Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Drpmon & Co[RESOLVED]

Started by jonnymay , May 17 2005 05:36 PM

  • This topic is locked This topic is locked

#1
jonnymay
Posted 17 May 2005 - 05:36 PM

jonnymay

    Member

  • Member
  • PipPip
  • 10 posts
Hello All,

I seem to have that dreaded post that everyone has.

If you could help me, it would be much appreciative.

Thanks in advance,

Jonny May. :tazz:

Logfile of HijackThis v1.99.1
Scan saved at 00:34:53, on 18/05/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SYSTEM32\Drivers\dadapp.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\IAMAPP.EXE
C:\Program Files\USBToolbox\Res.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\ctfmon.exe
c:\windows\system32\subuflh.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Realtek\Rtl8180\RtlWake.exe
C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISUM.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\SymPxSvc.exe
C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISSERV.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jonathan May\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell...gen/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/news
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell...gen/default.htm
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DadApp] C:\WINDOWS\SYSTEM32\Drivers\dadapp.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [CookieWall] C:\Program Files\AnalogX\CookieWall\cookie.exe
O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [iamapp] C:\PROGRA~1\SYMANT~1\SYMANT~2\IAMAPP.EXE
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USBToolbox\Res.EXE
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [0gcMK] C:\WINDOWS\tuckwg.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [brvuzf] c:\windows\system32\subuflh.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: RtlWake.lnk = ?
O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {A7E092C3-692A-11D0-A7E5-08002B322F3B} (WebResponseAttachments Control) - https://webresponse....eX/FileXfer.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.app.../ITDetector.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec Client Firewall Service (NISSERV) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISSERV.EXE
O23 - Service: Symantec Client Firewall Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISUM.EXE
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Client Firewall Proxy Service (SymPxSvc) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\SymPxSvc.exe
  • 0

Advertisements

#2
tampabelle
Posted 19 May 2005 - 07:11 AM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi Jonnymay,

Welcome to Geeks to Go !!! I will help you in cleaning up your PC.

Let me verify the fix with the experts and revert to you.

Thanx for your patience
  • 0

#3
tampabelle
Posted 19 May 2005 - 10:08 AM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi Jonnymay

Please download Nailfix from here. Unzip it to the desktop but please do NOT run it yet.

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

For additional help in booting into Safe Mode, see the following site.

Once in Safe Mode, please double-click on Nailfix.cmd. Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.

Next please run HijackThis, click Scan, and check:

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O4 - HKLM\..\Run: [0gcMK] C:\WINDOWS\tuckwg.exe
O4 - HKLM\..\Run: [brvuzf] c:\windows\system32\subuflh.exe

Close all open windows except for HijackThis and click Fix Checked.

Delete the files, if found on your PC -
C:\WINDOWS\tuckwg.exe
c:\windows\system32\subuflh.exe

Restart your computer in normal mode.

Scan the computer here:
http://www.ewido.net/en/
Let it do a full run, than copy the log. Past it to a blank Notepad file and save it to post here.
Hi Jonnymay

Please download Nailfix from here. Unzip it to the desktop but please do NOT run it yet.

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

For additional help in booting into Safe Mode, see the following site.

Once in Safe Mode, please double-click on Nailfix.cmd. Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.

Next please run HijackThis, click Scan, and check:

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O4 - HKLM\..\Run: [0gcMK] C:\WINDOWS\tuckwg.exe
O4 - HKLM\..\Run: [brvuzf] c:\windows\system32\subuflh.exe

Close all open windows except for HijackThis and click Fix Checked.

Delete the files, if found on your PC -
C:\WINDOWS\tuckwg.exe
c:\windows\system32\subuflh.exe

Restart your computer in normal mode.

Scan the computer here:
http://www.ewido.net/en/
Let it do a full run, than copy the log. Past it to a blank Notepad file and save it to post here.
Then let it rerun. Save that log too.

Run Hijack THis and post the new HijackThis log, as well as the logs from the Ewido scan here.
  • 0

#4
jonnymay
Posted 19 May 2005 - 01:51 PM

jonnymay

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Hi there,

Firstly, thanks for your help it really is much appreciated.

I completed the steps you laid out for me.

04-HKLM\..Run: [brvuzf] c:\windows\system32\subuflh.exe was not there.

I fix checked the two other items.

Also, my computer could not find:

c:\windows\tuckwg.exe
c:\windows\system32\subuflh.exe

Ewido found this:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 19:20:15, 19/05/2005
+ Report-Checksum: 4F87B5DE

+ Date of database: 19/05/2005
+ Version of scan engine: v3.0

+ Duration: 66 min
+ Scanned Files: 81588
+ Speed: 20.55 Files/Second
+ Infected files: 51
+ Removed files: 51
+ Files put in quarantine: 51
+ Files that could not be opened: 0
+ Files that could not be cleaned: 0

+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes

+ Scanned items:
C:\

+ Scan result:
C:\Documents and Settings\Jonathan May\Cookies\jonathan [email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Jonathan May\Cookies\jonathan [email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Jonathan May\Cookies\jonathan [email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Jonathan May\Cookies\jonathan [email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Jonathan May\Cookies\jonathan [email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Jonathan May\Cookies\jonathan [email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Jonathan May\Cookies\jonathan may@bannerspace[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Jonathan May\Cookies\jonathan [email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Jonathan May\Cookies\jonathan [email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Jonathan May\Cookies\jonathan [email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Jonathan May\Cookies\jonathan [email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Jonathan May\Cookies\jonathan may@careers[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Jonathan May\Cookies\jonathan may@com[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Jonathan May\Cookies\jonathan may@gsmworld[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Jonathan May\Cookies\jonathan [email protected][1].txt -> SpSpyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Jonathan May\Cookies\jonathan [email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Jonathan May\Cookies\jonathan [email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Jonathan May\Cookies\jonathan may@sitemeter[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Jonathan May\Cookies\jonathan [email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Jonathan May\Cookies\jonathan [email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Jonathan May\Cookies\jonathan may@xiti[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Jonathan May\Local Settings\Temp\Cookies\jonathan may@35222379[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Jonathan May\Local Settings\Temp\i5.tmp -> TrojanDownloader.Totavel.a -> Cleaned with backup
C:\Documents and Settings\Jonathan May\Local Settings\Temp\ICD7.tmp\WinCtlAdX.dll -> Spyware.WinAD.f -> Cleaned with backup
C:\Documents and Settings\Jonathan May\Local Settings\Temp\iinstall.exe -> TrojanDownloader.IstBar.hp -> Cleaned with backup
C:\Documents and Settings\Jonathan May\Local Settings\Temp\temp.fr60A5 -> Trojan.Agent.db -> Cleaned with backup
C:\Documents and Settings\Jonathan May\Local Settings\Temporary Internet Files\Content.IE5\OPY3CXY7\DrPMon[1].dll -> Trojan.Agent.db -> Cleaned with backup
C:\Documents and Settings\Jonathan May\Local Settings\Temporary Internet Files\Content.IE5\OTUVSX6F\svcproc[1].exe -> Trojan.Stervis.c -> Cleaned with backup
C:\Documents and Settings\Jonathan May\Local Settings\Temporary Internet Files\Content.IE5\U1D2ZUXK\Nail[1].exe -> Trojan.Nail -> Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP535\A0078625.exe -> Trojan.Nail -> Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP535\A0078635.exe -> Trojan.Nail -> Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP535\A0078638.dll -> Trojan.Agent.db -> Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP535\A0078645.exe -> Trojan.Agent.cp -> Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP535\A0078647.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP535\A0078648.exe -> Trojan.Stervis.c -> Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP535\A0078649.exe -> Trojan.Nail -> Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP536\A0078651.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP536\A0078652.exe -> Trojan.Nail -> Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP536\A0078654.exe -> Trojan.Agent.cp -> Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP536\A0078660.exe -> Trojan.Agent.cp -> Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP536\A0078664.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP536\A0078674.exe -> Trojan.Nail -> Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP536\A0078675.exe -> Trojan.Stervis.c -> Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP536\A0078676.dll -> Trojan.Agent.db -> Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP536\A0078682.exe -> Trojan.Agent.cp -> Cleaned with backup
C:\WINDOWS\bbchk.exe -> Spyware.Bargainbuddy -> Cleaned with backup
C:\WINDOWS\Downloaded Program Files\WinCtlAdX.dll -> Spyware.WinAD.f -> Cleaned with backup
C:\WINDOWS\qggtrptbrze.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\WINDOWS\SYSTEM32\evgsqb.exe -> Trojan.Agent.cp -> Cleaned with backup


::Report End

---------------------------------------------------------
ewido security suite - Process report
---------------------------------------------------------

+ Created on: 19:30:25, 19/05/2005
+ Report-Checksum: F1BB44C9

0: System Process
4: System Process
364: \SystemRoot\System32\smss.exe
412: \??\C:\WINDOWS\system32\csrss.exe
436: \??\C:\WINDOWS\system32\winlogon.exe
480: C:\WINDOWS\system32\services.exe
492: C:\WINDOWS\system32\lsass.exe
496: C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
608: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
644: C:\WINDOWS\system32\svchost.exe
676: C:\WINDOWS\SYSTEM32\Drivers\dadapp.exe
700: C:\WINDOWS\system32\svchost.exe
740: C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
764: C:\WINDOWS\System32\svchost.exe
788: C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe
804: C:\Program Files\USBToolbox\Res.EXE
824: C:\WINDOWS\System32\svchost.exe
860: C:\WINDOWS\System32\svchost.exe
872: C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
896: C:\PROGRA~1\SYMANT~1\SYMANT~2\IAMAPP.EXE
936: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE
992: C:\Program Files\QuickTime\qttask.exe
1012: C:\Program Files\iTunes\iTunesHelper.exe
1028: C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
1080: C:\Program Files\ewido\security suite\ewidoctrl.exe
1084: C:\WINDOWS\system32\ctfmon.exe
1188: C:\WINDOWS\system32\spoolsv.exe
1288: C:\WINDOWS\Explorer.EXE
1356: C:\Program Files\Realtek\Rtl8180\RtlWake.exe
1376: C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
1432: C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISUM.EXE
1576: C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
1644: C:\WINDOWS\System32\nvsvc32.exe
1684: C:\WINDOWS\System32\svchost.exe
1812: C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\SymPxSvc.exe
1944: C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISSERV.EXE
2172: C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
2200: C:\Program Files\iPod\bin\iPodService.exe
2420: C:\WINDOWS\System32\alg.exe
2564: C:\Program Files\ewido\security suite\ewidoguard.exe
2968: C:\Program Files\ewido\security suite\securitysuite.exe
3284: C:\WINDOWS\system32\wuauclt.exe
3624: C:\Program Files\Internet Explorer\iexplore.exe

---------------------------------------------------------
ewido security suite - Startup report
---------------------------------------------------------

+ Created on: 19:30:34, 19/05/2005
+ Report-Checksum: B21C401

Reg\HKLM\Run NvCplDaemon RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
Reg\HKLM\Run SynTPLpr C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
Reg\HKLM\Run SynTPEnh C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Reg\HKLM\Run DadApp C:\WINDOWS\SYSTEM32\Drivers\dadapp.exe
Reg\HKLM\Run AdaptecDirectCD C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
Reg\HKLM\Run CookieWall C:\Program Files\AnalogX\CookieWall\cookie.exe
Reg\HKLM\Run SideWinderTrayV4 C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe
Reg\HKLM\Run nwiz nwiz.exe /installquiet
Reg\HKLM\Run vptray C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
Reg\HKLM\Run iamapp C:\PROGRA~1\SYMANT~1\SYMANT~2\IAMAPP.EXE
Reg\HKLM\Run USB Storage Toolbox C:\Program Files\USBToolbox\Res.EXE
Reg\HKLM\Run EPSON Stylus Photo R300 Series C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
Reg\HKLM\Run QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
Reg\HKLM\Run iTunesHelper "C:\Program Files\iTunes\iTunesHelper.exe"
Reg\HKLM\Run gcasServ "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
Reg\HKCU\Run MoneyAgent "C:\Program Files\Microsoft Money\System\Money Express.exe"
Reg\HKCU\Run ctfmon.exe C:\WINDOWS\system32\ctfmon.exe
Shell\CommonStartup RtlWake.lnk C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RtlWake.lnk

Second run

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 20:47:49, 19/05/2005
+ Report-Checksum: E81F49D7

+ Date of database: 19/05/2005
+ Version of scan engine: v3.0

+ Duration: 75 min
+ Scanned Files: 81611
+ Speed: 18.06 Files/Second
+ Infected files: 2
+ Removed files: 2
+ Files put in quarantine: 2
+ Files that could not be opened: 0
+ Files that could not be cleaned: 0

+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes

+ Scanned items:
C:\

+ Scan result:
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP536\A0078685.exe -> Spyware.Bargainbuddy -> Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP536\A0078686.exe -> Spyware.BetterInternet -> Cleaned with backup


::Report End

---------------------------------------------------------
ewido security suite - Process report
---------------------------------------------------------

+ Created on: 20:48:21, 19/05/2005
+ Report-Checksum: B8791FEC

0: System Process
4: System Process
364: \SystemRoot\System32\smss.exe
412: \??\C:\WINDOWS\system32\csrss.exe
436: \??\C:\WINDOWS\system32\winlogon.exe
480: C:\WINDOWS\system32\services.exe
492: C:\WINDOWS\system32\lsass.exe
496: C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
608: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
644: C:\WINDOWS\system32\svchost.exe
676: C:\WINDOWS\SYSTEM32\Drivers\dadapp.exe
700: C:\WINDOWS\system32\svchost.exe
740: C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
764: C:\WINDOWS\System32\svchost.exe
788: C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe
804: C:\Program Files\USBToolbox\Res.EXE
824: C:\WINDOWS\System32\svchost.exe
860: C:\WINDOWS\System32\svchost.exe
872: C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
896: C:\PROGRA~1\SYMANT~1\SYMANT~2\IAMAPP.EXE
936: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE
992: C:\Program Files\QuickTime\qttask.exe
1012: C:\Program Files\iTunes\iTunesHelper.exe
1028: C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
1080: C:\Program Files\ewido\security suite\ewidoctrl.exe
1084: C:\WINDOWS\system32\ctfmon.exe
1188: C:\WINDOWS\system32\spoolsv.exe
1288: C:\WINDOWS\Explorer.EXE
1356: C:\Program Files\Realtek\Rtl8180\RtlWake.exe
1376: C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
1432: C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISUM.EXE
1576: C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
1644: C:\WINDOWS\System32\nvsvc32.exe
1684: C:\WINDOWS\System32\svchost.exe
1780: C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
1812: C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\SymPxSvc.exe
1944: C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISSERV.EXE
2172: C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
2200: C:\Program Files\iPod\bin\iPodService.exe
2420: C:\WINDOWS\System32\alg.exe
2564: C:\Program Files\ewido\security suite\ewidoguard.exe
2588: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
2968: C:\Program Files\ewido\security suite\securitysuite.exe
3284: C:\WINDOWS\system32\wuauclt.exe
3624: C:\Program Files\Internet Explorer\iexplore.exe

---------------------------------------------------------
ewido security suite - Startup report
---------------------------------------------------------

+ Created on: 20:48:38, 19/05/2005
+ Report-Checksum: 68BD499C

Reg\HKLM\Run NvCplDaemon RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
Reg\HKLM\Run SynTPLpr C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
Reg\HKLM\Run SynTPEnh C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Reg\HKLM\Run DadApp C:\WINDOWS\SYSTEM32\Drivers\dadapp.exe
Reg\HKLM\Run AdaptecDirectCD C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
Reg\HKLM\Run CookieWall C:\Program Files\AnalogX\CookieWall\cookie.exe
Reg\HKLM\Run SideWinderTrayV4 C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe
Reg\HKLM\Run nwiz nwiz.exe /installquiet
Reg\HKLM\Run vptray C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
Reg\HKLM\Run iamapp C:\PROGRA~1\SYMANT~1\SYMANT~2\IAMAPP.EXE
Reg\HKLM\Run USB Storage Toolbox C:\Program Files\USBToolbox\Res.EXE
Reg\HKLM\Run EPSON Stylus Photo R300 Series C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
Reg\HKLM\Run QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
Reg\HKLM\Run iTunesHelper "C:\Program Files\iTunes\iTunesHelper.exe"
Reg\HKLM\Run gcasServ "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
Reg\HKCU\Run MoneyAgent "C:\Program Files\Microsoft Money\System\Money Express.exe"
Reg\HKCU\Run ctfmon.exe C:\WINDOWS\system32\ctfmon.exe
Shell\CommonStartup RtlWake.lnk C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RtlWake.lnk

Logfile of HijackThis v1.99.1
Scan saved at 20:49:23, on 19/05/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISUM.EXE
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\SymPxSvc.exe
C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISSERV.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SYSTEM32\Drivers\dadapp.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\IAMAPP.EXE
C:\Program Files\USBToolbox\Res.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Realtek\Rtl8180\RtlWake.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\securitysuite.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\Jonathan May\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell...gen/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/news
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell...gen/default.htm
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DadApp] C:\WINDOWS\SYSTEM32\Drivers\dadapp.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [CookieWall] C:\Program Files\AnalogX\CookieWall\cookie.exe
O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [iamapp] C:\PROGRA~1\SYMANT~1\SYMANT~2\IAMAPP.EXE
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USBToolbox\Res.EXE
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: RtlWake.lnk = ?
O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {A7E092C3-692A-11D0-A7E5-08002B322F3B} (WebResponseAttachments Control) - https://webresponse....eX/FileXfer.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.app.../ITDetector.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec Client Firewall Service (NISSERV) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISSERV.EXE
O23 - Service: Symantec Client Firewall Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISUM.EXE
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
O23 - Service: Symantec Client Firewall Proxy Service (SymPxSvc) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\SymPxSvc.exe

Thank you for your continued help,
Jonny May.
  • 0

#5
tampabelle
Posted 19 May 2005 - 04:50 PM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi Jonny May,


Congratulations !!!!!! Your PC is now clean :tazz: ;) ;)

I would strongly urge you to clear your earlier System Restore points and create a fresh one, enumerated in Step 8 below.


PREVENTIVE MEASURES FOR FUTURE
You should however take steps to ensure that your system remains clean.

Operating System
1. Keep the Windows and Internet Explorer updated with the latest fixes. These fixes are available free from Microsoft. Click on Tools in the IE menu bar and then on Windows update. You can also the following links

Windows security and critical updates
Internet Explorer security and critical updates

Also ensure that automatic updates are enabled for faster updation of the system.
(Right click on My Computer on your desktop, properties and Automatic Updates tab.


Anti-Virus Software
2. Keep your Anti-virus program updated with the latest definitions. Some of the common anti-virus programs in use are :

Norton Anti-Virus
McAfee Anti-Virus
AVG Anti-Virus --- freeware
Avast Home Edition --- freeware


Firewall
3. You should also have a good firewall. Here are 3 free ones available for personal use:
Sygate Personal Firewall, Kerio Personal Firewall, ZoneAlarm


Internet Browsers
4. Have robust explorer settings. It is preferable to use an internet browser other that IE as most of the malware is targetted at IE. In case you prefer to use IE, then download a list of innocent looking but harmful websites from IE-Spyad and install it on ur PC. IE-SPYAD puts over 5000 sites in your internet explorer's restricted zone, so you'll be protected when you visit innocent-looking sites that aren't really innocent at all.

Some alternate browsers I suggest are Firefox Mozilla Browser and Opera

Ensure that Security level, irrespective of whichever browser you use, is set at Medium or higher, restrict the usage of cookies and activeX components.


Spyware Protection
5. Have a wall of protection against spyware / adware by installing SpywareBlaster and SpywareGuard.

SpywareBlaster and SpywareGuard are by JavaCool and both are free programs.
SpywareBlaster will prevent spyware from being installed and consumes no system resources.
SpywareGuard offers realtime protection from spyware installation and browser hijack attempts. Both have free ongoing updates.


Spyware Removers
6. Install programs for scanning for malware and uninstalling them. Two of the best programs, both are freeware, are :

Spybot Search & Destroy - A powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.

AdAware SE Personal Edition - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.


Regular Maintenance of PC
7. Finally, invest some time for regular maintenance of your PC. Delete the temporary Internet files, temporary files, cookies etc. Click on Start button, Programs, Accessories, System Tools and run the program Disk Cleanup. Follow the instructions.

An alternate freeware software which can be used is CleanUp.

Keep your Registry clean. My favourite software is Registry First Aid. This is not a freeware but a trial version can be downloaded.


System Restore Points
8. Since your PC is currently clean, create a system restore point. A system restore would enable you to revert to the settings on the PC when the restore point was created. It is also a good idea to flush all earlier system restore points which may be containing infected files.

A. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

B. Restart your computer.

C. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.

System Restore will now be active again.


Go ahead and enjoy a clean PC !!!!!!!!!!!!!
  • 0

#6
therock247uk
Posted 19 May 2005 - 05:28 PM

therock247uk

    Expert

  • Expert
  • 14,672 posts
  • MVP
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP