Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

ANOTHER MISSING DESKTOP [RESOLVED]


  • This topic is locked This topic is locked

#1
cowboys

cowboys

    Member

  • Member
  • PipPip
  • 14 posts
From Italy .....
This morning no desktop no start bar only clouds and hill ......
I check in your topic and i found similar thing so i try to apply all the software you tell but nothing happen.
It's impossible to run Trojan software beacuase an error occur

Following is the last HJCK log , please help me i cannot loose anything from my computer and no background copy exist .....

Thanks .....


Logfile of HijackThis v1.99.1
Scan saved at 1.44.13, on 06/09/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Programmi\ewido\security suite\ewidoctrl.exe
C:\Programmi\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Free Downloads Accelerator\0.999\fdaagent.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cowboys.it/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: Shell=
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: IE 4.x-6.x BHO for Free Downloads Accelerator - {98DE779A-2364-4293-AB71-2B97C61C4640} - C:\PROGRA~1\FREEDO~1\0.999\fdahlp.dll
O3 - Toolbar: FDA Bar - {9595C62C-76C6-49A6-9BDA-3253DD7A34FF} - C:\Programmi\Free Downloads Accelerator\0.999\fdabar.dll
O4 - HKLM\..\Run: [Disc Detector] C:\Programmi\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [PC-CAM 600 STI App Registration] RunDLL32.exe PD023pin.dll,RunDLL32EP 512
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [anvshell] anvshell.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [THGuard] C:\Programmi\TrojanHunter 4.2\THGuard.exe
O4 - HKLM\..\Run: [tohkgacjqf] c:\windows\system32\tohkgacjqf.exe -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [iohiee] c:\windows\system32\bqvggwk.exe r
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "D:\SKYPE\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - Global Startup: 3Deep.lnk = C:\Programmi\e-color\3Deep\3Deepctl.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: SonnReg.lnk = C:\Programmi\e-color\Registration\SonnReg.exe
O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O8 - Extra context menu item: Download with Free Downloads Accelerator - C:\Programmi\Free Downloads Accelerator\0.999\fdaie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (HKCU)
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: www.realarea.biz
O15 - Trusted Zone: www.sfonditalia.biz
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {12F7F128-B36C-4843-8AA4-A5F71A969331} (Launcher Control) - https://horizons.ist...ts/launcher.ocx
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup.../bridge-c15.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security2.nor...bin/AvSniff.cab
O16 - DPF: {68BCE50A-DC9B-4519-A118-6FDA19DB450D} (Info Class) - http://www.wow-europ.../wowbeta/Si.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1125910819528
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - http://www.infoproge...activex/AMC.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.infoproge...sCamControl.cab
O16 - DPF: {A662DA7E-CCB7-4743-B71A-D817F6D575DF} (Autodesk DWF Viewer Control) - http://www.autodesk....erSetup_ITA.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security2.nor...c/bin/cabsa.cab
O16 - DPF: {D355E971-0F61-11D2-8955-00805FFCE6FB} (siawds-full-install) - https://ca.sia.it/se...ull-install.cab
O16 - DPF: {E87A6788-1D0F-4444-8898-1D25829B6755} - http://fdl.msn.com/p...at/msnchat4.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EB7BE332-F24D-4A0D-A809-87464322E130}: NameServer = 151.99.125.2,151.99.250.2
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\System32\CTSVCCDA.EXE (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmi\ewido\security suite\ewidoguard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
  • 0

Advertisements


#2
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Welcome to GTG.

Sorry for the delay in replying.

Since it's been a while, please run a new HijackThis scan and post that newer log here.
  • 0

#3
cowboys

cowboys

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Nice to hear you !
I understand your effort and appreciate a lot your help.
This is my last hjck ..........

Logfile of HijackThis v1.99.1
Scan saved at 15.37.41, on 24/09/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Programmi\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Free Downloads Accelerator\0.999\fdaagent.exe
C:\Programmi\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cowboys.it/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: Shell=
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: IE 4.x-6.x BHO for Free Downloads Accelerator - {98DE779A-2364-4293-AB71-2B97C61C4640} - C:\PROGRA~1\FREEDO~1\0.999\fdahlp.dll
O3 - Toolbar: FDA Bar - {9595C62C-76C6-49A6-9BDA-3253DD7A34FF} - C:\Programmi\Free Downloads Accelerator\0.999\fdabar.dll
O4 - HKLM\..\Run: [Disc Detector] C:\Programmi\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [PC-CAM 600 STI App Registration] RunDLL32.exe PD023pin.dll,RunDLL32EP 512
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [anvshell] anvshell.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [THGuard] C:\Programmi\TrojanHunter 4.2\THGuard.exe
O4 - HKLM\..\Run: [tohkgacjqf] c:\windows\system32\tohkgacjqf.exe -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [iohiee] c:\windows\system32\bqvggwk.exe r
O4 - HKLM\..\Run: [MRT] "C:\WINDOWS\system32\MRT.exe" /R
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "D:\SKYPE\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - Global Startup: 3Deep.lnk = C:\Programmi\e-color\3Deep\3Deepctl.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: SonnReg.lnk = C:\Programmi\e-color\Registration\SonnReg.exe
O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O8 - Extra context menu item: Download with Free Downloads Accelerator - C:\Programmi\Free Downloads Accelerator\0.999\fdaie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (HKCU)
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: www.realarea.biz
O15 - Trusted Zone: www.sfonditalia.biz
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {12F7F128-B36C-4843-8AA4-A5F71A969331} (Launcher Control) - https://horizons.ist...ts/launcher.ocx
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup.../bridge-c15.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security2.nor...bin/AvSniff.cab
O16 - DPF: {68BCE50A-DC9B-4519-A118-6FDA19DB450D} (Info Class) - http://www.wow-europ.../wowbeta/Si.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1125910819528
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - http://www.infoproge...activex/AMC.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.infoproge...sCamControl.cab
O16 - DPF: {A662DA7E-CCB7-4743-B71A-D817F6D575DF} (Autodesk DWF Viewer Control) - http://www.autodesk....erSetup_ITA.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsec...scan/axscan.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security2.nor...c/bin/cabsa.cab
O16 - DPF: {D355E971-0F61-11D2-8955-00805FFCE6FB} (siawds-full-install) - https://ca.sia.it/se...ull-install.cab
O16 - DPF: {E87A6788-1D0F-4444-8898-1D25829B6755} - http://fdl.msn.com/p...at/msnchat4.cab
O16 - DPF: {F5BC716E-2650-4B08-9235-C110CF95017F} (Connessione Tiscali) - http://selfcare.tisc...ioneTiscali.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EB7BE332-F24D-4A0D-A809-87464322E130}: NameServer = 151.99.125.2,151.99.250.2
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\System32\CTSVCCDA.EXE (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido\security suite\ewidoctrl.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
  • 0

#4
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
See if this fixes the desktop problem:

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

Download smitRem at http://noahdfear.gee.../click.php?id=1 and save the file to your desktop.

Please download Ewido Security Suite at http://www.ewido.net/en/download/ and read the Ewido setup instructions at http://rstones12.gee.../ewidosetup.htm. Install it, and update the definitions to the newest files. Do NOT run a scan yet.

If you have not already installed Ad-Aware SE 1.06, follow the download and setup instructions at http://rstones12.gee...areSE_setup.htm. Otherwise, check for updates. Don't run it yet!

Download CleanUp! http://cleanup.stevengould.org/ (Alternate Link if main link don't work - http://www.greyknigh...spy/CleanUp.exe ) and install it. Don't run it yet.

Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work.

CleanUp! deletes EVERYTHING out of your temp/temporary folders, it does not make backups. If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp!. Run CleanUp! and click on the Options button. Uncheck 'Scan local drives for temporary files'. Also uncheck those two Newsgroup entries if you don't want to delete them. Click OK and then click on the CleanUp! button. Let it run. After it's done, choose Yes to logoff.

Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O4 - HKLM\..\Run: [tohkgacjqf] c:\windows\system32\tohkgacjqf.exe -start
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [iohiee] c:\windows\system32\bqvggwk.exe r
O15 - Trusted Zone: www.realarea.biz
O15 - Trusted Zone: www.sfonditalia.biz
O16 - DPF: {12F7F128-B36C-4843-8AA4-A5F71A969331} (Launcher Control) - https://horizons.ist...ts/launcher.ocx
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup.../bridge-c15.cab
O16 - DPF: {68BCE50A-DC9B-4519-A118-6FDA19DB450D} (Info Class) - http://www.wow-europ.../wowbeta/Si.cab
O16 - DPF: {D355E971-0F61-11D2-8955-00805FFCE6FB} (siawds-full-install) - https://ca.sia.it/se...ull-install.cab


Uninstall Media Access via the Add/Remove panel if listed.

Delete these if found:

c:\windows\system32\tohkgacjqf.exe
C:\Program Files\Media Access\
c:\windows\system32\bqvggwk.exe


Run the smitRem.exe tool you downloaded earlier. Follow the prompts on the screen. Wait for the tool to complete and disk cleanup to finish.

The tool will create a log named smitfiles.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.

Open Ad-aware and do a full scan. Remove all it finds.

Run Ewido:

* Click on scanner.
* Click on Complete System Scan and the scan will begin.
* NOTE: During some scans with ewido it is finding cases of false positives.
* You will need to step through the process of cleaning files one-by-one.
* If Ewido detects a file you KNOW to be legitimate, select none as the action.
* Do NOT select 'Perform action on all infections'.
* If you are unsure of any entry found, select none for now.
* When the scan is finished, click the Save report button at the bottom of the screen.
* Save the report to your desktop.

Close Ewido.

Next go to Control Panel->Display->Desktop (or Appearance)->Customize Desktop->Web-> Uncheck 'Security Info' if present.

Reboot back into Windows and go to http://www.pandasoft.../activescan.htm to do a full system scan. Make sure the autoclean box is checked. Save the scan log.

Then post the Panda log here along with the logs for HijackThis, smitfiles.txt and Ewido.
  • 0

#5
cowboys

cowboys

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
It's seem everything ok!
My desktop is come back and I don't find any missing thing or any error !
It's wonderful ! :tazz:

smitrem don't write any log
Panda leave something not disinfected
Following yo'll find : Hjck log, Panda log and ewido log

Please tell me if I need to do something more or if everything is ok.

For now, thank you.

Bye

Carlo


Logfile of HijackThis v1.99.1
Scan saved at 13.02.30, on 27/09/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Programmi\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Programmi\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\Mixer.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Programmi\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Programmi\Microsoft Office\Office\1040\msoffice.exe
C:\Programmi\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Programmi\Google\Google Desktop Search\GoogleDesktopCrawl.exe
D:\SKYPE\Phone\Skype.exe
C:\Programmi\Free Downloads Accelerator\0.999\fdaagent.exe
C:\Programmi\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cowboys.it/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IE 4.x-6.x BHO for Free Downloads Accelerator - {98DE779A-2364-4293-AB71-2B97C61C4640} - C:\PROGRA~1\FREEDO~1\0.999\fdahlp.dll
O3 - Toolbar: FDA Bar - {9595C62C-76C6-49A6-9BDA-3253DD7A34FF} - C:\Programmi\Free Downloads Accelerator\0.999\fdabar.dll
O4 - HKLM\..\Run: [Disc Detector] C:\Programmi\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [PC-CAM 600 STI App Registration] RunDLL32.exe PD023pin.dll,RunDLL32EP 512
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [anvshell] anvshell.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "D:\SKYPE\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - Global Startup: 3Deep.lnk = C:\Programmi\e-color\3Deep\3Deepctl.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: SonnReg.lnk = C:\Programmi\e-color\Registration\SonnReg.exe
O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O8 - Extra context menu item: Download with Free Downloads Accelerator - C:\Programmi\Free Downloads Accelerator\0.999\fdaie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (HKCU)
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security2.nor...bin/AvSniff.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1125910819528
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - http://www.infoproge...activex/AMC.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.infoproge...sCamControl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {A662DA7E-CCB7-4743-B71A-D817F6D575DF} (Autodesk DWF Viewer Control) - http://www.autodesk....erSetup_ITA.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsec...scan/axscan.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security2.nor...c/bin/cabsa.cab
O16 - DPF: {E87A6788-1D0F-4444-8898-1D25829B6755} - http://fdl.msn.com/p...at/msnchat4.cab
O16 - DPF: {F5BC716E-2650-4B08-9235-C110CF95017F} (Connessione Tiscali) - http://selfcare.tisc...ioneTiscali.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EB7BE332-F24D-4A0D-A809-87464322E130}: NameServer = 151.99.125.2,151.99.250.2
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\System32\CTSVCCDA.EXE (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido\security suite\ewidoctrl.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe


PANDA LOG

Incident Status Location

Dialer:dialer.cos No disinfected C:\Documents and Settings\Andrea\Dati applicazioni\MICROSOFT\INTERNET EXPLORER\QUICK LAUNCH\exsplorer.lnk
Dialer:dialer.akd No disinfected C:\Documents and Settings\Andrea\Dati applicazioni\MICROSOFT\INTERNET EXPLORER\QUICK LAUNCH\WinMoviePlugIn.lnk
Adware:adware/shoppingcommunityNo disinfected C:\WINDOWS\SYSTEM32\moconfig.exe
Dialer:dialer.b No disinfected C:\WINDOWS\SYSTEM32\mseggrpid.dll
Adware:adware/comet No disinfected C:\WINDOWS\DOWNLOADED PROGRAM FILES\cc.inf
Adware:adware/ipinsight No disinfected C:\WINDOWS\INF\alchem.inf
Adware:adware/msview No disinfected C:\WINDOWS\INF\MSView.inf
Adware:adware/twain-tech No disinfected C:\WINDOWS\INF\twaintec.inf
Adware:adware/gator No disinfected C:\WINDOWS\GatorPatch.log
Spyware:spyware/betterinet No disinfected C:\WINDOWS\susp.ini
Adware:adware/cws No disinfected C:\Documents and Settings\Andrea\Preferiti\Going Places
Adware:adware/wupd No disinfected Windows Registry
Spyware:Spyware/Media-motor No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.1\m67m.inf
Dialer:Dialer.XX No disinfected C:\WINDOWS\Downloaded Program Files\EGDACCESS.inf
Adware:Adware/IPInsight No disinfected C:\WINDOWS\inf\alchem.inf
Adware:Adware/MSView No disinfected C:\WINDOWS\inf\MSView.inf
Adware:Adware/Transponder No disinfected C:\WINDOWS\inf\polall1r.inf
Virus:Trj/Downloader.L Disinfected C:\WINDOWS\inf\susp.inf
Adware:Adware/Comet No disinfected C:\WINDOWS\system32\comet.inf
Virus:Trj/Qhost.gen Disinfected C:\WINDOWS\system32\drivers\etc\Hosts
Virus:Trj/Qhost.gen Disinfected C:\WINDOWS\system32\drivers\etc\hosts.20050607-133525.backup
Virus:Trj/Qhost.gen Disinfected C:\WINDOWS\system32\drivers\etc\hosts.20050607-133526.backup
Adware:Adware/ShoppingCommunityNo disinfected C:\WINDOWS\system32\moconfig.exe
Dialer:Dialer.CAG No disinfected C:\WINDOWS\system32\oklucexa.exe
Adware:Adware/P2PNetworking No disinfected C:\WINDOWS\system32\P2P Networking v124.cpl
Adware:Adware/WurldMedia No disinfected C:\WINDOWS\system32\winbpupd.exe





---------------------------------------------------------
ewido security suite - Rapporto Scansione
---------------------------------------------------------

+ Creato il: 4.00.28, 27/09/2005
+ Report-Checksum: B35414CD

+ Risultati scansione:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/EGDACCESS_1057.dll\\.Owner -> Dialer.Generic : Pulito con Backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/EGDACCESS_1057.dll\\{26D73573-F1B3-48C9-A989-E6CE071957A1} -> Dialer.Generic : Pulito con Backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/EGDHTML_1021.dll\\.Owner -> Dialer.Generic : Pulito con Backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/EGDHTML_1021.dll\\{94742E3F-D9A1-4780-9A87-2FFA43655DA2} -> Dialer.Generic : Pulito con Backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/EGDial.dll\\.Owner -> Dialer.Generic : Pulito con Backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/EGDial.dll\\{94742E3F-D9A1-4780-9A87-2FFA43655DA2} -> Dialer.Generic : Pulito con Backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/eglivecam_1028.dll\\.Owner -> Dialer.Generic : Pulito con Backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/eglivecam_1028.dll\\{50AD557E-3426-41FD-AFDD-2AF39BB1C387} -> Dialer.Generic : Pulito con Backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/ia.dll\\.Owner -> Spyware.eGroup : Pulito con Backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/ia.dll\\{486E48B5-ABF2-42BB-A327-2679DF3FB822} -> Spyware.eGroup : Pulito con Backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/LiveService_5.dll\\.Owner -> Dialer.Generic : Pulito con Backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/LiveService_5.dll\\{50AD557E-3426-41FD-AFDD-2AF39BB1C387} -> Dialer.Generic : Pulito con Backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/nethv32.dll\\.Owner -> Dialer.Generic : Pulito con Backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/nethv32.dll\\{469C7080-8EC8-43A6-AD97-45848113743C} -> Dialer.Generic : Pulito con Backup
HKU\S-1-5-21-220523388-1677128483-1343024091-1004\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{6685509E-B47B-4f47-8E16-9A5F3A62F683} -> Spyware.MoneyMaker : Pulito con Backup
HKU\S-1-5-21-220523388-1677128483-1343024091-1004\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{B195B3B3-8A05-11D3-97A4-0004ACA6948E} -> Spyware.HotBar : Pulito con Backup
D:\Program Files\Altnet\Download Manager\asm.exe -> Spyware.Altnet : Pulito con Backup


::Fine Rapporto
  • 0

#6
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Hi Carlo,

Go to Start->Run and type in notepad and hit OK. Then copy and paste the following into Notepad:

rmdir /s/q "C:\WINDOWS\Downloaded Program Files\CONFLICT.1\"
del delete.bat


Save the file as "delete.bat". Make sure to save it with the quotes. Double click on it to run it.

Download KillBox http://www.greyknigh...spy/KillBox.exe. Run KillBox and check the box that says 'End Explorer Shell While Killing File'. Next click on 'Delete on Reboot'. Copy the below files and go back to KillBox. Go to File->Paste from Clipboard and then hit the button with a red circle and white X. Confirm to delete and when asked if you want to reboot, say Yes:

C:\Documents and Settings\Andrea\Dati applicazioni\MICROSOFT\INTERNET EXPLORER\QUICK LAUNCH\exsplorer.lnk
C:\Documents and Settings\Andrea\Dati applicazioni\MICROSOFT\INTERNET EXPLORER\QUICK LAUNCH\WinMoviePlugIn.lnk
C:\WINDOWS\SYSTEM32\moconfig.exe
C:\WINDOWS\SYSTEM32\mseggrpid.dll
C:\WINDOWS\DOWNLOADED PROGRAM FILES\cc.inf
C:\WINDOWS\INF\alchem.inf
C:\WINDOWS\INF\MSView.inf
C:\WINDOWS\INF\twaintec.inf
C:\WINDOWS\GatorPatch.log
C:\WINDOWS\susp.ini
C:\Documents and Settings\Andrea\Preferiti\Going Places
C:\WINDOWS\Downloaded Program Files\EGDACCESS.inf
C:\WINDOWS\inf\alchem.inf
C:\WINDOWS\inf\MSView.inf
C:\WINDOWS\inf\polall1r.inf
C:\WINDOWS\system32\comet.inf
C:\WINDOWS\system32\moconfig.exe
C:\WINDOWS\system32\oklucexa.exe
C:\WINDOWS\system32\P2P Networking v124.cpl
C:\WINDOWS\system32\winbpupd.exe


If you get a PendingOperations message, just close it out and restart your computer yourself.

Restart and run a new Panda scan. Post that log here.
  • 0

#7
cowboys

cowboys

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hi, this is Panda log after your last istructions.

I wait your new istructions :tazz:

Carlo


Incident Status Location

Dialer:dialer.akd No disinfected C:\Documents and Settings\Andrea\Preferiti\explorer.lnk
Dialer:dialer.cos No disinfected C:\Documents and Settings\Andrea\Preferiti\exsplorer.lnk
Adware:adware/ipinsight No disinfected C:\WINDOWS\alchem.ini
Adware:adware/twain-tech No disinfected C:\WINDOWS\twaintec.ini
Adware:adware/cws No disinfected C:\Documents and Settings\Andrea\Preferiti\Living
Adware:adware/wupd No disinfected Windows Registry
Dialer:dialer.b No disinfected C:\WINDOWS\tmlpcert2005
Virus:W32/Bugbear.B Disinfected Secondrecovery\Posta in arrivo\Re: Invio PDX H2 INFORMATICA DI ARTURO HAMIL da Sede EXECUTIVE G.I. SEDE DI PAVIA\song.scr
Virus:W32/Netsky.B.worm Disinfected Secondrecovery\Posta in arrivo\hello\creditcard.zip[creditcard.doc.exe]
Virus:W32/Bagle.BC.worm Disinfected Secondrecovery\Posta in arrivo\Re: Hello\price.com
Virus:W32/Zafi.D.worm Disinfected Secondrecovery\Posta in arrivo\Re: Buon Natale!\cartoline.index.htm0864.zip[postcard.php8614.cmd]
Virus:W32/Zafi.D.worm Disinfected Secondrecovery\Posta in arrivo\Re: Buon Natale!\link.cartoline.index.jpg8614.zip[card.php5067.cmd]
Virus:W32/Bagle.BL.worm Disinfected Secondrecovery\Posta in arrivo\Is delivered mail\wsd01.com
Virus:W32/Bagle.pwdzip Disinfected Secondrecovery\Posta in arrivo\Returned post for announce@openoffice.org\Re:\Cat.zip
  • 0

#8
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Download KillBox http://www.greyknigh...spy/KillBox.exe. Run KillBox and check the box that says 'End Explorer Shell While Killing File'. Next click on 'Delete on Reboot'. Copy the below files and go back to KillBox. Go to File->Paste from Clipboard and then hit the button with a red circle and white X. Confirm to delete and when asked if you want to reboot, say Yes:

C:\Documents and Settings\Andrea\Preferiti\explorer.lnk
C:\Documents and Settings\Andrea\Preferiti\exsplorer.lnk
C:\WINDOWS\alchem.ini
C:\WINDOWS\twaintec.ini
C:\Documents and Settings\Andrea\Preferiti\Living
C:\WINDOWS\tmlpcert2005


Restart and run a new Panda scan. Post that log here again.
  • 0

#9
cowboys

cowboys

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hi Dear,
this is my Panda Log


Incident Status Location

Adware:adware/cws No disinfected C:\Documents and Settings\Andrea\Preferiti\Shop
Adware:adware/wupd No disinfected Windows Registry
Only a question :
which is the difference between scan "my computer" or "local disk" in panda scan ?
I've done "My computer" option but only to know ...

Bye
Carlo
  • 0

#10
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Hi Carlo, My Computer is the correct option. Some online scans call it local disk (ex: the c: drive). But you did it correctly :tazz:

What is Preferiti? Do you know what that folder is for? If not, I want you to delete the whole folder:

C:\Documents and Settings\Andrea\Preferiti\

Restart and run another Panda scan. Anything else found (besides that minor registry problem - don't worry about that one)?

Your log is clean.

To help prevent future spyware installations/infections, please read the Anti-Spyware Tutorial and use the tools provided.

Are there any problems now? If not, you should be set to go.
  • 0

#11
cowboys

cowboys

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
"Preferiti" is the "preferred sites" option of internet explorer !
So I prefer to keep !

Now the computer work perfect i will do another panda scan just to be sure and i'll send to you a message to confirm.

But tell me please which is the initial problem .........

I'm very surprise about your great work.
Till some days ago i cannot imagine that there is in a world an organization like yours !
You have done a great job ! Professional, simple also if the argument it's so complicated and very precious.

I don't find the word to tell you thanks for what do you do every days.

But I want a promise from you, if someday you'll travel to Italy please send me a message, I want to know you and drink a beer togheter ..... i'll pay for you :tazz:

Bye

Carlo
  • 0

#12
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Carlo, in that case, delete this folder then (it's bad):

C:\Documents and Settings\Andrea\Preferiti\Shop

:tazz: Not sure if I will visit Italy, but who know's....

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP