Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Tons of Adware Slowing My Computer [RESOLVED]

Started by stickyfingers , Aug 18 2005 11:15 AM

  • This topic is locked This topic is locked

#1
stickyfingers
Posted 18 August 2005 - 11:15 AM

stickyfingers

    Member

  • Member
  • PipPip
  • 24 posts
I ran Spybot Search and Destroy and it found ABetterInterent, Aproppos Media, Booked Space, DyFuCA, HotSearchBar, ISearchTech.PowerScan, Look2me.Topconverting, Pacimedia, People on Page, Tango, VBouncer, AdDestroyer, ExactAdvertising.Bargains, and Delfin Project. I told it to delete all that stuff but somehow my own login thing on my Windows XP is messed up it, the toolbar is missing and so are all the icons. So I'm using my little brothers thing to post a Hijack This. I don't know if it'll post the same stuff though. I will repost Hijack This log if my thing starts to work again. :tazz:

Logfile of HijackThis v1.99.1
Scan saved at 1:08:31 PM, on 8/18/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\TWF0dAAA\command.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\TrojanHunter 4.2\THGuard.exe
C:\WINDOWS\etb\pokapoka63.exe
C:\WINDOWS\etb\pokapoka62.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\aim\aim.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\lfpcpc.exe
C:\WINDOWS\system32\lfpcpc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Documents and Settings\Patrick\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.emachines.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R3 - Default URLSearchHook is missing
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [System service63] C:\WINDOWS\etb\pokapoka63.exe
O4 - HKLM\..\Run: [System service62] C:\WINDOWS\etb\pokapoka62.exe
O4 - HKLM\..\Run: [C:\WINDOWS\VCMnet11.exe] C:\WINDOWS\VCMnet11.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\aim\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Spyware Vanisher] C:\spywarevanisher-free\FreeScanner.exe -FastScan
O4 - HKCU\..\Run: [lfpcpc] C:\WINDOWS\system32\lfpcpc.exe
O4 - HKCU\..\RunOnce: [lfpcpc] C:\WINDOWS\system32\lfpcpc.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {4208FB4D-4E53-4F5A-BF7A-3E047DDB5281} (ActiveX Control) - http://www.icannnews.../ST/ActiveX.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1104611555514
O16 - DPF: {972BB342-14A7-4660-83C1-51DDBEE171DB} - http://www.pacimedia...ll/pcs_0026.exe
O18 - Filter: text/html - {8293D547-38DD-4325-B35A-F1817EDFA5FC} - C:\Program Files\Cas\Client\casmf.dll
O20 - Winlogon Notify: Installer - C:\WINDOWS\system32\NGMOD32.DLL
O20 - Winlogon Notify: OptimalLayout - C:\WINDOWS\system32\cagbkend.dll
O20 - Winlogon Notify: WindowsUpdate - C:\WINDOWS\system32\cagbkend.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TWF0dAAA\command.exe
O23 - Service: CWShredder Service - Unknown owner - C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\CX2PE5MD\CWShredder[1].exe (file missing)
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • 0

Advertisements

#2
miekiemoes
Posted 18 August 2005 - 12:05 PM

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
Hello,

Download next: http://users.pandora...atchy/LQfix.exe and place it on your desktop.
Doubleclick LQfix.exe and click install.
This will create a new folder called LQfix on your desktop.
Open the folder and doubleclick ClickThis.bat
Follow the prompts on the screen.
Your system will reboot afterwards.
Please be patient after reboot, because there is a script running in the background and that's why it can take a while.

When done, post a new hijackthislog.
  • 0

#3
stickyfingers
Posted 18 August 2005 - 12:40 PM

stickyfingers

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Here goes the Hijack This log...but my other user is still messed up. I don't know why the toolbar and all the icons are missing. The only thing that seems to work is my taskmanager when I press Control+Alt+Delete. Any ideas why its only affecting one user and not the other users? It is the owner/main user.

Logfile of HijackThis v1.99.1
Scan saved at 2:36:38 PM, on 8/18/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\TWF0dAAA\command.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\TrojanHunter 4.2\THGuard.exe
C:\WINDOWS\etb\pokapoka62.exe
C:\WINDOWS\etb\pokapoka63.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\itigve.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\aim\aim.exe
C:\Program Files\BigFix\BigFix.exe
C:\WINDOWS\system32\itigve.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Patrick\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.emachines.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [System service62] C:\WINDOWS\etb\pokapoka62.exe
O4 - HKLM\..\Run: [System service63] C:\WINDOWS\etb\pokapoka63.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\aim\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [itigve] C:\WINDOWS\system32\itigve.exe
O4 - HKCU\..\RunOnce: [itigve] C:\WINDOWS\system32\itigve.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O18 - Filter: text/html - {8293D547-38DD-4325-B35A-F1817EDFA5FC} - C:\Program Files\Cas\Client\casmf.dll
O20 - Winlogon Notify: SharedDLLs - C:\WINDOWS\system32\cagbkend.dll
O20 - Winlogon Notify: WindowsUpdate - C:\WINDOWS\system32\cagbkend.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TWF0dAAA\command.exe
O23 - Service: CWShredder Service - Unknown owner - C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\CX2PE5MD\CWShredder[1].exe (file missing)
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • 0

#4
miekiemoes
Posted 18 August 2005 - 12:49 PM

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
Hi, I'm having some questions first.
The log you posted here... this is your account I assume.
In this account, you don't have problems with the toolbar and desktop?
On what account did you run the tool? This one or another one?

Also, did you get any errors while running above tool? Did it reboot after you clicked ClickThis.bat?
After reboot, anything strange happening? It is important you tell me.
  • 0

#5
miekiemoes
Posted 18 August 2005 - 01:01 PM

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
Hi, I think I already know why this fix failed.. You are dealing with another nasty infection called Look2me and this one deletes the HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce-key.

Let's deal with Look2Me first...

We'll deal with the other account without desktop and toolbar later, first this account or everything gets mixed up. :tazz:

Download L2mfix from one of these two locations:

http://www.atribune....oads/l2mfix.exe
http://www.downloads....org/l2mfix.exe

Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.

IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!

Also, it is really important you tell me if you get any errors while running option #1
  • 0

#6
stickyfingers
Posted 18 August 2005 - 01:11 PM

stickyfingers

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
No, the account log I posted was not mine. I cannot pull up any files on my account. My account is the one thats really messed up. I figured another account on the computer might have the same infection so I used Hijack This on the second account (the one I'm using right now). I clicked Clickthis and a window with a black backround and white font came up. Then it asked me if I wanted to continue by rebooting. I did that and my account (the other one..account #1) is still pretty messed up. I keep getting pop ups that say www.searc-h.com(etc.) on both accounts. I downloaded ewido and am running it now I will follow your instructions when its done scanning my computer. :tazz:
  • 0

#7
stickyfingers
Posted 18 August 2005 - 01:23 PM

stickyfingers

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
While scanning NTVDM.EXE encountered a problem and needed to close.
  • 0

#8
miekiemoes
Posted 18 August 2005 - 01:30 PM

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP

While scanning NTVDM.EXE encountered a problem and needed to close.


It's not clear for me now.. scanning with what? Ewido? because in your previous post, you were scanning with ewido..

Ok, but it's better you follow my instructions instead of permorming other things in between, otherwise it is very hard to follow for me.
Your account, the one that is really messed up.. we'll deal with that later... First I want to know what account it is here above. From what account did you post those hijackthislogs?


Please stay on that account, log off from the account that is really messed up. We'll deal with that later.

So can you please perform this step as I already asked you before?

Download L2mfix from one of these two locations:

http://www.atribune....oads/l2mfix.exe
http://www.downloads....org/l2mfix.exe

Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.

IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!

Also, it is really important you tell me if you get any errors while running option #1


Edited by miekiemoes, 18 August 2005 - 01:32 PM.

  • 0

#9
stickyfingers
Posted 18 August 2005 - 01:38 PM

stickyfingers

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
sorry...no that came up when i was scanning with l2mfix. I got the Hijack This log from a second account I have on the computer. And I am logged off from the other account. It still scanning the l2mfix.exe - Run Find log. The NTVDM.EXE came up while running l2m.exe. Does that mean anything to you because it says its still scanning.
  • 0

#10
miekiemoes
Posted 18 August 2005 - 01:43 PM

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
Hi, I have no idea what is causing this, so let's start from scratch and cleanup most manually first..

Because you have scanned with ewido before, I want you to reboot first and post a new hijackthislog. :tazz:

We'll go further with the account where you posted the hijackthislog from.
I also want you to stay on that account and don't log in other account in a meanwhile.
  • 0

Advertisements

#11
stickyfingers
Posted 18 August 2005 - 01:59 PM

stickyfingers

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Logfile of HijackThis v1.99.1
Scan saved at 3:59:18 PM, on 8/18/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\TWF0dAAA\command.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\TrojanHunter 4.2\THGuard.exe
C:\WINDOWS\etb\pokapoka62.exe
C:\WINDOWS\etb\pokapoka63.exe
C:\WINDOWS\system32\itigve.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\aim\aim.exe
C:\WINDOWS\system32\itigve.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Patrick\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.emachines.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [System service62] C:\WINDOWS\etb\pokapoka62.exe
O4 - HKLM\..\Run: [System service63] C:\WINDOWS\etb\pokapoka63.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\aim\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [itigve] C:\WINDOWS\system32\itigve.exe
O4 - HKCU\..\RunOnce: [itigve] C:\WINDOWS\system32\itigve.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O18 - Filter: text/html - {8293D547-38DD-4325-B35A-F1817EDFA5FC} - C:\Program Files\Cas\Client\casmf.dll
O20 - Winlogon Notify: IntlRun - C:\WINDOWS\system32\cagbkend.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TWF0dAAA\command.exe
O23 - Service: CWShredder Service - Unknown owner - C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\CX2PE5MD\CWShredder[1].exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • 0

#12
miekiemoes
Posted 18 August 2005 - 02:22 PM

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
Hello,

It's better to print out the next instructions or save it in notepad, because you also have to work in safe mode without networking support, so this page wouldn't be available then.
It is also important you don't miss a step and perform everything in the right order!!

* Download and install CCleaner
Do not use it yet.

* Please set your system to show all files; please see here if you're unsure how to do this.

Delete the LQfix folder that is on your desktop first, because I'll let you download another one: Download LQfix.zip
Unzip it and save it to your desktop, don't use it yet!!
This is another version than the previous one I gave you. Please use this one now, because the other one won't work.

* Update your ewido.. don't let it scan yet.

* Place a shortcut to Panda ActiveScan on your desktop.

* If you have not already installed Ad-Aware SE 1.06, follow these download and setup instructions, otherwise, check for updates:
Ad-Aware SE Setup
Don't run it yet!

* Reboot into Safe Mode`: ( without networking support !)
°To get into the Safe mode as the computer is booting press and hold your "F8 Key". Use your arrow keys to move to "Safe Mode" and press your Enter key.

* Doubleclick LQfix.bat that you saved on your desktop before.
A doswindow will open and close again, this is normal.

* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:

O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [System service62] C:\WINDOWS\etb\pokapoka62.exe
O4 - HKLM\..\Run: [System service63] C:\WINDOWS\etb\pokapoka63.exe
O4 - HKCU\..\Run: [itigve] C:\WINDOWS\system32\itigve.exe
O4 - HKCU\..\RunOnce: [itigve] C:\WINDOWS\system32\itigve.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O18 - Filter: text/html - {8293D547-38DD-4325-B35A-F1817EDFA5FC} - C:\Program Files\Cas\Client\casmf.dll
O20 - Winlogon Notify: IntlRun - C:\WINDOWS\system32\cagbkend.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TWF0dAAA\command.exe

* Click on Fix Checked when finished and exit HijackThis.

* Using Windows Explorer, locate the following files/folders, and delete them if still present:

C:\WINDOWS\TWF0dAAA <== folder
C:\WINDOWS\system32\itigve.exe
C:\Program Files\Cas <== folder

* Still in safe mode Start Ccleaner
click "Options", click the "Advanced" tab
Uncheck: "Only delete files older than 48 hrs.", click Ok
Click "Cleaner" and click Run Cleaner (bottom right)

* Open Ad-aware and do a full scan. Remove all it finds.

* Open Ewido Security Suite
Click on scanner

* Click Complete System Scan and the scan will begin.
* During the scan it will prompt you to clean files, click OK
* When the scan is finished, look at the bottom of the screen and click the Save report button.
* Save the report to your desktop

Close Ewido

* Reboot your system back to normal mode and click the Panda ActiveScan shortcut, then do a full system scan.
Save the scan log and post it along with a new HijackThis log and the log from ewido so I can take another look.

Edited by miekiemoes, 18 August 2005 - 02:23 PM.

  • 0

#13
stickyfingers
Posted 18 August 2005 - 05:40 PM

stickyfingers

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 6:02:34 PM, 8/18/2005
+ Report-Checksum: 9A13E35D

+ Scan result:

HKLM\SOFTWARE\Classes\IeBHOs.Control -> Spyware.E2G : Cleaned with backup
HKLM\SOFTWARE\Classes\IeBHOs.Control\CLSID -> Spyware.E2G : Cleaned with backup
HKLM\SOFTWARE\Classes\IeBHOs.Control\CurVer -> Spyware.E2G : Cleaned with backup
HKU\S-1-5-21-2230923689-1300003180-414440772-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3643ABC2-21BF-46B9-B230-F247DB0C6FD6} -> Spyware.E2Give : Cleaned with backup
C:\Documents and Settings\Matt\Local Settings\Temp\ei.exe -> TrojanDownloader.Small.bgl : Cleaned with backup
C:\Documents and Settings\Matt\Local Settings\Temp\Temporary Internet Files\Content.IE5\0ATL45F7\ei[1].exe -> TrojanDownloader.Small.bgl : Cleaned with backup
C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\V9TZVKZE\ei[1].exe -> TrojanDownloader.Small.bgl : Cleaned with backup
C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\V9TZVKZE\kw[1].exe -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\V9TZVKZE\pokapoka63[1].exe -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Patrick\Desktop\backups\backup-20050818-170028-301.dll -> Spyware.E2Give : Cleaned with backup
C:\Program Files\sdf.exe.tcf -> Spyware.Hijacker.Generic : Cleaned with backup
C:\RECYCLER\NPROTECT\00030814.ocx -> Spyware.Delfin : Cleaned with backup
C:\RECYCLER\NPROTECT\00030815.dll -> Spyware.Delfin : Cleaned with backup
C:\RECYCLER\NPROTECT\00030816.exe -> Spyware.Delfin : Cleaned with backup
C:\RECYCLER\NPROTECT\00030817.EXE -> Spyware.Delfin : Cleaned with backup
C:\RECYCLER\NPROTECT\00030819.ocx -> Spyware.Delfin : Cleaned with backup
C:\RECYCLER\NPROTECT\00030820.dll -> Spyware.Delfin : Cleaned with backup
C:\RECYCLER\NPROTECT\00030821.exe -> Spyware.Delfin : Cleaned with backup
C:\RECYCLER\NPROTECT\00030822.EXE -> Spyware.Delfin : Cleaned with backup
C:\RECYCLER\NPROTECT\00030824.ocx -> Spyware.Delfin : Cleaned with backup
C:\RECYCLER\NPROTECT\00030825.dll -> Spyware.Delfin : Cleaned with backup
C:\RECYCLER\NPROTECT\00030826.exe -> Spyware.Delfin : Cleaned with backup
C:\RECYCLER\NPROTECT\00030828.EXE -> Spyware.Delfin : Cleaned with backup
C:\RECYCLER\NPROTECT\00030932.exe -> Spyware.Delfin : Cleaned with backup
C:\RECYCLER\NPROTECT\00035577.exe -> Spyware.Pacer : Cleaned with backup
C:\RECYCLER\NPROTECT\00035579.exe -> TrojanDownloader.Small.abd : Cleaned with backup
C:\RECYCLER\NPROTECT\00035581.exe -> Spyware.VirtualBouncer : Cleaned with backup
C:\RECYCLER\NPROTECT\00035633.exe -> TrojanDownloader.Small.abd : Cleaned with backup
C:\RECYCLER\NPROTECT\00035639.dll -> Spyware.BargainBuddy : Cleaned with backup
C:\RECYCLER\NPROTECT\00035640.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\RECYCLER\NPROTECT\00035641.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\RECYCLER\NPROTECT\00035642.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\RECYCLER\NPROTECT\00035645.dll -> Spyware.BargainBuddy : Cleaned with backup
C:\RECYCLER\NPROTECT\00035646.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\RECYCLER\NPROTECT\00035649.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\RECYCLER\NPROTECT\00035650.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\RECYCLER\NPROTECT\00035684.EXE -> Spyware.EliteBar : Cleaned with backup
C:\RECYCLER\NPROTECT\00036599.EXE -> Spyware.VirtualBouncer.j : Cleaned with backup
C:\RECYCLER\NPROTECT\00036601.EXE -> Spyware.VirtualBouncer.j : Cleaned with backup
C:\RECYCLER\NPROTECT\00036602.EXE -> Spyware.VirtualBouncer : Cleaned with backup
C:\RECYCLER\NPROTECT\00036604.TCF -> Spyware.VirtualBouncer : Cleaned with backup
C:\RECYCLER\NPROTECT\00036609.EXE -> Spyware.VirtualBouncer : Cleaned with backup
C:\RECYCLER\NPROTECT\00036653.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\RECYCLER\NPROTECT\00036654.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\RECYCLER\NPROTECT\00036655.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\RECYCLER\NPROTECT\00036660.dll -> Spyware.BargainBuddy : Cleaned with backup
C:\RECYCLER\NPROTECT\00036661.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\RECYCLER\NPROTECT\00036662.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\RECYCLER\NPROTECT\00036684.TCF -> Spyware.BargainBuddy : Cleaned with backup
C:\RECYCLER\NPROTECT\00036687.dll -> Spyware.BargainBuddy : Cleaned with backup
C:\RECYCLER\NPROTECT\00036688.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\RECYCLER\NPROTECT\00037352.dll -> Spyware.Look2Me : Cleaned with backup
C:\RECYCLER\NPROTECT\00037379.DLL -> Spyware.EliteBar : Cleaned with backup
C:\RECYCLER\NPROTECT\00037380.DLL -> Spyware.EliteBar : Cleaned with backup
C:\RECYCLER\NPROTECT\00037382.dll -> Spyware.EliteBar : Cleaned with backup
C:\RECYCLER\NPROTECT\00037383.dll -> Spyware.EliteBar : Cleaned with backup
C:\RECYCLER\NPROTECT\00037453.EXE -> TrojanDownloader.Small.aal : Cleaned with backup
C:\RECYCLER\NPROTECT\00037476.EXE -> TrojanDownloader.Small.aal : Cleaned with backup
C:\RECYCLER\NPROTECT\00037491.EXE -> TrojanDownloader.Small.aal : Cleaned with backup
C:\RECYCLER\NPROTECT\00037589.EXE -> Spyware.AproposMedia : Cleaned with backup
C:\RECYCLER\NPROTECT\00037597.TCF -> TrojanDownloader.Apropo.g : Cleaned with backup
C:\RECYCLER\NPROTECT\00037629.ocx -> Spyware.Delfin : Cleaned with backup
C:\RECYCLER\NPROTECT\00037630.dll -> Spyware.Delfin : Cleaned with backup
C:\RECYCLER\NPROTECT\00037648.VXD -> Spyware.BargainBuddy : Cleaned with backup
C:\RECYCLER\NPROTECT\00037651.EXE -> Spyware.BargainBuddy : Cleaned with backup
C:\RECYCLER\NPROTECT\00037654.EXE -> Spyware.BargainBuddy : Cleaned with backup
C:\RECYCLER\NPROTECT\00037657.EXE -> Spyware.BargainBuddy : Cleaned with backup
C:\RECYCLER\NPROTECT\00037669.DLL -> Spyware.VirtualBouncer : Cleaned with backup
C:\RECYCLER\NPROTECT\00037672.DLL -> Spyware.VirtualBouncer : Cleaned with backup
C:\RECYCLER\NPROTECT\00037693.DLL -> Spyware.VirtualBouncer : Cleaned with backup
C:\RECYCLER\NPROTECT\00037696.DLL -> Spyware.VirtualBouncer : Cleaned with backup
C:\RECYCLER\NPROTECT\00037717.SRG -> Spyware.BargainBuddy : Cleaned with backup
C:\RECYCLER\NPROTECT\00037720.EXE -> TrojanDropper.Agent.hl : Cleaned with backup
C:\RECYCLER\NPROTECT\00037747.dll -> Spyware.Look2Me : Cleaned with backup
C:\RECYCLER\NPROTECT\00037780.DLL -> Spyware.EliteBar : Cleaned with backup
C:\RECYCLER\NPROTECT\00037781.DLL -> Spyware.EliteBar : Cleaned with backup
C:\RECYCLER\NPROTECT\00037784.dll -> Spyware.EliteBar : Cleaned with backup
C:\RECYCLER\NPROTECT\00037785.dll -> Spyware.EliteBar : Cleaned with backup
C:\RECYCLER\NPROTECT\00037926.EXE -> TrojanDownloader.Small.aal : Cleaned with backup
C:\RECYCLER\NPROTECT\00037927.EXE -> TrojanDownloader.Small.aal : Cleaned with backup
C:\RECYCLER\NPROTECT\00037942.EXE -> TrojanDownloader.Small.aal : Cleaned with backup
C:\RECYCLER\NPROTECT\00037943.EXE -> TrojanDownloader.Small.aal : Cleaned with backup
C:\RECYCLER\NPROTECT\00038014.EXE -> TrojanDownloader.Small.aal : Cleaned with backup
C:\RECYCLER\NPROTECT\00038019.dll -> Spyware.Look2Me : Cleaned with backup
C:\RECYCLER\NPROTECT\00038050.DLL -> Spyware.EliteBar : Cleaned with backup
C:\RECYCLER\NPROTECT\00038052.DLL -> Spyware.EliteBar : Cleaned with backup
C:\RECYCLER\NPROTECT\00038069.exe -> TrojanDropper.Agent.hh : Cleaned with backup
C:\RECYCLER\NPROTECT\00038077.exe -> TrojanDropper.Agent.kd : Cleaned with backup
C:\RECYCLER\NPROTECT\00038079.EXE -> Spyware.EliteBar : Cleaned with backup
C:\RECYCLER\NPROTECT\00038083.EXE -> Spyware.EliteBar : Cleaned with backup
C:\RECYCLER\NPROTECT\00038104.TXT -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\RECYCLER\NPROTECT\00038159.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00038160.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00038162.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00038163.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00038164.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00038165.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00038166.TXT -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\RECYCLER\NPROTECT\00038200.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00038201.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00038202.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00038203.EXE -> Spyware.EliteBar : Cleaned with backup
C:\RECYCLER\NPROTECT\00038206.EXE -> Spyware.EliteBar : Cleaned with backup
C:\RECYCLER\NPROTECT\00038210.EXE -> Spyware.Hijacker.Generic : Cleaned with backup
C:\RECYCLER\NPROTECT\00038227.ocx -> Spyware.Look2Me : Cleaned with backup
C:\RECYCLER\NPROTECT\00038231.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00038232.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00038233.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00038235.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00038236.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00038237.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00038238.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00038239.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00038240.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00038241.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00038242.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00038243.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00038244.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00038245.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00038246.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00038248.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00038249.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00038250.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00038251.TXT -> Spyware.Cookie.Adserver : Cleaned with backup
C:\RECYCLER\NPROTECT\00038252.TXT -> Spyware.Cookie.Adserver : Cleaned with backup
C:\RECYCLER\NPROTECT\00038254.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00038255.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00038271.dll -> Spyware.Look2Me : Cleaned with backup
C:\RECYCLER\NPROTECT\00038283.DLL -> Spyware.EliteBar : Cleaned with backup
C:\RECYCLER\NPROTECT\00038285.DLL -> Spyware.EliteBar : Cleaned with backup
C:\RECYCLER\NPROTECT\00038294.dll -> Spyware.EliteBar : Cleaned with backup
C:\RECYCLER\NPROTECT\00038295.dll -> Spyware.EliteBar : Cleaned with backup
C:\RECYCLER\NPROTECT\00038363.TXT -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\RECYCLER\NPROTECT\00038367.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00038368.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00038369.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00038374.DLL -> Spyware.EliteBar : Cleaned with backup
C:\RECYCLER\NPROTECT\00038376.DLL -> Spyware.EliteBar : Cleaned with backup
C:\RECYCLER\NPROTECT\00038377.dll -> Spyware.EliteBar : Cleaned with backup
C:\RECYCLER\NPROTECT\00038378.dll -> Spyware.EliteBar : Cleaned with backup
C:\RECYCLER\NPROTECT\00038493.DLL -> Spyware.EliteBar : Cleaned with backup
C:\RECYCLER\NPROTECT\00038495.DLL -> Spyware.EliteBar : Cleaned with backup
C:\RECYCLER\NPROTECT\00038497.dll -> Spyware.EliteBar : Cleaned with backup
C:\RECYCLER\NPROTECT\00038498.dll -> Spyware.EliteBar : Cleaned with backup
C:\RECYCLER\NPROTECT\00038499.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\cfgmgr52\EECH1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\cfgmgr52\SPZ3.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\cfgmgr52.dll -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\pcs_0026.exe -> Spyware.Pacer : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\pcs_0026.exe -> Spyware.Pacer : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\pcs_0026.exe -> Spyware.Pacer : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.4\pcs_0026.exe -> Spyware.Pacer : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\pcs_0026.exe -> Spyware.Pacer : Cleaned with backup
C:\WINDOWS\oqbtubec.exe -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\system\qnguda.exe -> TrojanDownloader.Small.ayh : Cleaned with backup
C:\WINDOWS\system\UpdInst.exe -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\cagbkend.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\cxtpls_loader.exe -> TrojanDownloader.Apropo.ae : Cleaned with backup
C:\WINDOWS\system32\dgcpcsvc.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\dist001.exe -> TrojanDownloader.Agent.qg : Cleaned with backup
C:\WINDOWS\system32\dnloader.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\dwactfrm.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\guard.tmp -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\iyudeb.exe -> TrojanDownloader.Agent.ro : Cleaned with backup
C:\WINDOWS\system32\kguser.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\migynth.exe.tcf -> Spyware.Apropos : Cleaned with backup
C:\WINDOWS\system32\mpimtf.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\mxnsspc.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\mzxparhd.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\NGMOD32.DLL -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\nsi8B.dll -> Spyware.HotSearchBar : Cleaned with backup
C:\WINDOWS\system32\PSof1.exe -> Spyware.Pacer : Cleaned with backup
C:\WINDOWS\system32\rym.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\SSK3_B5 Seedcorn 4.exe -> TrojanDropper.Agent.hl : Cleaned with backup
C:\WINDOWS\system32\thin-138-1-x-x.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\system32\wbpencen.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\wintask.exe.tcf -> TrojanDownloader.Small.abd : Cleaned with backup
C:\WINDOWS\system32\wintask.exe8298.tcf -> TrojanDownloader.Small.abd : Cleaned with backup


::Report End
____________________________________________________________

Panda ActiveScan


Incident Status Location

Spyware:spyware/bargainbuddy No disinfected C:\WINDOWS\SYSTEM32\exclean.exe
Adware:adware/afaenhance No disinfected C:\WINDOWS\SYSTEM\QBUninstaller.exe
Adware:adware/bookedspace No disinfected C:\WINDOWS\cfgmgr52.ini
Dialer:dialer.bny No disinfected C:\WINDOWS\pcconfig.dat
Adware:adware/apropos No disinfected C:\PROGRAM FILES\Aprps
Adware:adware/consumeralertsystemNo disinfected C:\PROGRAM FILES\CasStub
Adware:adware/e2give No disinfected C:\PROGRAM FILES\E2G
Spyware:spyware/surfsidekick No disinfected C:\PROGRAM FILES\SurfSideKick 3
Adware:adware program No disinfected C:\WINDOWS\SYSTEM32\cache32dsrf4535dfs
Adware:adware/elitebar No disinfected C:\DOCUMENTS AND SETTINGS\PATRICK\FAVORITES\Casino & Carrers
Adware:adware/delfinmedia No disinfected Windows Registry
Adware:Adware/Apropos No disinfected C:\Documents and Settings\Matt\Local Settings\Temp\auf0.exe
Spyware:Spyware/SurfSideKick No disinfected C:\Documents and Settings\Matt\Local Settings\Temp\i7B.tmp
Adware:Adware/DelFinMedia No disinfected C:\Documents and Settings\Matt\Local Settings\Temp\uptodater.exe
Adware:Adware/VirtualBouncer No disinfected C:\Documents and Settings\Matt\Local Settings\Temp\wrapperouter.exe
Spyware:Spyware/BargainBuddy No disinfected C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\BES3TXA5\webservice[2].htm
Spyware:Spyware/BargainBuddy No disinfected C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\BES3TXA5\webservice[3].htm
Spyware:Spyware/BargainBuddy No disinfected C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\CX2PE5MD\casino[1].bmp
Spyware:Spyware/BargainBuddy No disinfected C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\CX2PE5MD\dating[1].bmp
Adware:Adware/Apropos No disinfected C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\V9TZVKZE\auto_update[1].txt
Spyware:Spyware/BargainBuddy No disinfected C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\V9TZVKZE\webservice[3].htm
Spyware:Spyware/BargainBuddy No disinfected C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\V9TZVKZE\webservice[4].htm
Adware:Adware/Apropos No disinfected C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\Y305AP8Z\AproposClientInstaller[1].exe
Spyware:Spyware/BargainBuddy No disinfected C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\Y305AP8Z\drugs[1].bmp
Spyware:Spyware/BargainBuddy No disinfected C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\Y305AP8Z\virus[1].bmp
Spyware:Spyware/BargainBuddy No disinfected C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\Y305AP8Z\webservice[2].htm
Hacktool:Hacktool/Processor No disinfected C:\Documents and Settings\Patrick\Desktop\l2mfix\Process.exe
Hacktool:Hacktool/Processor No disinfected C:\Documents and Settings\Patrick\Desktop\l2mfix.exe[Process.exe]
Adware:Adware/Apropos No disinfected C:\Program Files\Aprps\ProxyStub.dll
Adware:Adware/PurityScan No disinfected C:\Program Files\totu\auso.exe
Possible Virus. No disinfected C:\Program Files\TrojanHunter 4.2\Tools\Process Viewer\ProcessViewer.exe
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\system\QBUninstaller.exe
Hacktool:Hacktool/Processor No disinfected C:\WINDOWS\system32\Process.exe
Possible Virus. No disinfected

____________________________________________________________________


Logfile of HijackThis v1.99.1
Scan saved at 7:37:56 PM, on 8/18/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\TrojanHunter 4.2\THGuard.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\aim\aim.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Patrick\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.emachines.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\aim\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TWF0dAAA\command.exe (file missing)
O23 - Service: CWShredder Service - Unknown owner - C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\CX2PE5MD\CWShredder[1].exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe



When I ran the Hijack This program in safe mode some of the programs that you told me to get rid of were not there. I ran Hijack This before I ran ewido.
O4 - HKLM\..\Run: [System service62] C:\WINDOWS\etb\pokapoka62.exe
O4 - HKLM\..\Run: [System service63] C:\WINDOWS\etb\pokapoka63.exe
  • 0

#14
miekiemoes
Posted 18 August 2005 - 06:20 PM

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
Hello, this is a lot better, but it seems like you forgot to run Ccleaner as I asked you, so please run it.

Then, delete next manually:

Files:

C:\WINDOWS\SYSTEM32\exclean.exe
C:\WINDOWS\SYSTEM\QBUninstaller.exe
C:\WINDOWS\cfgmgr52.ini
C:\WINDOWS\pcconfig.dat

Folders:

C:\PROGRAM FILES\Aprps
C:\PROGRAM FILES\CasStub
C:\PROGRAM FILES\E2G
C:\PROGRAM FILES\SurfSideKick 3
C:\WINDOWS\SYSTEM32\cache32dsrf4535dfs
C:\DOCUMENTS AND SETTINGS\PATRICK\FAVORITES\Casino & Carrers
C:\Program Files\Aprps
C:\Program Files\totu

Go to start > run and copy and paste next in the field: sc delete cmdService
Click OK

Now, can you log in your messed up account, open taskmanager (CTRL-ALT-DEL).
click 'applications' (first tab).
Click the New Task button.
In the field, enter explorer
See if that loads your desktop and taskbar.
If not, in taskmanager, click new task again and choose browse..

Now browse to hijackthis.exe and open it.
Let it scan and save the log.
Also, I want a startuplist from hijackthis from that account..

Open Hijackthis.
Click 'config' (bottom right) > Misc Tools > Generate StartUpListlog
Check the two boxes next to it:
List also minor sections (full)
List empty sections (complete)
Click Generate StartupListlog

Also save that log.

Log off from that account.

Go to your good account again and browse from that good account to the logs you saved and post it in your next reply.
  • 0

#15
stickyfingers
Posted 18 August 2005 - 07:09 PM

stickyfingers

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
my icons and toolbar are back but they were back before I did anything you said. Should I continue to do all that stuff or just submit a Hijack This log?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP