the following dll errors: w077a121, w03a47a8, w03d6cd6, w07140e6, w0077879.

Here is the Look2Me-Destroyer text doc:



Look2Me-Destroyer V1.0.12

Scanning for infected files.....
Scan started at 4/5/2006 11:31:09 PM

Infected! C:\WINDOWS\system32\ucdmxfrm.dll

Attempting to delete infected files...

Making registry repairs.

Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Syncmgr

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{C7F62322-D2C6-4B1B-A4DC-2C9935793AF2}"
HKCR\Clsid\{C7F62322-D2C6-4B1B-A4DC-2C9935793AF2}

Restoring Windows certificates.

Replaced hosts file with default windows hosts file


Restoring SeDebugPrivilege for Administrators - Succeeded





Here is the new HJT log:


Logfile of HijackThis v1.99.1
Scan saved at 11:42:39 PM, on 4/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\WINDOWS\System32\tabbtnu.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\GIGARANGE KX-TG55 Series\DMCPWinApp.exe
C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
C:\PROGRA~1\Dantz\RETROS~1\RetroExpress.exe
C:\WINDOWS\MXOALDR.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\EQBranch\EQBranch.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\PROGRA~1\Dantz\RETROS~1\retrospect.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Karly Rossiter\Desktop\Hijack This\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....B_PVER}&ar=home
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [GigaRangeApp] "C:\Program Files\GIGARANGE KX-TG55 Series\DMCPWinApp.exe" /S
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
O4 - HKLM\..\Run: [RetroExpress] C:\PROGRA~1\Dantz\RETROS~1\RetroExpress.exe /h
O4 - HKLM\..\Run: [MXOBG] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [w03a47a8.dll] RUNDLL32.EXE w03a47a8.dll,I2 0000784a003a47a8
O4 - HKLM\..\Run: [w07140e6.dll] RUNDLL32.EXE w07140e6.dll,I2 0000784a007140e6
O4 - HKLM\..\Run: [w0077879.dll] RUNDLL32.EXE w0077879.dll,I2 0000784a00077879
O4 - HKLM\..\Run: [w03d6cd6.dll] RUNDLL32.EXE w03d6cd6.dll,I2 0000784a003d6cd6
O4 - HKLM\..\Run: [w077a121.dll] RUNDLL32.EXE w077a121.dll,I2 0000784a0077a121
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [EQBranch] "C:\Program Files\EQBranch\EQBranch.exe"
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.lsac.org
O16 - DPF: {009BE90E-03E8-463F-B6DF-8C94C6E335CA} (Vpr Class) - http://www.msp.dot.s...ient/vprctl.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_2.1.1.74.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius....tiveXPlugin.cab
O16 - DPF: {B2FCED61-570E-11D3-B160-00A0C9E70E84} (OmniForm Form Control) - https://www4.lsac.or...iveX/ofmctl.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {D0B5B58D-8CB9-4EDB-8BB0-9D34AEF727CF} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.game...inematycoon.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalci...illama/ampx.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O20 - AppInit_DLLs: Runner.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: loginkey - C:\Program Files\Common Files\Microsoft Shared\Ink\loginkey.dll
O20 - Winlogon Notify: TabBtnWL - C:\WINDOWS\SYSTEM32\TabBtnWL.dll
O20 - Winlogon Notify: tpgwlnotify - C:\WINDOWS\SYSTEM32\tpgwlnot.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Unknown owner - c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Retrospect Express HD Restore Helper (RetroExp Helper) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\rthlpsvc.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe



Thank you for your continued help...

[shelf life]

hi weenie, ok good so far. are your popups gone? those .dll errors, your getting those at startup right? since the look2Me destroyer cleaned up some stuff lets try hjt again to delete the dlls. also no harm in running ewido again after checking for any updates run hjt and have it fix these: O4 - HKLM\..\Run: [w03a47a8.dll] RUNDLL32.EXE w03a47a8.dll,I2 0000784a003a47a8 O4 - HKLM\..\Run: [w07140e6.dll] RUNDLL32.EXE w07140e6.dll,I2 0000784a007140e6 O4 - HKLM\..\Run: [w0077879.dll] RUNDLL32.EXE w0077879.dll,I2 0000784a00077879 O4 - HKLM\..\Run: [w03d6cd6.dll] RUNDLL32.EXE w03d6cd6.dll,I2 0000784a003d6cd6 O4 - HKLM\..\Run: [w077a121.dll] RUNDLL32.EXE w077a121.dll,I2 0000784a0077a121 --------------------------------------------- reboot once, rescan with hjt and post a new log. if they are still in the log, try another search on your computer for them. shelf life

[weenie]

Alright, it's getting a little hairy on this crappy little laptop now... When I rebooted (I can't remember when this was last night), it gave me an error several different times about not being able to find the operating system. Also on reboots sometimes it went to a blackscreen where there were two lines of information and it said there was a disk error, and then it went nowhere. I kept retrying and retrying... the screen that asks you how you want to startup (safe, normal, etc) froze quite a bit, and then when it did that bluescreen checkdisk utility on startup, it would freeze at like 4% completion too. I haven't run ewido yet because this is the first time I got my computer to restart normally and successfully, so I wanted to hurry up and post this HJT log.

I haven't had any popups so far, but I've only been on the net for 5 minutes. No DLL errors on startup this time.

Do you think my computer's so messed up I should just start over from scratch and reinstall windows and everything? I feel like we've worked so hard on fixing it that giving up would be pathetic.

Logfile of HijackThis v1.99.1
Scan saved at 9:45:49 AM, on 4/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\PROGRA~1\Dantz\RETROS~1\retrospect.exe
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\WINDOWS\System32\tabbtnu.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\GIGARANGE KX-TG55 Series\DMCPWinApp.exe
C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
C:\PROGRA~1\Dantz\RETROS~1\RetroExpress.exe
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
C:\WINDOWS\MXOALDR.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\EQBranch\EQBranch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Karly Rossiter\Desktop\Hijack This\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....B_PVER}&ar=home
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [GigaRangeApp] "C:\Program Files\GIGARANGE KX-TG55 Series\DMCPWinApp.exe" /S
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
O4 - HKLM\..\Run: [RetroExpress] C:\PROGRA~1\Dantz\RETROS~1\RetroExpress.exe /h
O4 - HKLM\..\Run: [MXOBG] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [EQBranch] "C:\Program Files\EQBranch\EQBranch.exe"
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.lsac.org
O16 - DPF: {009BE90E-03E8-463F-B6DF-8C94C6E335CA} (Vpr Class) - http://www.msp.dot.s...ient/vprctl.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_2.1.1.74.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius....tiveXPlugin.cab
O16 - DPF: {B2FCED61-570E-11D3-B160-00A0C9E70E84} (OmniForm Form Control) - https://www4.lsac.or...iveX/ofmctl.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {D0B5B58D-8CB9-4EDB-8BB0-9D34AEF727CF} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.game...inematycoon.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalci...illama/ampx.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O18 - Filter: text/html - {994D478A-45D0-4DB4-AE77-288B1E346E99} - C:\Program Files\FCAdvice\FCAdvice.dll
O20 - AppInit_DLLs: Runner.dll,Runner.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: loginkey - C:\Program Files\Common Files\Microsoft Shared\Ink\loginkey.dll
O20 - Winlogon Notify: TabBtnWL - C:\WINDOWS\SYSTEM32\TabBtnWL.dll
O20 - Winlogon Notify: tpgwlnotify - C:\WINDOWS\SYSTEM32\tpgwlnot.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Unknown owner - c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Retrospect Express HD Restore Helper (RetroExp Helper) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\rthlpsvc.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe

[weenie]

Just scanned with ewido - yes I still have popups. The computer bluescreened once while scanning so I had to reboot and start over. Here's the log from that... --------------------------------------------------------- ewido anti-malware - Scan report --------------------------------------------------------- + Created on: 1:04:40 PM, 4/7/2006 + Report-Checksum: C22284A3 + Scan result: C:\WINDOWS\system32\cv3wanv28.exe -> Adware.Suggestor : Cleaned with backup C:\Documents and Settings\Karly Rossiter\Cookies\karly rossiter@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned with backup C:\Documents and Settings\Karly Rossiter\Cookies\karly rossiter@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned with backup C:\Documents and Settings\Karly Rossiter\Cookies\karly rossiter@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup C:\Documents and Settings\Karly Rossiter\Cookies\karly rossiter@ads1.revenue[1].txt -> TrackingCookie.Revenue : Cleaned with backup C:\Documents and Settings\Karly Rossiter\Cookies\karly rossiter@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup C:\Documents and Settings\Karly Rossiter\Cookies\karly rossiter@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup C:\Documents and Settings\Karly Rossiter\Cookies\karly rossiter@targetnet[2].txt -> TrackingCookie.Targetnet : Cleaned with backup C:\Documents and Settings\Karly Rossiter\Cookies\karly rossiter@com[1].txt -> TrackingCookie.Com : Cleaned with backup C:\Documents and Settings\Karly Rossiter\Cookies\karly rossiter@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\Karly Rossiter\Cookies\karly rossiter@zedo[1].txt -> TrackingCookie.Zedo : Cleaned with backup C:\Documents and Settings\Karly Rossiter\Cookies\karly rossiter@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Karly Rossiter\Cookies\karly rossiter@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned with backup C:\Documents and Settings\Karly Rossiter\Cookies\karly rossiter@rotator.dex.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned with backup C:\Documents and Settings\Karly Rossiter\Cookies\karly rossiter@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup C:\Documents and Settings\Karly Rossiter\Cookies\karly rossiter@thunderbolt.adjuggler[2].txt -> TrackingCookie.Adjuggler : Cleaned with backup C:\Documents and Settings\Karly Rossiter\Cookies\karly rossiter@h.starware[2].txt -> TrackingCookie.Starware : Cleaned with backup C:\Documents and Settings\Karly Rossiter\Cookies\karly rossiter@twci.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned with backup C:\Documents and Settings\Karly Rossiter\Cookies\karly rossiter@as-eu.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup C:\Documents and Settings\Karly Rossiter\Cookies\karly rossiter@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned with backup C:\Documents and Settings\Karly Rossiter\Cookies\karly rossiter@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned with backup C:\Documents and Settings\Karly Rossiter\Cookies\karly rossiter@cbs.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Karly Rossiter\Cookies\karly rossiter@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup C:\Documents and Settings\Karly Rossiter\Cookies\karly rossiter@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned with backup C:\Documents and Settings\Karly Rossiter\Cookies\karly rossiter@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup C:\Documents and Settings\Karly Rossiter\Cookies\karly rossiter@revenue[1].txt -> TrackingCookie.Revenue : Cleaned with backup C:\Documents and Settings\Karly Rossiter\Cookies\karly rossiter@adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned with backup C:\Documents and Settings\Karly Rossiter\Cookies\karly rossiter@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Karly Rossiter\Cookies\karly rossiter@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned with backup C:\Documents and Settings\Karly Rossiter\Cookies\karly rossiter@citi.bridgetrack[2].txt -> TrackingCookie.Bridgetrack : Cleaned with backup C:\Documents and Settings\Karly Rossiter\Cookies\karly rossiter@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned with backup C:\Documents and Settings\Karly Rossiter\Cookies\karly rossiter@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup C:\Documents and Settings\Karly Rossiter\Cookies\karly rossiter@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup C:\Documents and Settings\Karly Rossiter\Cookies\karly rossiter@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup C:\Documents and Settings\Karly Rossiter\Cookies\karly rossiter@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned with backup C:\Documents and Settings\Karly Rossiter\Cookies\karly rossiter@as.casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup C:\Documents and Settings\Karly Rossiter\Cookies\karly rossiter@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned with backup C:\Documents and Settings\Karly Rossiter\Cookies\karly rossiter@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned with backup C:\Documents and Settings\Karly Rossiter\Cookies\karly rossiter@ehg-hitent.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup C:\Documents and Settings\Karly Rossiter\Cookies\karly rossiter@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup C:\Documents and Settings\Karly Rossiter\Cookies\karly rossiter@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup C:\Documents and Settings\Karly Rossiter\Cookies\karly rossiter@as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup C:\Documents and Settings\Karly Rossiter\Cookies\karly rossiter@ehg-knightridder.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup C:\Documents and Settings\Karly Rossiter\Cookies\karly rossiter@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned with backup C:\Documents and Settings\Karly Rossiter\Cookies\karly rossiter@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup C:\System Volume Information\_restore{5647658D-9469-462B-A95A-1E2F52171EAD}\RP521\A0357423.exe -> Downloader.Agent.aie : Cleaned with backup C:\System Volume Information\_restore{5647658D-9469-462B-A95A-1E2F52171EAD}\RP524\A0361524.exe -> Adware.CASClient : Cleaned with backup C:\System Volume Information\_restore{5647658D-9469-462B-A95A-1E2F52171EAD}\RP524\A0361525.dll -> Adware.CASClient : Cleaned with backup C:\w.exe -> Downloader.Agent.aie : Cleaned with backup C:\FOUND.042\FILE0022.CHK -> Adware.SurfSide : Cleaned with backup ::Report End

[shelf life]

hi weenie,

Do you think my computer's so messed up I should just start over from scratch and reinstall windows and everything?

its hard to say if malware is the cause of disk errors. the BSOD, could be.
at least the .dll errors are gone. ok if you can manage it with all the problems, there is one more download to help id the problem. Sysinternals rootkit revealer.

link is all the way down at the bottom of the page, its a zip file. unzip it to a folder and scan with it. save and post the log file if it finds anything.
is there anything common to the popups you are getting?

http://www.sysintern...itrevealer.html
------------------------------------

[weenie]

Nah, there's not really anything that the popups have in common. And I was just going to say that I hadn't really had any that I could remember in awhile - but I haven't been on the computer that much - but then one just popped up. Here was the address of it:

http://ad.cs102175.c...D=adsi.3236/RON


I ran that RootkitRevealer and it picked up 2 files. I can't get the textdoc to save right, but here's what it says:

Path
C:\Documents and Settings\Karly Rossiter\Local Settings\Temporary Internet Files\Content.IE5\8T6ZWDQJ\Laptops;sec=Laptops;pos=leader;tile=1;sz=728x90,dcopt=ist;ord=4681048;[1]
Size 431 bytes
Description Visible in Windows API, but not in MFT or directory index.

Path
C:\Documents and Settings\Karly Rossiter\Local Settings\Temporary Internet Files\Content.IE5\C52ZSTMZ\Laptops;sec=Laptops;pos=leader;tile=1;sz=728x90,dcopt=ist;ord=4681048;[1]
Size 431 bytes
Description Hidden from Windows API.

[weenie]

One more thing - I just noticed a weird icon on my desktop - "TagASaurus" - it's been there before (since this crud started happening) and I just deleted it. There have also been links to poker sites I think. Like 50 in chips or something?

[weenie]

And another thing! I just noticed that a lot of the popups, if I dont get to them right away, will move around a little several times to mess up my clicking them off.

Here's another link one of them was:
http://ad.cs102175.c...8&nokey=finance


Never know if it'll be helpful I guess...

[shelf life]

hi weenie, ok thanks for that info. i dont know why this is proving so hard to remove. iam sure your ready to throw it out the window. its been acouple days. can you rescan with hjt and post a updated log. also do this with hjt: start hjt, click on "open misc tools section' click on "generate startup list" save the log and post it in next reply also. check that you have ad aware set up like this; Configure Ad-Aware SE Personal 1.06: * Click on the Gear button at the top of the window. * Click "General" on the left hand side to display the General Settings box. o Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark in it.: + "Automatically save logfile" + "Automatically quarantine objects prior to removal" + "Safe Mode (always request confirmation)" + "Prompt to update outdated definitions" - change to 7 days from the default 14. * Click "Scanning" on the left hand side to display the Scan Settings box. o Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark in it.: + "Scan within archives" + "Select drives & folders to scan" - select your hard drive(s). + "Scan active processes" + "Scan registry" + "Deep-scan registry" + "Scan my IE favorites for banned URLs" + "Scan my Hosts file" * Click "Advanced" on the left hand side to display the Advanced Settings box. o Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark in it.: + "Move deleted files to Recycle Bin" + "Include additional object information" + "Include negligible objects information" + "Include environment information" * Click "Defaults" on the left hand side to display the Default Settings box. o Make sure these items have your preferred settings in them.: + "Default homepage" + "Default searchpage" * Click "Tweak" on the left hand side to display the Tweak Settings box. o Click the + (plus) sign next to the Log Files section. This will expand the section. o Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark in it.: + "Include basic Ad-Aware settings in log file" + "Include additional Ad-Aware settings in log file" + "Include reference summary in log file" + "Include alternate data stream details in log file" o Click the + (plus) sign next to the Scanning Engine section. This will expand the section. o Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark in it.: + "Unload recognized processes & modules during scan" + "Scan registry for all users instead of current user only" + "Obtain command line of scanned processes" o Click the + (plus) sign next to the Cleaning Engine section. This will expand the section. o Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark in it.: + "Always try to unload modules before deletion" + "During removal, unload Explorer and IE if necessary" + "Let Windows remove files in use at next reboot" + "Delete quarantined objects after restoring" * Once you are done with these settings, click "Proceed" to save them. * This will take you back to the main screen.

[weenie]

Well... my computer finally committed suicide. Last night it refused to startup, and said that the file "SYSTEM" was either gone or ruined... my brother seized my computer and reinstalled windows. Now everything HAS to be gone, right? Cuz all my stuff is I backed it up a few weeks ago though. One question though - I have that maxtor thing as my backup, and if I were to use that, what are the chances of me dragging the bad stuff back on to the newly rebuilt computer? What if I just click and drag my files, like my movies, music, and documents and pictures? Regardless, though, I really REALLY appreciate all the help you gave me - what do I owe ya? Whatever I got into was just ridiculous, and I hope I am honest when I say it won't happen again! Again - THANK YOU!

[shelf life]

hi weenie,

oh well, we tried. you know a reformat/reinstall sometimes is the quickest thing to do. sounds like you where prepared by backing up files. i actually reformat at least once a year myself.

Now everything HAS to be gone, right?

yes a reformat will wipe the HD and everything on it.

I have that maxtor thing as my backup, and if I were to use that, what are the chances of me dragging the bad stuff back on to the newly rebuilt computer? What if I just click and drag my files, like my movies, music, and documents and pictures?

you must have a external hd? yes rather than reinstalling everything i would just drag your files over. stuff you created and dont want to lose. anything you downloaded can be downloaded again and other apps can be reloaded off cd.
i have a folder on a 2nd HD i call S*it to keep. once in awhile i drag stuff over to it that i dont want to lose like pixs, video, documents,mp3 etc. then after i do my yearly HD wipe, i just drag the items back over.

glad to help, what do you owe me? uhmm..... send me your phone number...... just kidding.
---------------------------------------------------------
now that you have a new start with your computer, heres some reference material for you:
happy safe surfing--

Be careful of what you download, and where you download it from. Many programs come bundled with extra software.You may be installing more than you think. Make sure you understand what it is you will be downloading and installing to your computer. Visit the makers website, learn more about the program, Does the program you want come bundled with other "3rd party" programs? What do the 3rd party programs do? Will they deliver ads? Track your surfing habits?. Read the EULA agreement, you know, that paragraph of stuff you "agree to" before the software installs? If you search hard enough you can always find a "clean" alternative to any software. Stay away from warez and crack sites. Becarful what you download from file sharing networks. If you are not sure, scan it with your Antivirus app. A small file (in KB) is probably not what you think it is. DO YOU TRUST THE SOURCE?

Make sure you keep your Windows OS current by visiting Windows update
occasionaly to download and install any critical updates and service packs. With out these you are leaving the backdoor open.

Adjust your browser settings: Change your(active x) settings in IE. With IE open go to tools, internet options, security tab. Click on the internet globe, then custom level. Set the first option "download signed active x controls" to prompt, the next two to disable. Read more:
Internet Explorer Privacy & Security Settings
Working with Internet Explorer 6 Security
Many exploits are directed at Internet Explorer, you dont have to use it. Try a different browser. You can have and use more than one browser on your computer.
Like Firefox,


Install a Firewall:A firewall will control what comes in from the internet and what leaves your computer to the internet. A firewall will also alert you when a application trys to connect to the internet from your computer, this is a good way to catch crapware or trojans, trying to connect out bound from your computer- whats that and why does it need a internet connection? You can deny it access it until more investigation is done. Zone Alarm is a free and easy to use firewall, that will provide in and outbound protection. Microsoft XP firewall only provides inbound protection. SP2 adds in and out bound protection which is better than nothing, but is not as robust as third party firewalls, Be sure to run only >one< firewall.If you use another, be sure to disable XP's built in firewall. If you use Zone Alarm learn what needs/uses your internet connection. If something unusal or out of the ordinary "asks" deny it access until more investigation is done.
Zone Alarm
OutPost Lite

Outlook Express with the default settings is not secure. It will run scripts, download images etc, just like a browser. You dont have to use it.
look here
and here
Or try Pegasus Mail, safer by default,no tweaking needed.

Make sure you have and keep updated Antivirus software
Free for home users:
avast! 4 Home Edition Download
AVG free version 7.0
AntiVir Personal Edition

Download one or two of these, install and update before using:(if these are constantly finding malware, then you need to make changes to your browser and or your habits)
CounterSpy Free trial version
Spybot Search and destroy
Ad-Aware SE Personal edition
Microsoft Windows Defender
Becarful with spyware "removers and scanners"-- there are many "rogue/suspect" programs that "claim to remove" spyware.Check here first.

AntiTrojan software to fill in the gap:
a2 free
Ewido Anti-Malware
Trojan Hunter (30 day trial version)
Tauscan trial version

Other programs to consider:
Process Guard stop events/processes with user intervention
SpywareBlaster add security to IE
IE-SPYAD adds adware peddlers sites/domains to IE restricted zone
CleanUp cleans out temps,history, autoforms etc

Learn More:
Browser Checkup
Parasite Free
Safe Hex
Shelf Lifes page
Home Computer Security

[weenie]

hey Well I'm passing the protection advice on to friends and family, hopefully they don't have to suffer like we did! Strangely enough, after I reinstalled everything from scratch, I woke up one morning to find yet another bluescreen physical memory dump or whatever... and it will not restart whatsoever. My brother thinks it may have something to do with drivers? And I've been looking for a new laptop all week. Seems like Acer (which is what I had) tends to run hot and have a lot of problems like this... and now that I think about it, it does seem like my fan was running on high a lot of the time. I looked into their 8200 series, and while it's been rated decently by things like pcmag and cnet, one place with user reviews had a lot of terrible ones... people complaining that it didn't even work out of the box. I loved my Acer because of the keyboard... looks like I'm gonna have to let go, I don't want another crappy laptop. The other thing was that it showed wear really badly... I think I got it in the fall of 2003, and most of the keys' letters were at least partially rubbed off, and there were marks from where my palms rested all the time from typing. Not that impressive... I am thinking about getting a Lenovo ThinkPad T60p (I think that's what it's called)... what do you think/recommend?

[shelf life]

hi weenie,

I woke up one morning to find yet another bluescreen

yes could be driver related, BSOD usually provide some hints about the problem with there stop error msgs.

I am thinking about getting a Lenovo ThinkPad T60p (I think that's what it's called)... what do you think/recommend?

iam no expert on laptops. ive built many desktops but only own a 4 yr old dell inspiron laptop. actually i was looking at ibm thinkpads years ago due to their good reviews(at pcworld and cnet) but couldnt (and still cant) afford one. nothing wrong with a acer either.

it does seem like my fan was running on high a lot of the time

laptops fans do run more, lots of things "stuffed" into a small space (more heat, less space to get rid of it, fan must move the heat out)

that it showed wear really badly

i would think that any laptop that got used alot would show signs of wear.

[shelf life]

Glad we could be of assistance. This topic is now closed. If you wish it reopened, please send us an email (Click for address) with a link to your thread.

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
Make sure you use proper prevention to keep from having problems occur to your computer in the future.

Coyote's Installed programs for prevention:

http://forums.tomcoy...showtopic=31418

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Visit the CoyoteStore http://TomCoyote.org/coyotestore.php