Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

PokaPoka70, 5Eplorer.exe have hijacked my system [RESOLVED]


  • This topic is locked This topic is locked

#16
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.
  • We need to make sure all hidden files are showing so please:
    • Open My Computer.
    • Select the Tools menu and click Folder Options.
    • Select the View Tab.
    • Under the Hidden files and folders heading select Show hidden files and folders.
    • Uncheck the Hide protected operating system files (recommended) option.
    • Click Yes to confirm.
    • Click OK.
  • Please RUN HijackThis, click the SCAN button to produce a log.
    • Place a check mark beside each one of the following items:

      R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.ampmsearch.com/sp2.php
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINNT\system32\Searchx.htm
      R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.ampmsearch.com/sp2.php
      R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
      R3 - Default URLSearchHook is missing
      O1 - Hosts: 216.39.69.102 view.atdmt.com
      O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
      O4 - HKLM\..\Run: [winsync] C:\WINNT\system32\lldgsd.exe reg_run
      O4 - HKLM\..\Run: [hfqbrjm] C:\WINNT\system32\liuvoy\hfqbrjm.exe
      O4 - HKLM\..\Run: [hwvgg] C:\WINNT\system32\jkykw\hwvgg.exe
      O4 - HKLM\..\Run: [lucw] C:\WINNT\system32\oklwqfnv\lucw.exe
      O4 - HKLM\..\Run: [mqxgmkec] C:\WINNT\system32\lgthv\mqxgmkec.exe
      O4 - HKLM\..\Run: [pjpb] C:\WINNT\system32\uvgqapd\pjpb.exe
      O4 - HKLM\..\Run: [wmfmidv] C:\WINNT\system32\cscoiyec\wmfmidv.exe
      O4 - HKLM\..\Run: [ntdll.dll] C:\WINNT\system32\lldgsd.exe reg_run
      O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
      O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
      O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
      O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
      O9 - Extra button: (no name) - {136459A0-FFA8-4345-83D1-BBDE11EBAEB7} - C:\WINNT\system32\loghours1095k.dll (file missing) (HKCU)
      O9 - Extra button: (no name) - {23D1FF34-48E2-4CD0-ADD0-728F709994BB} - (no file) (HKCU)
      O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
      O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\ecwfrjcs.exe
      O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
      O16 - DPF: {22FB8D7E-0524-42D6-B84D-7F3ABE2B5487} - http://hhm04ntfs/AffinityGUIM2.CAB
      O16 - DPF: {666DDE35-E955-11D0-A707-000000521958} - http://69.56.176.227/webplugin.cab
      O16 - DPF: {972BB342-14A7-4660-83C1-51DDBEE171DB} - http://www.pacimedia...ll/pcs_0031.exe
      O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://winfixer.com/...nnerInstall.cab
      O18 - Filter: text/html - {8293D547-38DD-4325-B35A-F1817EDFA5FC} - (no file)
      O23 - Service: mqxgmkeclgthv - Unknown owner - C:\WINNT\system32\lgthv\mqxgmkec.exe (file missing)


    • Now with all the items selected, and all windows closed except for HJT, DELETE them by clicking the FIX checked button and EXIT the program.
  • Reboot Your System in Safe Mode

    How To Start To Safe Mode In Windows 2000
    • Turn the computer on
    • When you see the black-and-white Starting Windows bar at the bottom of the screen, start tapping the F8 key.
    • The Windows 2000 Advanced Options Menu will appear.
    • Choose the Safe mode option. (it is usually the first item in the list).
    • Use the arrow keys to select it if it is not selected by default.
    • Press Enter. The computer will start in Safe mode.
    • When finished troubleshooting, close all programs and restart the computer as you normally would.
  • Using Windows Explorer, locate the following files/folders (with all their content), and DELETE them (if they are present):

    C:\WINNT\system32\lyncusb.exe
    C:\WINNT\system32\liuvoy<==Folder
    C:\WINNT\system32\jkykw<===Folder
    C:\WINNT\system32\oklwqfnv<===Folder
    C:\WINNT\system32\uvgqapd<==Folder
    C:\WINNT\system32\cscoiyec<===Folder
    C:\WINNT\system32\Searchx.htm
    C:\Program Files\Winamp\winampa.exe
    C:\WINNT\system32\lldgsd.exe
    C:\WINNT\system32\lgthv<==Folder
    C:\WINNT\system32\loghours1095k.dll
    C:\Program Files\Ebates_MoeMoneyMaker<==Folder
    C:\Program Files\Internet Explorer\ecwfrjcs.exe
    c:\counter.cab

  • Exit Explorer, and REBOOT BACK INTO NORMAL MODE

  • Finally, RUN Hijackthis again and produce a new HJT log. Post it in the forum so we can check how everything looks now.
Regards,

Trevuren

  • 0

Advertisements


#17
RB2659

RB2659

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Sorry i'm back. I was away for the weekend. Completed the last request. New log below:

Logfile of HijackThis v1.99.1
Scan saved at 7:19:28 PM, on 10/4/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\ibmpmsvc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\Ati2evxx.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\NavNT\defwatch.exe
C:\WINNT\SYSTEM32\DWRCS.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINNT\system32\hidserv.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINNT\System32\NMSSvc.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\wanmpsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\Promon.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINNT\system32\PRPCUI.exe
C:\WINNT\AGRSMMSG.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\tphkmgr.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Iomega HotBurn\Autolaunch.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Microsoft Firewall Client\ISATRAY.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\eFax Messenger 3.4\J2GDllCmd.exe
C:\Program Files\eFax Messenger 3.4\J2GTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.1.1.7:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.medcathdns.com;citrix;intranet;clt*;10.*;*.medcath.com;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.../7_2/home.html"); (C:\Documents and Settings\boosra0\Application Data\Mozilla\Profiles\default\1e8wjsuy.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\boosra0\Application Data\Mozilla\Profiles\default\1e8wjsuy.slt\prefs.js)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TpHotkey] C:\PROGRA~1\ThinkPad\UTILIT~1\tphkmgr.exe
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
O4 - HKLM\..\Run: [Drag'n'Drop_Autolaunch] "C:\Program Files\Iomega HotBurn\Autolaunch.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O4 - Startup: eFax Live Menu 3.4.lnk = C:\Program Files\eFax Messenger 3.4\J2GDllCmd.exe
O4 - Startup: eFax Tray Menu 3.4.lnk = C:\Program Files\eFax Messenger 3.4\J2GTray.exe
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0a\aoltray.exe
O4 - Global Startup: Firewall Client Connectivity Monitor.LNK = C:\Program Files\Microsoft Firewall Client\ISATRAY.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O4 - Global Startup: VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra button: (no name) - {136459A0-FFA8-4345-83D1-BBDE11EBAEB7} - C:\WINNT\system32\loghours1095k.dll (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://www.webmeeting.att.com
O15 - Trusted Zone: http://www.hsbdirectoriesonline.com
O15 - Trusted Zone: *.intranet
O15 - Trusted Zone: *.medcath.com
O15 - Trusted Zone: *.medcathdns.com
O15 - Trusted Zone: http://www.medcathu.com
O15 - Trusted Zone: http://webportal.ncogroup.com
O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} (Support.com ActionRunner Class) - https://www-3.ibm.co...oad/tgctlar.cab
O16 - DPF: {01111E00-3E00-11D2-8470-0060089874ED} (Support.com SmartIssue) - https://www-3.ibm.co...oad/tgctlsi.cab
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} (Quicksilver Class) - http://scpwha.ops.pl...quicksilver.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp...ads/sysinfo.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - https://www-3.ibm.co...ad/IbmEgath.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} - http://us.dl1.yimg.c...ropper1_3us.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.c...ers/play365.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.co...aploader_v7.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://medhost.webe...bex/ieatgpc.cab
O16 - DPF: {E845DB47-704A-4A2F-87C0-E29BEA72C280} (AffinityGui.Application) - http://clt60ntfs/AffinityGUIM2.CAB
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.walgreens...oad/XUpload.ocx
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://winfixer.com/...nnerInstall.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = medcathdns.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{2CD68452-E1F5-44DC-BB05-9A2726627523}: Domain = medcathdns.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{9637BE4B-3B7A-4064-88CB-E0D5BAA20F19}: Domain = medcathdns.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = medcathdns.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = medcathdns.com
O20 - Winlogon Notify: NavLogon - C:\WINNT\System32\NavLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development - C:\WINNT\SYSTEM32\DWRCS.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINNT\system32\ibmpmsvc.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: Lync USB Auditor Service (LyncUSBServ) - Lync Software - C:\WINNT\system32\lyncusb.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe
  • 0

#18
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
  • Please RUN HijackThis.
    . Click the SCAN button to produce a log.

  • Place a check mark beside each one of the following items:

    O9 - Extra button: (no name) - {136459A0-FFA8-4345-83D1-BBDE11EBAEB7} - C:\WINNT\system32\loghours1095k.dll (file missing) (HKCU)
    O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://winfixer.com/...nnerInstall.cab


  • Now with all the items selected, and all windows closed except for HJT, delete them by clicking the FIX checked button. Close the HijackThis window.

  • Reboot Your System


  • Finally, RUN Hijackthis again and produce a new HJT log. Post it in the forum so we can check how everything looks now. In addition, please tell me if there are any more malware problems that you are aware of.
Regards,

Trevuren

  • 0

#19
RB2659

RB2659

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Here is the latest HJT log. I do not see anything else out there that is questionable.....


Logfile of HijackThis v1.99.1
Scan saved at 9:24:34 PM, on 10/4/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\ibmpmsvc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\Ati2evxx.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\NavNT\defwatch.exe
C:\WINNT\SYSTEM32\DWRCS.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINNT\system32\hidserv.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINNT\system32\lyncusb.exe
C:\WINNT\System32\NMSSvc.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\wanmpsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\Promon.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINNT\system32\PRPCUI.exe
C:\WINNT\AGRSMMSG.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\tphkmgr.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Iomega HotBurn\Autolaunch.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\WINNT\system32\mobsync.exe
C:\Program Files\Microsoft Firewall Client\ISATRAY.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\eFax Messenger 3.4\J2GDllCmd.exe
C:\Program Files\eFax Messenger 3.4\J2GTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.1.1.7:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.medcathdns.com;citrix;intranet;clt*;10.*;*.medcath.com;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.../7_2/home.html"); (C:\Documents and Settings\BoosRA0\Application Data\Mozilla\Profiles\default\1e8wjsuy.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\BoosRA0\Application Data\Mozilla\Profiles\default\1e8wjsuy.slt\prefs.js)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TpHotkey] C:\PROGRA~1\ThinkPad\UTILIT~1\tphkmgr.exe
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
O4 - HKLM\..\Run: [Drag'n'Drop_Autolaunch] "C:\Program Files\Iomega HotBurn\Autolaunch.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O4 - Startup: eFax Live Menu 3.4.lnk = C:\Program Files\eFax Messenger 3.4\J2GDllCmd.exe
O4 - Startup: eFax Tray Menu 3.4.lnk = C:\Program Files\eFax Messenger 3.4\J2GTray.exe
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0a\aoltray.exe
O4 - Global Startup: Firewall Client Connectivity Monitor.LNK = C:\Program Files\Microsoft Firewall Client\ISATRAY.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O4 - Global Startup: VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://www.webmeeting.att.com
O15 - Trusted Zone: http://www.hsbdirectoriesonline.com
O15 - Trusted Zone: *.intranet
O15 - Trusted Zone: *.medcath.com
O15 - Trusted Zone: *.medcathdns.com
O15 - Trusted Zone: http://www.medcathu.com
O15 - Trusted Zone: http://webportal.ncogroup.com
O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} (Support.com ActionRunner Class) - https://www-3.ibm.co...oad/tgctlar.cab
O16 - DPF: {01111E00-3E00-11D2-8470-0060089874ED} (Support.com SmartIssue) - https://www-3.ibm.co...oad/tgctlsi.cab
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} (Quicksilver Class) - http://scpwha.ops.pl...quicksilver.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp...ads/sysinfo.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - https://www-3.ibm.co...ad/IbmEgath.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} - http://us.dl1.yimg.c...ropper1_3us.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.c...ers/play365.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.co...aploader_v7.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://medhost.webe...bex/ieatgpc.cab
O16 - DPF: {E845DB47-704A-4A2F-87C0-E29BEA72C280} (AffinityGui.Application) - http://clt60ntfs/AffinityGUIM2.CAB
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.walgreens...oad/XUpload.ocx
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = medcathdns.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{2CD68452-E1F5-44DC-BB05-9A2726627523}: Domain = medcathdns.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{9637BE4B-3B7A-4064-88CB-E0D5BAA20F19}: Domain = medcathdns.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = medcathdns.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = medcathdns.com
O20 - Winlogon Notify: NavLogon - C:\WINNT\System32\NavLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development - C:\WINNT\SYSTEM32\DWRCS.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINNT\system32\ibmpmsvc.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: Lync USB Auditor Service (LyncUSBServ) - Lync Software - C:\WINNT\system32\lyncusb.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe
  • 0

#20
RB2659

RB2659

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Here is the latest HJT log. I do not see anything else out there that is questionable.....


Logfile of HijackThis v1.99.1
Scan saved at 9:24:34 PM, on 10/4/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\ibmpmsvc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\Ati2evxx.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\NavNT\defwatch.exe
C:\WINNT\SYSTEM32\DWRCS.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINNT\system32\hidserv.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINNT\system32\lyncusb.exe
C:\WINNT\System32\NMSSvc.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\wanmpsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\Promon.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINNT\system32\PRPCUI.exe
C:\WINNT\AGRSMMSG.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\tphkmgr.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Iomega HotBurn\Autolaunch.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\WINNT\system32\mobsync.exe
C:\Program Files\Microsoft Firewall Client\ISATRAY.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\eFax Messenger 3.4\J2GDllCmd.exe
C:\Program Files\eFax Messenger 3.4\J2GTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.1.1.7:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.medcathdns.com;citrix;intranet;clt*;10.*;*.medcath.com;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.../7_2/home.html"); (C:\Documents and Settings\BoosRA0\Application Data\Mozilla\Profiles\default\1e8wjsuy.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\BoosRA0\Application Data\Mozilla\Profiles\default\1e8wjsuy.slt\prefs.js)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TpHotkey] C:\PROGRA~1\ThinkPad\UTILIT~1\tphkmgr.exe
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
O4 - HKLM\..\Run: [Drag'n'Drop_Autolaunch] "C:\Program Files\Iomega HotBurn\Autolaunch.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O4 - Startup: eFax Live Menu 3.4.lnk = C:\Program Files\eFax Messenger 3.4\J2GDllCmd.exe
O4 - Startup: eFax Tray Menu 3.4.lnk = C:\Program Files\eFax Messenger 3.4\J2GTray.exe
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0a\aoltray.exe
O4 - Global Startup: Firewall Client Connectivity Monitor.LNK = C:\Program Files\Microsoft Firewall Client\ISATRAY.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O4 - Global Startup: VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://www.webmeeting.att.com
O15 - Trusted Zone: http://www.hsbdirectoriesonline.com
O15 - Trusted Zone: *.intranet
O15 - Trusted Zone: *.medcath.com
O15 - Trusted Zone: *.medcathdns.com
O15 - Trusted Zone: http://www.medcathu.com
O15 - Trusted Zone: http://webportal.ncogroup.com
O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} (Support.com ActionRunner Class) - https://www-3.ibm.co...oad/tgctlar.cab
O16 - DPF: {01111E00-3E00-11D2-8470-0060089874ED} (Support.com SmartIssue) - https://www-3.ibm.co...oad/tgctlsi.cab
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} (Quicksilver Class) - http://scpwha.ops.pl...quicksilver.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp...ads/sysinfo.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - https://www-3.ibm.co...ad/IbmEgath.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} - http://us.dl1.yimg.c...ropper1_3us.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.c...ers/play365.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.co...aploader_v7.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://medhost.webe...bex/ieatgpc.cab
O16 - DPF: {E845DB47-704A-4A2F-87C0-E29BEA72C280} (AffinityGui.Application) - http://clt60ntfs/AffinityGUIM2.CAB
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.walgreens...oad/XUpload.ocx
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = medcathdns.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{2CD68452-E1F5-44DC-BB05-9A2726627523}: Domain = medcathdns.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{9637BE4B-3B7A-4064-88CB-E0D5BAA20F19}: Domain = medcathdns.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = medcathdns.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = medcathdns.com
O20 - Winlogon Notify: NavLogon - C:\WINNT\System32\NavLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development - C:\WINNT\SYSTEM32\DWRCS.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINNT\system32\ibmpmsvc.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: Lync USB Auditor Service (LyncUSBServ) - Lync Software - C:\WINNT\system32\lyncusb.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe
  • 0

#21
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Congratulations, your log shows that your SYSTEM IS CLEAN

There are a few things you must do once you are completely clean:

1. Re-hide your System Files and Folders to prevent any future accidents.

Reconfigure Windows XP to hide hidden files:
  • Click Start. Open My Computer.
  • Select the Tools menu and click Folder Options. Select the View Tab.
  • Under the Hidden files and folders heading deselect "Show hidden files and folders".
  • Check the "Hide protected operating system files (recommended)" option.
  • Click Yes to confirm. Click OK.
2. Reset and Re-enable your System Restore to remove bad files from the backup that Windows makes as no program is able to clean those files:

TO DISABLE SYSTEM RESTORE
  • Right-click "My Computer", and then left click "Properties".
  • Left click on "System Restore Tab"
  • Check box beside "Turn Off System Restore"
  • Left click on "Apply"
TO ENABLE SYSTEM RESTORE
  • Remove check mark from "Turn Off System Restore"
  • Click on "Apply"
Here are some tips to reduce the potential for spyware infection in the future:

Make sure you keep your Windows OS current by visiting Windows update
regularly to download and install any critical updates and service packs. With out these you are leaving the backdoor open.

I strongly recommend installing the following applications:
  • Spywareblaster <= SpywareBlaster will prevent spyware from being installed.
  • Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.
  • How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
  • How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.
To protect yourself further:
  • Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  • Google Toolbar <= Get the free google toolbar to help stop pop up windows.
And also see TonyKlein's good advice
So how did I get infected in the first place? (My Favorite)

Regards,

Trevuren

  • 0

#22
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP