Jump to content

Build Theme!
  •  
  • Infected?

big grin WE'RE SURE THAT YOU'LL LOVE US!

We invite you to ask questions, share experiences, and learn. It's 100% free. Did we mention that it's free. It is. It's free. Join 91520 other members! Anybody can ask, anybody can answer. Consistently helpful members with best answers are invited to staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

My Log


  • This topic is locked This topic is locked
37 replies to this topic

#1 haunt

haunt

    Authentic Member

  • Authentic Member
  • PipPip
  • 20 posts

Posted 17 February 2007 - 05:44 PM

Hi,
My problems started about 2 weeks ago. First with large banner ads across the top & bottom of all web pages. Now hijacks that start with sansujo.com.....Who does this stuff and why? Do people actually buy things through annoying pop up ads and redirects? Here's my log.


Logfile of HijackThis v1.99.1
Scan saved at 6:10:55 PM, on 2/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\PROGRA~1\COMMON~1\MICROS~1\Msinfo\OFFPROV.EXE
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Home\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,vihrmvt.exe
O1 - Hosts: localhost 127.0.0.1
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe"
O4 - HKLM\..\Run: [sys01203532082] C:\WINDOWS\sys01203532082.exe
O4 - HKLM\..\Run: [sys02035320822] C:\WINDOWS\sys02035320822.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [oajrwbh.dll] C:\WINDOWS\System32\rundll32.exe "C:\Documents and Settings\Home\Local Settings\Application Data\oajrwbh.dll",wjkmomf
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\System32\drvcun.dll,startup
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [Microsoft Windows Installer] C:\DOCUME~1\Home\LOCALS~1\Temp\stdrun1.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: .protected
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: .protected
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://supportcenter...oad/tgctlsr.cab
O16 - DPF: {010123DF-5E80-11D8-9E86-0007E96C65AE} (SprtCtlBrowse Class) - http://supportcenter...d/sprtctlbr.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter...oad/tgctlcm.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1171219238547
O20 - AppInit_DLLs: c:\windows\system32\ldcore.dll
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZONELABS\vsmon.exe

    Advertisements

Register to Remove


#2 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,166 posts

Posted 17 February 2007 - 06:58 PM

Hello and welcome to the forums

Please download ATF Cleaner by Atribune.
Download - ATF Cleaner»

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.


(If you use FireFox or the Opera browser
To keep saved passwords, click No at the prompt.)

It's normal after running ATF cleaner that the PC will be slower to boot the first time.

Next:

Download AVG Anti-Spyware from HERE and save that file to your
desktop.
This is a 30 day trial of the program
  • Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop
    and double-click it to launch the set up program.
  • Once the setup is complete you will need run ewido and update the definition
    files.
  • On the main screen select the icon "Update" then select the "
    Update now
    " link.
    • Next select the "Start Update" button, the update will start and a
      progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of
    the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then
    select " "Quarantine" .".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.
  • Reboot your computer into SafeMode. You can do this by restarting
    your computer and continually tapping the F8 key until a menu appears.

    Use your up arrow key to highlight SafeMode then hit enter.
    IMPORTANT: Do not open any other windows or
    programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
  • Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab
    then click on "Complete System Scan".
  • ewido will now begin the scanning process, be patient this may take a little
    time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all
    actions
    "
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the
    screen and save it to a text file on your system (make sure to remember where
    you saved that file, this is important).
  • Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the
    results of the AVG Anti-Spyware report scan along with a new HijackThis log.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#3 haunt

haunt

    Authentic Member

  • Authentic Member
  • PipPip
  • 20 posts

Posted 17 February 2007 - 11:27 PM

Okay, here's what I got from that:
It's alot!

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 11:43:47 PM 2/17/2007

+ Scan result:



C:\Documents and Settings\Home\Local Settings\Temp\New9.tmp\upg_dll.dll -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Program Files\SpywareRemover -> Adware.SpywareRemover : Cleaned with backup (quarantined).
C:\Program Files\SpywareRemover\DataBaseNew.ref -> Adware.SpywareRemover : Cleaned with backup (quarantined).
C:\Program Files\SpywareRemover\Log -> Adware.SpywareRemover : Cleaned with backup (quarantined).
C:\Program Files\SpywareRemover\Log\log_2007_02_11_08_55_13.log -> Adware.SpywareRemover : Cleaned with backup (quarantined).
C:\Program Files\SpywareRemover\Log\log_2007_02_11_08_55_19.log -> Adware.SpywareRemover : Cleaned with backup (quarantined).
C:\Program Files\SpywareRemover\Quarantine -> Adware.SpywareRemover : Cleaned with backup (quarantined).
C:\Program Files\SpywareRemover\Registry Backups -> Adware.SpywareRemover : Cleaned with backup (quarantined).
C:\Program Files\SpywareRemover\Settings -> Adware.SpywareRemover : Cleaned with backup (quarantined).
C:\Program Files\SpywareRemover\Settings\CustomScan.stg -> Adware.SpywareRemover : Cleaned with backup (quarantined).
C:\Program Files\SpywareRemover\Settings\IgnoreList.stg -> Adware.SpywareRemover : Cleaned with backup (quarantined).
C:\Program Files\SpywareRemover\Settings\ScanInfo.stg -> Adware.SpywareRemover : Cleaned with backup (quarantined).
C:\Program Files\SpywareRemover\Settings\ScanResults.stg -> Adware.SpywareRemover : Cleaned with backup (quarantined).
C:\Program Files\SpywareRemover\Settings\SelectedFolders.stg -> Adware.SpywareRemover : Cleaned with backup (quarantined).
C:\Program Files\SpywareRemover\Settings\Settings.stg -> Adware.SpywareRemover : Cleaned with backup (quarantined).
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\RUIPN01A\TTC[1].exe -> Adware.TTC : Cleaned with backup (quarantined).
C:\WINDOWS\system32\awtrqrs.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\WINDOWS\system32\nnnomki.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\WINDOWS\system32\vtuvsqp.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\WINDOWS\system32\yayvuvs.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4EZJYNH3\ac4[1].txt -> Downloader.Agent.awb : Cleaned with backup (quarantined).
C:\WINDOWS\system32\w881ebc4.dll -> Downloader.Agent.awb : Cleaned with backup (quarantined).
C:\WINDOWS\system32\w881f007.dll -> Downloader.Agent.awb : Cleaned with backup (quarantined).
C:\WINDOWS\system32\w881f2a6.dll -> Downloader.Agent.awb : Cleaned with backup (quarantined).
C:\WINDOWS\system32\w881f378.dll -> Downloader.Agent.awb : Cleaned with backup (quarantined).
C:\Documents and Settings\Home\Local Settings\Temp\Temporary Internet Files\Content.IE5\T81DZ5HZ\antzom[1].exe -> Downloader.Agent.bgn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C5D90EED-9F80-4FF0-AD2A-72507F08F350}\RP30\A0016474.exe -> Downloader.Femad : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C5D90EED-9F80-4FF0-AD2A-72507F08F350}\RP30\A0016498.dll -> Downloader.Small.dxm : Cleaned with backup (quarantined).
C:\WINDOWS\system32\__delete_on_reboot__l_d_c_o_r_e_._d_l_l_ -> Downloader.Small.dxm : Cleaned with backup (quarantined).
C:\WINDOWS\system32\ldcore.dll -> Downloader.Small.dxm : Cleaned with backup (quarantined).
[1032] c:\windows\system32\ldcore.dll -> Downloader.Small.dxm : Cleaned with backup (quarantined).
[108] c:\windows\system32\ldcore.dll -> Downloader.Small.dxm : Cleaned with backup (quarantined).
[1116] c:\windows\system32\ldcore.dll -> Downloader.Small.dxm : Cleaned with backup (quarantined).
[1176] c:\windows\system32\ldcore.dll -> Downloader.Small.dxm : Cleaned with backup (quarantined).
[1216] c:\windows\system32\ldcore.dll -> Downloader.Small.dxm : Cleaned with backup (quarantined).
[1276] c:\windows\system32\ldcore.dll -> Downloader.Small.dxm : Cleaned with backup (quarantined).
[1284] c:\windows\system32\ldcore.dll -> Downloader.Small.dxm : Cleaned with backup (quarantined).
[1292] c:\windows\system32\ldcore.dll -> Downloader.Small.dxm : Cleaned with backup (quarantined).
[136] c:\windows\system32\ldcore.dll -> Downloader.Small.dxm : Cleaned with backup (quarantined).
[144] c:\windows\system32\ldcore.dll -> Downloader.Small.dxm : Cleaned with backup (quarantined).
[1560] c:\windows\system32\ldcore.dll -> Downloader.Small.dxm : Cleaned with backup (quarantined).
[1720] c:\windows\system32\ldcore.dll -> Downloader.Small.dxm : Cleaned with backup (quarantined).
[1780] c:\windows\system32\ldcore.dll -> Downloader.Small.dxm : Cleaned with backup (quarantined).
[1792] c:\windows\system32\ldcore.dll -> Downloader.Small.dxm : Cleaned with backup (quarantined).
[1944] c:\windows\system32\ldcore.dll -> Downloader.Small.dxm : Cleaned with backup (quarantined).
[1952] c:\windows\system32\ldcore.dll -> Downloader.Small.dxm : Cleaned with backup (quarantined).
[1988] c:\windows\system32\ldcore.dll -> Downloader.Small.dxm : Cleaned with backup (quarantined).
[2008] c:\windows\system32\ldcore.dll -> Downloader.Small.dxm : Cleaned with backup (quarantined).
[2100] c:\windows\system32\ldcore.dll -> Downloader.Small.dxm : Cleaned with backup (quarantined).
[3380] c:\windows\system32\ldcore.dll -> Downloader.Small.dxm : Cleaned with backup (quarantined).
[372] c:\windows\system32\ldcore.dll -> Downloader.Small.dxm : Cleaned with backup (quarantined).
[864] c:\windows\system32\ldcore.dll -> Downloader.Small.dxm : Cleaned with backup (quarantined).
[876] c:\windows\system32\ldcore.dll -> Downloader.Small.dxm : Cleaned with backup (quarantined).
[916] c:\windows\system32\ldcore.dll -> Downloader.Small.dxm : Cleaned with backup (quarantined).
[992] c:\windows\system32\ldcore.dll -> Downloader.Small.dxm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C5D90EED-9F80-4FF0-AD2A-72507F08F350}\RP25\A0012480.exe -> Downloader.Tiny.fk : Cleaned with backup (quarantined).
C:\Program Files\Common Files\orfz\orfzd\vocabulary -> Downloader.TSUpdate.j : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C5D90EED-9F80-4FF0-AD2A-72507F08F350}\RP24\A0010452.exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).
C:\Documents and Settings\Home\Local Settings\Temp\Temporary Internet Files\Content.IE5\PI57LVMT\antizom[1].exe -> Logger.Agent.or : Cleaned with backup (quarantined).
C:\Program Files\Common Files\svchost.exe -> Logger.Agent.or : Cleaned with backup (quarantined).
C:\Documents and Settings\Home\Local Settings\Temp\Cookies\home@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\Home\Local Settings\Temp\Cookies\home@anad.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Home\Local Settings\Temp\Temporary Internet Files\Content.IE5\J3DLLTT2\antzom[1].exe -> Trojan.Agent.qt : Cleaned with backup (quarantined).
C:\WINDOWS\system32\drvcun.dll -> Trojan.Agent.qt : Cleaned with backup (quarantined).
C:\WINDOWS\system32\drvdab.dll -> Trojan.Agent.qt : Cleaned with backup (quarantined).
C:\Documents and Settings\Home\Local Settings\Temp\mst133.tmp -> Trojan.Agent.vg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C5D90EED-9F80-4FF0-AD2A-72507F08F350}\RP30\A0016499.dll -> Trojan.Agent.vg : Cleaned with backup (quarantined).
C:\WINDOWS\system32\__delete_on_reboot__w_i_n_k_e_i_3_2_._d_l_l_ -> Trojan.Agent.vg : Cleaned with backup (quarantined).
C:\Program Files\Outlook Express\rydimyz.dll -> Trojan.BHO.ab : Cleaned with backup (quarantined).
C:\WINDOWS\system32\durvilz.exe -> Trojan.Durvil : Cleaned with backup (quarantined).
C:\WINDOWS\system32\drivera.dll -> Trojan.Kolweb.j : Cleaned with backup (quarantined).
C:\WINDOWS\system32\durvilz.dll -> Trojan.Kolweb.j : Cleaned with backup (quarantined).
C:\Documents and Settings\Home\Local Settings\Temp\Temporary Internet Files\Content.IE5\298HOL43\xi6[1].exe -> Trojan.LdPinch.sh : Cleaned with backup (quarantined).
C:\WINDOWS\system32\13B.tmp -> Worm.Locksky.aw : Cleaned with backup (quarantined).
C:\WINDOWS\system32\13C.tmp -> Worm.Locksky.aw : Cleaned with backup (quarantined).
C:\WINDOWS\system32\9D.tmp -> Worm.Locksky.aw : Cleaned with backup (quarantined).
C:\WINDOWS\system32\9E.tmp -> Worm.Locksky.aw : Cleaned with backup (quarantined).
C:\WINDOWS\system32\instcat.dll -> Worm.Locksky.aw : Cleaned with backup (quarantined).


::Report end

AND THE OTHER:
Logfile of HijackThis v1.99.1
Scan saved at 11:57:25 PM, on 2/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Home\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,vihrmvt.exe
O1 - Hosts: localhost 127.0.0.1
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe"
O4 - HKLM\..\Run: [sys01203532082] C:\WINDOWS\sys01203532082.exe
O4 - HKLM\..\Run: [sys02035320822] C:\WINDOWS\sys02035320822.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [oajrwbh.dll] C:\WINDOWS\System32\rundll32.exe "C:\Documents and Settings\Home\Local Settings\Application Data\oajrwbh.dll",wjkmomf
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\System32\drvcun.dll,startup
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [Microsoft Windows Installer] C:\DOCUME~1\Home\LOCALS~1\Temp\stdrun1.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: .protected
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: .protected
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://supportcenter...oad/tgctlsr.cab
O16 - DPF: {010123DF-5E80-11D8-9E86-0007E96C65AE} (SprtCtlBrowse Class) - http://supportcenter...d/sprtctlbr.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter...oad/tgctlcm.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1171219238547
O20 - AppInit_DLLs: c:\windows\system32\ldcore.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZONELABS\vsmon.exe

#4 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,166 posts

Posted 18 February 2007 - 07:18 AM

I suggest you do this:

With AVG Anti-Spyware, if you click on the Infections icon, then it will show you all the items in Quarrantine and you can remove them that way. Just click Select All (if all of the items in quarrantine need removing) then Remove Finally


1. launch Notepad (Start>All Programs>Accessories), and copy/paste all the BOLD REGEDIT below to it. Don't forget to include REGEDIT4.
Save in: Desktop
File Name: fixme.reg
Save as Type: All files
Click: Save

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""



2. Save this text as ResetAppInit.reg. Make sure the "Save as type:" is "All Files (*.*)" and save it to your desktop. Include the word REGEDIT4

3. Double-click on ResetAppInit.reg. When it asks you to merge the information to the registry click Yes.


Please do not delete anything unless instructed to.



Run hijackthis. Hit None of the above, Click Do a System Scan Only. Put a Check in the box on the left side on these:

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [sys01203532082] C:\WINDOWS\sys01203532082.exe
O4 - HKLM\..\Run: [sys02035320822] C:\WINDOWS\sys02035320822.exe
O4 - HKLM\..\Run: [oajrwbh.dll] C:\WINDOWS\System32\rundll32.exe "C:\Documents and Settings\Home\Local Settings\Application Data\oajrwbh.dll",wjkmomf
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\System32\drvcun.dll,startup
O4 - Startup: .protected
O4 - Global Startup: .protected
O20 - AppInit_DLLs: c:\windows\system32\ldcore.dll

Close ALL windows and browsers except HijackThis and click "Fix checked"



Delete these Files if listed:
C:\WINDOWS\sys01203532082.exe
C:\WINDOWS\sys02035320822.exe
C:\WINDOWS\System32\drvcun.dll
C:\Documents and Settings\Home\Local Settings\Application Data\oajrwbh.dll
c:\windows\system32\ldcore.dll


Empty Recycle Bin

Reboot and "copy/paste" a new HijackThis log file into this thread.

Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#5 haunt

haunt

    Authentic Member

  • Authentic Member
  • PipPip
  • 20 posts

Posted 18 February 2007 - 09:44 AM

didn't do too well with this assignment.
I could no get rid of :
O4 - Startup: .protected
O4 - Global Startup: .protected
I got a message that said the programs were in use and to end them with the task manager.
When I hit alt-ctrl-detete I got a new message stating the the task manager has been disabled by the administraror!

I couldn't find (or didn't know wher to look) for:
Delete these Files if listed:
C:\WINDOWS\sys01203532082.exe
C:\WINDOWS\sys02035320822.exe
C:\WINDOWS\System32\drvcun.dll
C:\Documents and Settings\Home\Local Settings\Application Data\oajrwbh.dll
c:\windows\system32\ldcore.dll


Computer is running slower and I keep getting redirected to Monster marketplace and other annoying sites, . As being redirected some sansujo.com........site breifly displays in the address bar.

If it hepls here's the log. Thanks for trying to help.
Logfile of HijackThis v1.99.1
Scan saved at 10:43:48 AM, on 2/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Home\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,vihrmvt.exe
O1 - Hosts: localhost 127.0.0.1
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [Microsoft Windows Installer] C:\DOCUME~1\Home\LOCALS~1\Temp\stdrun1.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: .protected
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: .protected
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://supportcenter...oad/tgctlsr.cab
O16 - DPF: {010123DF-5E80-11D8-9E86-0007E96C65AE} (SprtCtlBrowse Class) - http://supportcenter...d/sprtctlbr.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter...oad/tgctlcm.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1171219238547
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZONELABS\vsmon.exe

#6 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,166 posts

Posted 18 February 2007 - 09:47 AM

Only for Windows XP and Windows 2000


Download SmitfraudFix (by S!Ri) to your Desktop.
http://siri.urz.free...mitfraudFix.exe
Double Click SmitfraudFix.exe on your Desktop. A folder named SmitfraudFix will be created on your Desktop.

Posted Image

______________________________
Next:

Download AVG Anti-Spyware from HERE and save that file to your
desktop.
This is a 30 day trial of the program
  • Once you have downloaded ewido anti-spyware, locate the icon on the desktop
    and double-click it to launch the set up program.
  • Once the setup is complete you will need run AVG Anti-Spyware and update the definition
    files.
  • On the main screen select the icon "Update" then select the "
    Update now
    " link.
    • Next select the "Start Update" button, the update will start and a
      progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of
    the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then
    select "Delete".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.

______________________________

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press Enter

Posted Image

This program will scan large amounts of files on your computer for known patterns so please be patient while it works. It will create a file named:
c:\rapport.txt


IMPORTANT: Do NOT run any other options until you are asked to do so!

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

Please post:
C:\rapport.txt

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#7 haunt

haunt

    Authentic Member

  • Authentic Member
  • PipPip
  • 20 posts

Posted 18 February 2007 - 10:45 AM

I have no idea what I did, but I did it. Here are results: SmitFraudFix v2.142 Scan done at 11:39:27.92, Sun 02/18/2007 Run from C:\Documents and Settings\Home\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is FAT32 Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS C:\WINDOWS\.protected FOUND ! C:\WINDOWS\logo.gif FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Home »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Home\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu C:\DOCUME~1\HOME\STARTM~1\PROGRAMS\STARTUP\.protected FOUND ! C:\DOCUME~1\ALLUSE~1\STARTM~1\PROGRAMS\STARTUP\.protected FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\HOME\FAVORI~1 »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="C:\\Program Files\\Outlook Express\\vimobus.html" "SubscribedURL"="" "FriendlyName"="" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="My Current Home Page" »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32 »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End

#8 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,166 posts

Posted 18 February 2007 - 10:46 AM

Running the Clean

Warning: running option #2 on a non infected computer will remove your Desktop background.


Please print out or copy these instructions/tutorial to Notepad as the internet will not be (while in Safe Mode) available to you at certain points of the removal process. Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes.

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.
______________________________

Open the SmitfraudFix Folder, then double-click smitfraudfix.cmd file to start the tool.
Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.

Posted Image


The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.

A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. Reboot in Safe Mode.

The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.
______________________________

Clean out your Temporary Internet files. Proceed like this:
  • Quit Internet Explorer and quit any instances of Windows Explorer.
  • Click Start, click Control Panel, and then double-click Internet Options.
  • On the General tab, click Delete Files under Temporary Internet Files.
  • In the Delete Files dialog box, tick the Delete all offline content check box , and then click OK.
  • On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
  • Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
  • Click OK.
Next Click Start, click Control Panel and then double-click Display. Click on the Desktop tab, then click the Customize Desktop button. Click on the Web tab. Under Web Pages you should see a checked entry called Security info or something similar. If it is there, select that entry and click the Delete button. Click Ok then Apply and Ok.

Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin.
______________________________

Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware, and run a full scan.
  • IMPORTANT: Do not open any other windows or
    programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
  • Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab
    then click on "Complete System Scan".
  • ewido will now begin the scanning process, be patient this may take a little
    time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all
    actions
    "
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the
    screen and save it as a text file on your Desktop (make sure to remember where you saved that file, this is important).
Close AVG Anti-Spyware and Reboot in Normal Mode.



Please post:
1.c:\rapport.txt
2.AVG Anti-Spyware log
3.A new HijackThis log

Your may need several replies to post the requested logs, otherwise they might get cut off.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#9 haunt

haunt

    Authentic Member

  • Authentic Member
  • PipPip
  • 20 posts

Posted 18 February 2007 - 11:36 AM

I am having a problem now with the safe mode. Starts up and I select Safe mode. Then confirm windows xp. Starts to run. Goes to the windows logon screen in safe mode with an identity of Adminisrtator. I log onto it. a black dos type screen fills up with text entries. Goes to another blank black page that says safe mode in the lower corners. and freezes there! any suggestions? Thanks again

#10 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,166 posts

Posted 18 February 2007 - 11:38 AM

How long are you waiting? I've seen it take up to 5-10 mins.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

    Advertisements

Register to Remove


#11 haunt

haunt

    Authentic Member

  • Authentic Member
  • PipPip
  • 20 posts

Posted 18 February 2007 - 02:39 PM

Okay, I just tried it for 40 minutes each on the two identities. won't run. just freezes after getting a message to confirm that it is starting in safe mode.

#12 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,166 posts

Posted 18 February 2007 - 02:40 PM

Try it in normal mode then. :thumbup:

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#13 haunt

haunt

    Authentic Member

  • Authentic Member
  • PipPip
  • 20 posts

Posted 18 February 2007 - 05:41 PM

I'll post the HiJack log in a separate post to make sure it fits. And the results are : SmitFraudFix v2.142 Scan done at 16:16:43.01, Sun 02/18/2007 Run from C:\Documents and Settings\Home\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is FAT32 Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» hosts localhost 127.0.0.1 »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files C:\WINDOWS\.protected Deleted C:\WINDOWS\logo.gif Deleted C:\DOCUME~1\HOME\STARTM~1\PROGRAMS\STARTUP\.protected Deleted C:\DOCUME~1\ALLUSE~1\STARTM~1\PROGRAMS\STARTUP\.protected Deleted »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End ------------------------------------------------------------------------------------- --------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 6:25:03 PM 2/18/2007 + Scan result: C:\System Volume Information\_restore{C5D90EED-9F80-4FF0-AD2A-72507F08F350}\RP30\A0016513.dll -> Adware.Virtumonde : Cleaned with backup (quarantined). C:\System Volume Information\_restore{C5D90EED-9F80-4FF0-AD2A-72507F08F350}\RP30\A0016514.dll -> Adware.Virtumonde : Cleaned with backup (quarantined). C:\System Volume Information\_restore{C5D90EED-9F80-4FF0-AD2A-72507F08F350}\RP30\A0016515.dll -> Adware.Virtumonde : Cleaned with backup (quarantined). C:\WINDOWS\system32\awtrqrs.dll -> Adware.Virtumonde : Cleaned with backup (quarantined). C:\System Volume Information\_restore{C5D90EED-9F80-4FF0-AD2A-72507F08F350}\RP30\A0016502.dll -> Downloader.Agent.awb : Cleaned with backup (quarantined). C:\System Volume Information\_restore{C5D90EED-9F80-4FF0-AD2A-72507F08F350}\RP30\A0016503.dll -> Downloader.Agent.awb : Cleaned with backup (quarantined). C:\System Volume Information\_restore{C5D90EED-9F80-4FF0-AD2A-72507F08F350}\RP30\A0016504.dll -> Downloader.Agent.awb : Cleaned with backup (quarantined). C:\System Volume Information\_restore{C5D90EED-9F80-4FF0-AD2A-72507F08F350}\RP30\A0016505.dll -> Downloader.Agent.awb : Cleaned with backup (quarantined). C:\System Volume Information\_restore{C5D90EED-9F80-4FF0-AD2A-72507F08F350}\RP30\A0017490.DLL -> Downloader.Small.dxm : Cleaned with backup (quarantined). C:\System Volume Information\_restore{C5D90EED-9F80-4FF0-AD2A-72507F08F350}\RP30\A0016500.exe -> Logger.Agent.or : Cleaned with backup (quarantined). C:\System Volume Information\_restore{C5D90EED-9F80-4FF0-AD2A-72507F08F350}\RP30\A0016506.dll -> Trojan.Agent.qt : Cleaned with backup (quarantined). C:\System Volume Information\_restore{C5D90EED-9F80-4FF0-AD2A-72507F08F350}\RP30\A0016507.dll -> Trojan.Agent.qt : Cleaned with backup (quarantined). C:\System Volume Information\_restore{C5D90EED-9F80-4FF0-AD2A-72507F08F350}\RP30\A0016501.dll -> Trojan.BHO.ab : Cleaned with backup (quarantined). C:\System Volume Information\_restore{C5D90EED-9F80-4FF0-AD2A-72507F08F350}\RP30\A0016511.exe -> Trojan.Durvil : Cleaned with backup (quarantined). C:\System Volume Information\_restore{C5D90EED-9F80-4FF0-AD2A-72507F08F350}\RP30\A0016509.dll -> Trojan.Kolweb.j : Cleaned with backup (quarantined). C:\System Volume Information\_restore{C5D90EED-9F80-4FF0-AD2A-72507F08F350}\RP30\A0016510.dll -> Trojan.Kolweb.j : Cleaned with backup (quarantined). C:\System Volume Information\_restore{C5D90EED-9F80-4FF0-AD2A-72507F08F350}\RP30\A0016508.dll -> Worm.Locksky.aw : Cleaned with backup (quarantined). C:\WINDOWS\system32\__delete_on_reboot__i_n_s_t_c_a_t_._d_l_l_ -> Worm.Locksky.aw : Cleaned with backup (quarantined). ::Report end

#14 haunt

haunt

    Authentic Member

  • Authentic Member
  • PipPip
  • 20 posts

Posted 18 February 2007 - 05:43 PM

Logfile of HijackThis v1.99.1
Scan saved at 6:35:04 PM, on 2/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Home\Desktop\HijackThis.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,vihrmvt.exe
O1 - Hosts: localhost 127.0.0.1
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [Microsoft Windows Installer] C:\DOCUME~1\Home\LOCALS~1\Temp\stdrun1.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://supportcenter...oad/tgctlsr.cab
O16 - DPF: {010123DF-5E80-11D8-9E86-0007E96C65AE} (SprtCtlBrowse Class) - http://supportcenter...d/sprtctlbr.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter...oad/tgctlcm.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1171219238547
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZONELABS\vsmon.exe

#15 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,166 posts

Posted 18 February 2007 - 05:45 PM

With AVG Anti-Spyware, if you click on the Infections icon, then it will show you all the items in Quarrantine and you can remove them that way. Just click Select All (if all of the items in quarrantine need removing) then Remove Finally


You can remove any programs I had you install. Use Add/Remove Programs to remove if listed there:

Log looks good :D


You need to create a new Clean restore point.

Note: This will remove all previous Restore Points

Turn off System Restore:

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

Restart your computer, turn it back on.

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Remove the Check Turn off System Restore.
Click Apply, and then click OK.

Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Check "Hide file extensions for known file types."
Under the "Hidden files" folder, Uncheck "Show hidden files and folders."
Check "Hide protected operating system files."
Click Apply, and then click OK.



If you dont have any programs like these, I would recommend that you get them.
Spywareblaster,
Spywareguard.


Also get a FREE FIREWALL and FREE ANTI VIRUS if you need one.

Only run one Anti-Virus and Firewall program.

It is critical to have both a firewall and anti virus to protect your system.

Keep your system up to date and run Adaware & Spybot, once a week works, and hopefully you will be ok from here on. Both are available below.

Do not use Ad-aware if you have McAfee's VirusScan and AntiSpyware


Safe Surfing. :D

I would also suggest you read this:
So how did I get infected in the first place?
by Tony Klein

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users