Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Win Fixer 2005 problems


  • Please log in to reply

#1
computerwiz12890

computerwiz12890

    Fixer-upper guy

  • Retired Staff
  • 1,802 posts
This is my first time posting on this website. That Win Fixer 2005 is driving me crazy. It is one of my customer's computer that is infected. I've cleared out every temp folder and temporary internet folder. Access is Denied did not stop me. I cleaned out the prefetch folder and I even did a search for any files named "fix" or "uwfx" since that seemed to be what a lot of the Win Fixer files had in their name. I deleted the Win Fixer entry from the Regestry. I ran Spy Bot, Ad-Aware, and Noadware, but they obviously didn't get rid of all of Win Fixer. I installed and ran Kaspersky Anti-Virus, which found and removed 159 viruses. I disabled System Restore so if it was hiding in there, it would have been removed. I even messed around with Hijack This. I did all of this while being disconnected from the internet. Please help me, I've completly run out of ideas, and I'm about ready to do a full restore of their computer. :tazz:

Here is their Hijack This log:

Logfile of HijackThis v1.99.1
Scan saved at 9:45:08 PM, on 8/13/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\FamilyKeyLogger\cisvc.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
G:\Tools\Spyware Remover\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus9.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qus9.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
O2 - BHO: PopThis BHO - {0549E6CB-9985-42F6-8FD6-4EC017E6AAE1} - C:\Program Files\Surfapps.com\PopThis! Free Version\PopThis.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [FamilyKeyLogger] C:\Program Files\FamilyKeyLogger\cisvc.exe
O4 - HKLM\..\Run: [BHR3.5] C:\Program Files\Zamaan's Software\Browser Hijack Retaliator 3.5\BHR3.5.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: (no name) - {91663649-416A-42A5-8E54-B63C1ECA0548} - C:\Program Files\Surfapps.com\PopThis! Free Version\PopThis.dll
O9 - Extra 'Tools' menuitem: PopThis! Options... - {91663649-416A-42A5-8E54-B63C1ECA0548} - C:\Program Files\Surfapps.com\PopThis! Free Version\PopThis.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O16 - DPF: {4208FB4D-4E53-4F5A-BF7A-3E047DDB5281} (ActiveX Control) - http://www.icannnews.../ST/ActiveX.ocx
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1123628596906
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O20 - Winlogon Notify: Reliability - C:\WINDOWS\system32\cDtsrv.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


PS: I have dial-up so it may be a while before I check for any replies.
  • 0

Advertisements


#2
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Hi computerwiz12890 and Weclome to GeekstoGo!

That appears to be the Look2me Infection,so please download the l2mfix from here
http://www.atribune....oads/l2mfix.exe
or
http://www.downloads....org/l2mfix.exe

Save the file to your desktop and double click l2mfix.exe.

Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop.

Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log.

Copy the contents of that log and paste it into this thread.

IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until I ask you to.


If you recieve any error messages for CMD or Autoexec.bat>> Select Option 5 from the l2mfix and once at the Site,Click on the link that apply to your Operating System!

Double Click the file it downloads and Extract the files to its predetermined System32 folder!
  • 0

#3
computerwiz12890

computerwiz12890

    Fixer-upper guy

  • Topic Starter
  • Retired Staff
  • 1,802 posts
Man, that is one thourough log! :tazz: My customer did everything you said, and an error popped up saying that autoexec is not a valid win32 application. I didn't tell her to do option #5, since a log was produced. Let me know if I should tell her to go and do that. I attached the log, since it seems it was too long to put in the post. I'm glad you guys are here to help us. :) I never thought computer repair could get so complicated! :)


[attachment=3055:attachment]

Edited by computerwiz12890, 15 August 2005 - 07:54 PM.

  • 0

#4
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Holy Snikeys!!!!!!!!!! :tazz:

That is one of the longest l2m logs I have ever seen!

Please walk them through Option 5 carefully!

Once they get to the site-> Have them click the link that applies to thier Operating System!

Once the file is download-> Double Click and Small Window will open!

Leave the destination as it is and Click Unzip!

Thats that!

Close any programs you have open since this step requires a reboot.


From the l2mfix folder on your desktop, double click l2mfix.bat and select option #2 for Run Fix by typing 2 and then pressing enter, then press any key to reboot your computer.

After a reboot, your desktop and icons will appear, then disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, notepad will open with a log.

Copy the contents of that log and paste it back into this thread, along with a new hijackthis log.

IMPORTANT: Do NOT run any other files in the l2mfix folder until you are asked to do so!

Get those 2 logs posted and proceed with the Instructions below!

Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/

Please read Ewido Setup Instructions
Install it, and update the definitions to the newest files. Do NOT run a scan yet.

If you have not already installed Ad-Aware SE 1.06, follow these download and setup instructions, otherwise, check for updates:
Ad-Aware SE Setup
Don't run it yet!

Download and Install
CleanUp!
Dont use it yet!

Reboot into SAFE MODE(Tap F8 when restarting)
Here is a link on how to boot into Safe Mode:
http://service1.syma...src=sec_doc_nam

Run Cleanup,when prompted to log off>> Select No

Scan the PC with Ewido just as described in the link-> Clean everthing it finds and make sure to Save the Report

Scan the System with Ad Aware,remove everything it finds and delete all quaratine files!

Run MSCONFIG and enable everything in the startup area. To get to MSCONFIG, click on Start -> Run -> type in MSCONFIG -> click OK!

Under the "General" Tab
Make Sure Normal Startup is Checked!!

Click Apply>>OK>>Follow the Prompts to Restart!!

Restart Normal and have the PC Scanned here:
Panda Active Scan

You will need to be using Internet Explorer for the Scan to work!

Save the Report it generates

Download the Hoster from here:
http://www.funkytoad...load/hoster.zip
Press "Restore Original Hosts" and press "OK"!
Exit Program!


Post back with a fresh HijackThis log and the reports from Ewido and Panda!
  • 0

#5
computerwiz12890

computerwiz12890

    Fixer-upper guy

  • Topic Starter
  • Retired Staff
  • 1,802 posts

Get those 2 logs posted and proceed with the Instructions below!

View Post



Here is where I'm at right now. Here are the two logs you asked for:

[attachment=3175:attachment]
[attachment=3177:attachment]

lol, I bet you'll love this l2mlog as well. It's so big I had to zip it. I'm at my customer's house right now. I'm hoping to knock this problem out today. Please respond soon. Until then I'm going to continue with the rest of your instructions.
  • 0

#6
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
I am with ya boss!

Be here until atleast 10 pm EST!

Thats one hellish l2mlog!

When you post the next HijackThis log,please just Copy&Paste it to your reply!
  • 0

#7
computerwiz12890

computerwiz12890

    Fixer-upper guy

  • Topic Starter
  • Retired Staff
  • 1,802 posts
Thanks a lot! :) It seems completely fixed. Here's the log from Ewido:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 6:33:00 PM, 8/19/2005
+ Report-Checksum: EE63163F

+ Scan result:

HKLM\SOFTWARE\Classes\ADP.UrlCatcher -> Spyware.BargainBuddy : Error during cleaning
HKLM\SOFTWARE\Classes\BookedSpace.Extension -> Spyware.BookedSpace : Error during cleaning
HKLM\SOFTWARE\Classes\CB.UrlCatcher -> Spyware.NaviSearch : Error during cleaning
HKLM\SOFTWARE\Classes\CLSID\{2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Common.Buttons -> Spyware.WebSearch : Error during cleaning
HKLM\SOFTWARE\Classes\NLS.UrlCatcher -> Spyware.NaviSearch : Error during cleaning
HKLM\SOFTWARE\Classes\PopOops2.PopOops -> Spyware.AdDestroyer : Error during cleaning
HKLM\SOFTWARE\Classes\Radio.RadioPlayer -> Spyware.WebSearch : Error during cleaning
HKLM\SOFTWARE\Classes\SWLAD1.SWLAD -> Spyware.AdDestroyer : Error during cleaning
HKLM\SOFTWARE\Classes\TBPS.PluginConfig -> Spyware.WebSearch : Error during cleaning
HKLM\SOFTWARE\Classes\TBPS.PluginConfig\Clsid -> Spyware.WebSearch : Error during cleaning
HKLM\SOFTWARE\Classes\TBPS.PluginDown -> Spyware.WebSearch : Error during cleaning
HKLM\SOFTWARE\Classes\TBPS.PluginDown\Clsid -> Spyware.WebSearch : Error during cleaning
HKLM\SOFTWARE\Classes\TBPS.PluginDownAdd -> Spyware.WebSearch : Error during cleaning
HKLM\SOFTWARE\Classes\TBPS.PluginDownAdd\Clsid -> Spyware.WebSearch : Error during cleaning
HKLM\SOFTWARE\Classes\TBPS.PluginEvents -> Spyware.WebSearch : Error during cleaning
HKLM\SOFTWARE\Classes\TBPS.PluginEvents\Clsid -> Spyware.WebSearch : Error during cleaning
HKLM\SOFTWARE\Classes\TBPS.PluginInst -> Spyware.WebSearch : Error during cleaning
HKLM\SOFTWARE\Classes\TBPS.PluginInst\Clsid -> Spyware.WebSearch : Error during cleaning
HKLM\SOFTWARE\Classes\TBPS.PluginServer -> Spyware.WebSearch : Error during cleaning
HKLM\SOFTWARE\Classes\TBPS.PluginServer\Clsid -> Spyware.WebSearch : Error during cleaning
HKLM\SOFTWARE\Classes\TBPS.ToolbarScript -> Spyware.WebSearch : Error during cleaning
HKLM\SOFTWARE\Classes\TBPS.ToolbarScript\Clsid -> Spyware.WebSearch : Error during cleaning
HKLM\SOFTWARE\Classes\toolbar.ResProtocol -> Spyware.WebSearch : Error during cleaning
HKLM\SOFTWARE\Classes\WSG.WSGObj -> Spyware.WebSearch : Error during cleaning
HKLM\SOFTWARE\Classes\WSG.WSGObj\Clsid -> Spyware.WebSearch : Error during cleaning
HKLM\SOFTWARE\Classes\_ATL_GENERATED.SearchToolbarBHO -> Spyware.BrowserAid : Error during cleaning
HKLM\SOFTWARE\Classes\_ATL_GENERATED.SearchToolbarName -> Spyware.BrowserAid : Error during cleaning
HKLM\SOFTWARE\KMiNT21 -> Spyware.DesktopSpyAgent : Cleaned with backup
HKLM\SOFTWARE\KMiNT21\FamilyKeyLogger -> Spyware.DesktopSpyAgent : Cleaned with backup
HKLM\SOFTWARE\SecureWin -> Spyware.Adlogix : Cleaned with backup
C:\Documents and Settings\Administrator.YOUR-LK4RLMSU41\Local Settings\Application Data\Wildtangent\Cdacache\00\00\0F.dat/files\wtvh.dll -> Spyware.WildTangent : Cleaned with backup
C:\Documents and Settings\Default User\Application Data\wtta.exe -> Spyware.PurityScan : Cleaned with backup
C:\Documents and Settings\Default User\Local Settings\Application Data\Wildtangent\Cdacache\00\00\0F.dat/files\wtvh.dll -> Spyware.WildTangent : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\Application Data\wtta.exe -> Spyware.PurityScan : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/acrsvc.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/AELDial.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/aempvcno.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/ahsldpc.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/aId.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/aostream.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/aqrace.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/arcups.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/atlui.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/ayphelp.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/azmpvcno.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/bFsesrv.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/bic42.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/bXsesrv.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/cbmres.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/cdmpobj.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/cDtsrv.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/ckcfg32.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/clmpatUI.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/cmPasswd.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/cnosys.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/crmodem.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/csbcatq.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/cybcatq.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/dcnwsock.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/desenh.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/dgdmoprp.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/dlquery.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/dpiman32.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/dscprop2.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/dt16gt.dLL -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/duvvox.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/dwconfig.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/dxsapi.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/eats.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/ercdec.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/fasclntR.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/ffclient.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/fostiff.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/fpntsub.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/fyntsub.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/gdmzkdw.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/gqtuname.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/htcoin.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/hwetwiz.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/iBlmCoIn_v13_1.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/iDlmrnt5.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/ieetmib1.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/iElmrnt5.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/iem32.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/ieq.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/iFssvcs.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/igfosoft.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/ih41_qc.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/iHsrecst.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/iifxres.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/ijitpki.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/ikrdbg32.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/ilfxdgps.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/impeers.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/inmon.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/inrdbg32.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/iOlmcoin.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/irwphbk.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/iSlmcoin.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/iurdbg32.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/iuwphbk.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/ivfgnt5.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/ixmui.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/iYlmgdev.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/jbsh400.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/jimd400.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/jish400.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/JNWTAccessBridge.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/kadbe.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/kedur.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/kidfi.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/kjdsl.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/kldgr1.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/kpdusl.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/kqdtat.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/krdkyr.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/kudfc.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/lackout.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/lcbmp11n.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/ldpsd11n.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/leckres.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/lfckres.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/lhckout.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/lickout.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/lkcalui.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/lLprxy.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/lmghours.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/LNCMP11n.DLL -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/lpckout.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/lQngwrbk.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/lrimg11n.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/lscalui.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/ltpcd11n.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/lxckres.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/madtctm.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/mbxml2.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/mcc70.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/mdftedit.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/mdieftp.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/mgtime.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/mhl_mtf.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/midemui.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/midmo.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/mipmspsv.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/mitime.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/mjimsg.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/mlcpxl32.dLL -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/mljetoledb40.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/mmcorier.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/mmdart.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/mmwmdmsp.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/mnvcr71.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/moimsg.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/mpgina.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/mrcpx32r.dLL -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/mridntld.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/Mvstdfmt.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/mwexch40.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/mxexch40.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/myconf.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/mytime.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/nbiew.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/ndmsdba.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/ndptools.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/ndrsit.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/nelanman.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/nersfr.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/nhrszht.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/nlshell.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/nlwrsnl.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/nmwrsfi.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/nnevtmsg.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/noth.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/npoglnt.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/nprsda.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/nqoglnt.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/nrrsnl.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/nwl181.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/nxshell.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/nxwrses.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/nymsdba.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/nzwrsptb.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/ofbccr32.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/onbc32.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/onbccr32.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/OsmInfo.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/oteaut32.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/oveaut32.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/oxe2.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/oyesvr32.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/pay.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/pddx5032.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/pgwrprof.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/PLDLIB32.DLL -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/pLutoenr.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/pnspl.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/porfts.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/prspl.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/psthon22.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/PwogressTrace.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/pxgfilt.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/qagr.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/qbdwipes.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/qidit.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/qpv.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/qwartz.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/qxv.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/qyartz.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/qyvd.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/rBsauto.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/rDsser.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/rebdyctl.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/reboex32.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/repsnd.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/RJBios32.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/rjpcfgex.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/rJsmxs.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/rJsser.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/rkvpperf.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/rlcns4.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/rmgwizc.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/rMssapi.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/rOsmxs.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/rpboex32.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/rPstls.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/rsboex32.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/ruched32.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/rvbdyctl.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/rxched32.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/rxm.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/RYBios32.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/rYcpldlg.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/sBmsrv.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/SbSParse.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/scayerxp.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/sdrrun.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/seell32.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/serio800.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/sgripto.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/sibrccsp.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/sjrrun.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/smmsg.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/soesrv.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/SPInfo2.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/SpmRedir.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/sps.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/sqc.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/sqdpsrv.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/sqrrun.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/srxcoins.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/sslwid.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/SsSInst.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/suoolss.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/svdpsrv.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/svmpsnap.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/svrialui.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/swell32.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/swmpsnap.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/swnceng.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/sxesrv.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/sxxcoins.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/sycfiles.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/szoolss.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/tacfgwmi.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/tCcfgwmi.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/tFpi.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/tfpmonui.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/thpmon.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/tiappcmp.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/tiolhelp.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/tMembed.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/tNpisrv.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/tPpiperf.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/tPpisrv.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/tppmon.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/tspmonui.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/ttd32.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/tvemeui.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/tVpisrv.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/tZpiui.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/ugrfaxa.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/ujrvoica.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/uqandlg.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/utnphost.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/utrvoica.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/vwa256.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/wannls.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/whnbrand.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/wiw32.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/WnhRm.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/wnvcore2.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/wqfeman.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/wspui.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/wT2topl.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/wtntrust.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/wv2_32.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\backup.zip/guard.tmp -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\kris.FAMILYROOM\Local Settings\Application Data\Wildtangent\Cdacache\00\00\0F.dat/files\wtvh.dll -> Spyware.WildTangent : Cleaned with backup
C:\Documents and Settings\Owner.FAMILYROOM\Application Data\wtta.exe -> Spyware.PurityScan : Cleaned with backup
C:\Documents and Settings\Owner.FAMILYROOM\Local Settings\Application Data\Wildtangent\Cdacache\00\00\0F.dat/files\wtvh.dll -> Spyware.WildTangent : Cleaned with backup
C:\Documents and Settings\Totob307\Local Settings\Application Data\Wildtangent\Cdacache\00\00\0F.dat/files\wtvh.dll -> Spyware.WildTangent : Cleaned with backup
C:\Documents and Settings\~aShLeY~\Application Data\wtta.exe -> Spyware.PurityScan : Cleaned with backup
C:\Documents and Settings\~aShLeY~\Local Settings\Application Data\Wildtangent\Cdacache\00\00\0F.dat/files\wtvh.dll -> Spyware.WildTangent : Cleaned with backup
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Spyware.Wheaterbug : Cleaned with backup
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\QFle07212005192226539025.asw -> Spyware.IBIS : Cleaned with backup
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\QFle07212005192226539053.asw -> Spyware.IBIS : Cleaned with backup
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\QFle07212005192226539275.asw/TBPSSvc.exe -> Spyware.WebSearch : Cleaned with backup
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\QFle07212005192226539309.asw/newmajorse2.txt -> Spyware.WebSearch : Cleaned with backup
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\QMem07212005192126536457.asw -> Spyware.DelphinMediaViewer : Cleaned with backup
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\QMem07212005192226536690.asw -> Spyware.WebSearch : Cleaned with backup
C:\RECYCLER\S-1-5-18\Dc3020.exe -> Spyware.Pacer : Cleaned with backup
C:\RECYCLER\S-1-5-18\Dc3215.exe -> Spyware.Pacer : Cleaned with backup
C:\RECYCLER\S-1-5-18\Dc3239.cab/newmajorse2.txt -> Spyware.WebSearch : Cleaned with backup
C:\RECYCLER\S-1-5-18\Dc3296.exe -> Spyware.EliteBar : Cleaned with backup
C:\RECYCLER\S-1-5-18\Dc5346.exe -> Spyware.Look2Me : Cleaned with backup
C:\RECYCLER\S-1-5-18\Dc5669.dll -> Spyware.BookedSpace : Cleaned with backup
C:\RECYCLER\S-1-5-18\Dc5672.exe -> Trojan.Imiserv.c : Cleaned with backup
C:\RECYCLER\S-1-5-18\Dc5676.exe -> Spyware.AdURL : Cleaned with backup
C:\RECYCLER\S-1-5-18\Dc5694.exe -> Spyware.BookedSpace : Cleaned with backup
C:\RECYCLER\S-1-5-18\Dc5695.exe -> Adware.BetterInternet : Cleaned with backup
C:\RECYCLER\S-1-5-18\Dc5698.exe -> Spyware.BookedSpace : Cleaned with backup
C:\RECYCLER\S-1-5-18\Dc5818.dll -> Spyware.EliteBar : Cleaned with backup
C:\RECYCLER\S-1-5-18\Dc5820.exe -> Spyware.EliteBar : Cleaned with backup
C:\RECYCLER\S-1-5-18\Dc5821.dll -> Spyware.EliteBar : Cleaned with backup
C:\RECYCLER\S-1-5-18\Dc6110.exe -> Spyware.SafeSurfing : Cleaned with backup
C:\RECYCLER\S-1-5-18\Dc6178.dll -> Spyware.SafeSurfing : Cleaned with backup
C:\RECYCLER\S-1-5-18\Dc6198.exe -> Spyware.Pacer : Cleaned with backup
C:\RECYCLER\S-1-5-18\Dc6210.exe -> Spyware.SafeSurfing : Cleaned with backup
C:\RECYCLER\S-1-5-18\Dc7042.dll -> Spyware.Look2Me : Cleaned with backup
C:\RECYCLER\S-1-5-18\Dc754.frBD13\PIB.exe -> Spyware.WebSearch : Cleaned with backup
C:\RECYCLER\S-1-5-18\Dc754.frBD13\radio.exe -> Spyware.WebSearch : Cleaned with backup
C:\RECYCLER\S-1-5-18\Dc754.frBD13\TBPS.exe -> Spyware.WebSearch : Cleaned with backup
C:\RECYCLER\S-1-5-18\Dc754.frBD13\toolbar.dll -> Spyware.WebSearch : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\ActiveX.ocx -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\pcs_0026.exe -> Spyware.Pacer : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\pcs_0026.exe -> Spyware.Pacer : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\MediaGatewayX.dll -> Spyware.WinAD : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\pcs_0026.exe -> Spyware.Pacer : Cleaned with backup
C:\WINDOWS\dsr.dll -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\dsr.exe -> Trojan.Imiserv.c : Cleaned with backup
C:\WINDOWS\etb\nt_hide61.dll -> Spyware.EliteBar : Cleaned with backup
C:\WINDOWS\etb\nt_hide62.dll -> Spyware.EliteBar : Cleaned with backup
C:\WINDOWS\etb\pokapoka62.exe -> Spyware.EliteBar : Cleaned with backup
C:\WINDOWS\etb\xud2f.dll -> Spyware.EliteBar : Cleaned with backup
C:\WINDOWS\etb\xud_62.dll -> Spyware.EliteBar : Cleaned with backup
C:\WINDOWS\icont.exe -> Spyware.AdURL : Cleaned with backup
C:\WINDOWS\ru.exe -> Spyware.PurityScan : Cleaned with backup
C:\WINDOWS\system\UpdInst.exe -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Application Data\wtta.exe -> Spyware.PurityScan : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@adopt.specificclick[1].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@ads18.bpath[1].txt -> Spyware.Cookie.Bpath : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@burstnet[1].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@ehg-dig.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@trafficmp[2].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@uk.bpath[1].txt -> Spyware.Cookie.Bpath : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Wildtangent\Cdacache\00\00\0F.dat/files\wtvh.dll -> Spyware.WildTangent : Cleaned with backup
C:\WINDOWS\system32\lanbrup.exe -> Spyware.SafeSurfing : Cleaned with backup
C:\WINDOWS\system32\ljaenhwt.dll -> Spyware.PurityScan : Cleaned with backup
C:\WINDOWS\system32\MTE2NzY6ODoxNg.exe -> Spyware.ISearch : Cleaned with backup
C:\WINDOWS\system32\nekqlf.exe -> Spyware.Adstart : Cleaned with backup
C:\WINDOWS\system32\nwinfnhl.dll -> Spyware.SafeSurfing : Cleaned with backup
C:\WINDOWS\system32\PSof1.exe -> Spyware.Pacer : Cleaned with backup
C:\WINDOWS\system32\qk0nv.exe -> Trojan.Delf.cf : Cleaned with backup
C:\WINDOWS\system32\r6b7ib.exe -> Trojan.Delf.cf : Cleaned with backup
C:\WINDOWS\system32\redtrsha.dll -> Spyware.SafeSurfing : Cleaned with backup
C:\WINDOWS\system32\richup.exe -> Spyware.SafeSurfing : Cleaned with backup
C:\WINDOWS\system32\rzjd.dll -> Spyware.PurityScan : Cleaned with backup
C:\WINDOWS\system32\VVSNInst.exe -> Adware.SaveNow : Cleaned with backup
C:\WINDOWS\system32\wtta.exe -> Spyware.PurityScan : Cleaned with backup
C:\WINDOWS\ttgqdmvc.exe -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\tthakai.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\ukkvbwnp.exe -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\wttmdrzd.exe -> Spyware.BookedSpace : Cleaned with backup


::Report End





I was wondering: You said to enable normal startup in MSCONFIG. There are some virus and spyware entries in the startup tab. When the computer starts, it displays a bunch of error messages that it can't find some files or programs. Should I uncheck the entries that I know are spyware and viruses? And I was also wondering: Because of the length of the l2mfix log, does that mean my customer's computer was super-infected?

The Panda Active Scan is taking too long. I told her to let it finish and also told her how to save the report. It will probably take until 11:00 at night. I'll send you the report on Saturday around noon (central time). Do you think she can handle the rest with my guidance over the phone, if there is more to do? She is very computer illiterate. :tazz:

Thanks for all your help

Edited by computerwiz12890, 19 August 2005 - 08:31 PM.

  • 0

#8
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Go ahead and post a fresh HijackThis log with the Panda log and we will go from there!
  • 0

#9
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Go ahead and post a fresh HijackThis log with the Panda log and we will go from there!

I dont know about super infected but that was 1 long l2m log!
  • 0

#10
computerwiz12890

computerwiz12890

    Fixer-upper guy

  • Topic Starter
  • Retired Staff
  • 1,802 posts
Here is the Panda Scan results:

Incident Status Location

Spyware:spyware/safesurf No disinfected
C:\WINDOWS\SYSTEM32\richedtr.dll
Adware:adware/afaenhance No disinfected
C:\WINDOWS\SYSTEM\QBUninstaller.exe
Spyware:spyware/surfsidekick No disinfected
C:\DOCUMENTS AND SETTINGS\KRIS.FAMILYROOM\APPLICATION DATA\Sskknwrd.dll
Adware:adware program No disinfected
C:\WINDOWS\SYSTEM32\cache32dsrf4535dfs
Adware:adware/elitebar No disinfected
C:\WINDOWS\etb
Adware:adware/delfinmedia No disinfected
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\vidctrl
Adware:adware/pacimedia No disinfected Windows
Registry
Security Risk:Application/ProcessorNo disinfected
C:\Documents and Settings\kris.FAMILYROOM\Desktop\l2mfix\Process.exe
Security Risk:Application/ProcessorNo disinfected
C:\Documents and
Settings\kris.FAMILYROOM\Desktop\l2mfix\regfixes\l2mfix\Process.exe
Security Risk:Application/ProcessorNo disinfected
C:\Documents and Settings\kris.FAMILYROOM\Desktop\l2mfix.exe[Process.exe]
Security Risk:Application/ProcessorNo disinfected
C:\Program Files\America Online 9.0\download\l2mfix\Process.exe
Adware:Adware/PurityScan No disinfected C:\Program
Files\apsi\wtta.exe
Adware:Adware/ConsumerAlertSystemNo disinfected
C:\Program Files\CMAPP\Client\cmappmf.dll
Spyware:Spyware/BargainBuddy No disinfected C:\Program
Files\Common Files\AOL\AOL Spyware
Protection\Backup\QFle07212005192226537365.asw
Spyware:Spyware/BargainBuddy No disinfected C:\Program
Files\Common Files\AOL\AOL Spyware
Protection\Backup\QFle07212005192226537368.asw
Spyware:Spyware/BargainBuddy No disinfected C:\Program
Files\Common Files\AOL\AOL Spyware
Protection\Backup\QFle07212005192226539101.asw
Spyware:Spyware/BargainBuddy No disinfected C:\Program
Files\Common Files\AOL\AOL Spyware
Protection\Backup\QFle07212005192226539104.asw
Adware:Adware/Apropos No disinfected C:\Program
Files\Common Files\AOL\AOL Spyware
Protection\Backup\QFle07212005192226539328.asw
Adware:Adware/Apropos No disinfected C:\Program
Files\Common Files\AOL\AOL Spyware
Protection\Backup\QFle07212005192226539507.asw
Spyware:Spyware/BargainBuddy No disinfected
C:\RECYCLER\S-1-5-18\Dc1187.bmp
Spyware:Spyware/BargainBuddy No disinfected
C:\RECYCLER\S-1-5-18\Dc1232.bmp
Spyware:Spyware/BargainBuddy No disinfected
C:\RECYCLER\S-1-5-18\Dc1523.htm
Spyware:Spyware/BargainBuddy No disinfected
C:\RECYCLER\S-1-5-18\Dc1528.htm
Spyware:Spyware/BargainBuddy No disinfected
C:\RECYCLER\S-1-5-18\Dc1534.bmp
Virus:VBS/Psyme.C No disinfected
C:\RECYCLER\S-1-5-18\Dc1540.CHM[track26.htm]
Spyware:Spyware/BargainBuddy No disinfected
C:\RECYCLER\S-1-5-18\Dc1926.bmp
Spyware:Spyware/BargainBuddy No disinfected
C:\RECYCLER\S-1-5-18\Dc2268.htm
Spyware:Spyware/BargainBuddy No disinfected
C:\RECYCLER\S-1-5-18\Dc2269.htm
Spyware:Spyware/BargainBuddy No disinfected
C:\RECYCLER\S-1-5-18\Dc2273.htm
Spyware:Spyware/BargainBuddy No disinfected
C:\RECYCLER\S-1-5-18\Dc2274.htm
Spyware:Spyware/BargainBuddy No disinfected
C:\RECYCLER\S-1-5-18\Dc2275.htm
Spyware:Spyware/SafeSurf No disinfected
C:\RECYCLER\S-1-5-18\Dc2312.exe
Spyware:Spyware/BargainBuddy No disinfected
C:\RECYCLER\S-1-5-18\Dc2999.htm
Spyware:Spyware/BargainBuddy No disinfected
C:\RECYCLER\S-1-5-18\Dc3000.htm
Spyware:Spyware/BargainBuddy No disinfected
C:\RECYCLER\S-1-5-18\Dc3395.bmp
Adware:Adware/ConsumerAlertSystemNo disinfected
C:\RECYCLER\S-1-5-18\Dc3464.exe
Adware:Adware/Sqwire No disinfected
C:\RECYCLER\S-1-5-18\Dc3739.ini
Adware:Adware/Sqwire No disinfected
C:\RECYCLER\S-1-5-18\Dc4063.ini
Adware:Adware/Imibar No disinfected
C:\RECYCLER\S-1-5-18\Dc5693.dll
Adware:Adware/ConsumerAlertSystemNo disinfected
C:\RECYCLER\S-1-5-18\Dc7536.dll
Adware:Adware/MyWebSearch No disinfected
C:\RECYCLER\S-1-5-18\Dc754.frBD13\common.dll
Spyware:Spyware/BargainBuddy No disinfected
C:\RECYCLER\S-1-5-18\Dc776.htm
Spyware:Spyware/BargainBuddy No disinfected
C:\RECYCLER\S-1-5-18\Dc777.htm
Spyware:Spyware/BargainBuddy No disinfected
C:\RECYCLER\S-1-5-18\Dc781.htm
Spyware:Spyware/BargainBuddy No disinfected
C:\RECYCLER\S-1-5-18\Dc782.htm
Spyware:Spyware/BargainBuddy No disinfected
C:\RECYCLER\S-1-5-18\Dc783.htm
Spyware:Spyware/BargainBuddy No disinfected
C:\RECYCLER\S-1-5-18\Dc784.htm
Spyware:Spyware/BargainBuddy No disinfected
C:\RECYCLER\S-1-5-18\Dc785.htm
Adware:Adware/ConsumerAlertSystemNo disinfected
C:\RECYCLER\S-1-5-18\Dc8353.dll
Spyware:Spyware/BargainBuddy No disinfected
C:\WINDOWS\etb\xml\images\casino.bmp
Spyware:Spyware/BargainBuddy No disinfected
C:\WINDOWS\etb\xml\images\dating.bmp
Spyware:Spyware/BargainBuddy No disinfected
C:\WINDOWS\etb\xml\images\drugs.bmp
Spyware:Spyware/BargainBuddy No disinfected
C:\WINDOWS\etb\xml\images\fav.bmp
Spyware:Spyware/BargainBuddy No disinfected
C:\WINDOWS\etb\xml\images\virus.bmp
Spyware:Spyware/BetterInet No disinfected
C:\WINDOWS\system\QBUninstaller.exe
Spyware:Spyware/SafeSurf No disinfected
C:\WINDOWS\system32\InstallerV3.exe
Adware:Adware/PurityScan No disinfected
C:\WINDOWS\system32\rawh\!update-2454.0000
Spyware:Spyware/SafeSurf No disinfected
C:\WINDOWS\system32\richedtr.dll
Adware:Adware/PurityScan No disinfected
C:\WINDOWS\system32\Shex.exe
Adware:Adware/PurityScan No disinfected
C:\WINDOWS\system32\tdb.dll
Adware:Adware/PurityScan No disinfected
C:\WINDOWS\system32\w?auclt.exe
Adware:Adware/Imibar No disinfected
C:\WINDOWS\ttext.dll



Here is her latest Hijack This report:

Logfile of HijackThis v1.99.1
Scan saved at 1:45:11 PM, on 8/20/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\AOL\1119041116\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1119041116\ee\AOLServiceHost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\NetMeeting\conf.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rsvp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Common Files\AOL\1119041116\ee\AOLServiceHost.exe
C:\Documents and Settings\kris.FAMILYROOM\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus9.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qus9.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: PopThis BHO - {0549E6CB-9985-42F6-8FD6-4EC017E6AAE1} - C:\Program Files\Surfapps.com\PopThis! Free Version\PopThis.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1119041116\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [vidctrl] C:\WINDOWS\System32\vidctrl\vidctrl.exe
O4 - HKLM\..\Run: [ttupt] C:\WINDOWS\ttupt.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PSof1] C:\WINDOWS\System32\PSof1.exe
O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\System32\exp.exe
O4 - HKLM\..\RunOnce: [!CleanupNetMeetingDispDriver] "C:\WINDOWS\System32\rundll32.exe" msconf.dll,CleanupNetMeetingDispDriver 0
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: (no name) - {91663649-416A-42A5-8E54-B63C1ECA0548} - C:\Program Files\Surfapps.com\PopThis! Free Version\PopThis.dll
O9 - Extra 'Tools' menuitem: PopThis! Options... - {91663649-416A-42A5-8E54-B63C1ECA0548} - C:\Program Files\Surfapps.com\PopThis! Free Version\PopThis.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O16 - DPF: {4208FB4D-4E53-4F5A-BF7A-3E047DDB5281} (ActiveX Control) - http://www.icannnews.../ST/ActiveX.ocx
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1123628596906
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe



Hope everything is fine. Thanks a lot. :tazz:
  • 0

Advertisements


#11
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Download Pocket KillBox from here:
http://www.atribune....llBox_beta_.exe

Highlight the list below and press Ctrl+C to Copy!

C:\WINDOWS\SYSTEM32\richedtr.dll
C:\WINDOWS\SYSTEM\QBUninstaller.exe
C:\DOCUMENTS AND SETTINGS\KRIS.FAMILYROOM\APPLICATION DATA\Sskknwrd.dll
C:\WINDOWS\SYSTEM32\cache32dsrf4535dfs
C:\WINDOWS\etb
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\vidctrl
C:\Program Files\apsi\wtta.exe
C:\Program Files\apsi
C:\Program Files\CMAPP\Client\cmappmf.dll
C:\Program Files\CMAPP\Client
C:\Program Files\CMAPP
C:\WINDOWS\system32\InstallerV3.exe
C:\WINDOWS\system32\rawh\!update-2454.0000
C:\WINDOWS\system32\rawh
C:\WINDOWS\system32\Shex.exe
C:\WINDOWS\system32\tdb.dll
C:\WINDOWS\ttupt.exe
C:\WINDOWS\ttext.dll
C:\WINDOWS\System32\exp.exe
C:\WINDOWS\System32\PSof1.exe
C:\WINDOWS\System32\vidctrl\vidctrl.exe
C:\WINDOWS\System32\vidctrl


Open Pocket Killbox-> Click File-> Click Paste from Clipboard!

Place a tick by Delete on Reboot-> Click the Red Circle to Delete!

Click Yes to the Prompts that follow and let Killbox Reboot the PC!

Restart in Safe Mode!

Open HijackThis and put a check by these but DO NOT hit the Fix Checked button yet!

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus9.hpwis.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus9.hpwis.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qus9.hpwis.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

O4 - HKLM\..\Run: [vidctrl] C:\WINDOWS\System32\vidctrl\vidctrl.exe

O4 - HKLM\..\Run: [ttupt] C:\WINDOWS\ttupt.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [PSof1] C:\WINDOWS\System32\PSof1.exe

O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\System32\exp.exe

O16 - DPF: {4208FB4D-4E53-4F5A-BF7A-3E047DDB5281} (ActiveX Control) - http://www.icannnews.../ST/ActiveX.ocx

Now Make sure ALL WINDOWS and BROWSERS are CLOSED and hit the Fix Checked Button!

Restart Normal and have the PC Scanned here
http://support.f-sec.../home/ols.shtml

Save that Report!

Go to a Command Prompt:
Start-> Run-> type Cmd and hit OK

At the prompt, type the following bold commands:
(note the spaces!!)

cd\ and hit Enter

attrib -h -s c:\recycler and hit Enter

del c:\recycler and hit Enter

Please Install these 2 to add to the Security of the PC!

SpywareBlaster:
http://www.javacools...areblaster.html
Update Immediatly!

WinHelp2002 Hosts File
http://www.mvps.org/...p2002/hosts.htm

Made Easy
http://www.mvps.org/...2002/hosts2.htm

Disable System Restore
http://service1.syma...src=sec_doc_nam

Go ahead and Reconfigure Msconfig the way you like the PC to Startup!

Go ahead and remove any of the tools downloaded that are of no use anymore!

Post back with a fresh HijackThis log and the results of F-Secure!
  • 0

#12
computerwiz12890

computerwiz12890

    Fixer-upper guy

  • Topic Starter
  • Retired Staff
  • 1,802 posts

Made Easy
http://www.mvps.org/...2002/hosts2.htm

Disable System Restore
http://service1.syma...src=sec_doc_nam

View Post


I sent all your instructions to my customer so she could do them instead of me going over to her house for a 4th time. From what I understood, over the phone, these were the only instructions she couldn't do. I prefer to leave System Restore on, since it can sometimes aid in fixing a computer. I do realize that viruses and spyware are backed up along with legitimate programs, so I did disable it during our repairs.

She complained about Zone Alarm Firewall blocking her connection when she tried to connect to the internet. I thought I told it to remember my settings and told it to allow AOL. I don't know what's up with that. Since I added that block into the HOSTS file, used Spybot to immunize, told her how to use and update Spyware Blaster, and also instructed her on how to use Ad-Aware, I think we could do without the firewall. I'm going to go check up on her computer about 4 months from when we are finished. Besides, she only has 256 MB of RAM and all that protection in the background could slow the computer down and become just as annoying as spyware. If you highly recommend otherwise, let me know how I can make AOL work through it, or if a different firewall is more user-friendly.

Here is the Hijack this results (hopefully the last results we'll need):

Logfile of HijackThis v1.99.1
Scan saved at 5:46:50 PM, on 8/26/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\AOL\1119041116\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1119041116\ee\AOLServiceHost.exe
C:\Program Files\Microsoft Works\wkswp.exe
c:\Program Files\Microsoft Works\MSWorks.exe
c:\Program Files\Microsoft Works\wkgdcach.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Common Files\AOL\1119041116\ee\AOLServiceHost.exe
C:\Documents and Settings\kris.FAMILYROOM\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: PopThis BHO - {0549E6CB-9985-42F6-8FD6-4EC017E6AAE1} - C:\Program Files\Surfapps.com\PopThis! Free Version\PopThis.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1119041116\ee\AOLHostManager.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: (no name) - {91663649-416A-42A5-8E54-B63C1ECA0548} - C:\Program Files\Surfapps.com\PopThis! Free Version\PopThis.dll
O9 - Extra 'Tools' menuitem: PopThis! Options... - {91663649-416A-42A5-8E54-B63C1ECA0548} - C:\Program Files\Surfapps.com\PopThis! Free Version\PopThis.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1123628596906
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe



As for the F-Secure results, she said she doesn't know if the report was saved or not, but she did remember that it said "no infection found".

I hope we're finally finished. Thanks for everything! :tazz:
  • 0

#13
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
OK,as far as the Hosts File goes,dont worry about it!

Have her run the Hoster and make the Hosts File "Read Only"

Ahhh,System Restore!!!!

Think about it for a second!

The Restore Points all hold the old Infections in them,you really wanna chance restoring those!

When you Disable and Renable,it flushes out all the old and Creates a nice new clean one!

I highly recommend doing this!


Zone Alarm is a Hog!


Get the customer behind some sort of router,then a firewall will not be needed!

Other wise,shop around for a free light one like Kerio!

Let me know what else I can do to help!

I am all with you on the road trips to a customers house!


I have made 1 or 2 before!


All Dayers!!!!!!!
  • 0

#14
computerwiz12890

computerwiz12890

    Fixer-upper guy

  • Topic Starter
  • Retired Staff
  • 1,802 posts

I prefer to leave System Restore on, since it can sometimes aid in fixing a computer. I do realize that viruses and spyware are backed up along with legitimate programs, so I did disable it during our repairs.


Not to worry, I did flush out System Restore when we were doing the repairs. But now that it's clean, I'll turn it back on.

Zone Alarm is really a hog? What does it hog? Keiro is a good, friendly firewall?

I'm really bummed about my senior year at high school. I didn't get any of the computer classes I wanted, especially the networking classes. When you say:

Get the customer behind some sort of router,then a firewall will not be needed!


Would that mean to buy a router, as if I wanted to link her computer with another one? And then just connect her computer to it, as well as her internet connection, so that she doesn't connect directly to the internet, but has to go through the router instead?

I think she was able to use Hoster, but I'm not sure, I'll call her. One last thing you can do to help me out is to give me a step-by-step instruction on how to use Hoster, incase she wasn't able to do it. I will send her the instructions, so keep it simple if possible. Also, what is the link to hoster?

Thanks for everything :tazz:
  • 0

#15
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
ZoneAlarm Hogs the resources of a PC,whereas Kerio does not and is much more user friendly!

I guess the router is out of the question,its just a neat way to hide your PC from the outside world!

Routers arent contained to Networking,they serve an excellent purpose in the Security field!

The Hoster
http://www.funkytoad...load/hoster.zip

Unzip and Extract All Files!

Open and double click Hoster.exe to run it!

First Click "Restore Original Hosts"

Then Click "Make Hosts Read Only?"

Your done!
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP