Please Help! Spy Pop-Ups while surfing - Gladiator Security Forum

Forum Rules

Greetings,

Before you post in this forum,please read and follow the instructions in this post: Guidelines for Posting in This Forum

Failure to follow these instructions will only result in delays of the cleaning and removal process.

If you ran other AntiVirus and/or AntiSpyware programs and have the logs available, please post them as well.

Our goal is to help you clean your PC and restore it to pre-infection condition wherever possible.

Thank You

Please Help! Spy Pop-Ups while surfing, log included...I can phone you!

Options

fabian View Member Profile	Dec 5 2004, 02:46 AM Post #1
Active Member Group: Member Posts: 37 Joined: 5-December 04 Member No.: 12041	I've also noticed my recycle bin is kinda dead. I deleted something and it does not show up in the recycle bin, kinda mysterious. dont know what that would mean. Appreciate any help! Thanks! willing to call you if you can help...PM ur phone number.... Logfile of HijackThis v1.98.2 Scan saved at 9:32:43 PM, on 12/4/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Norton Internet Security\NISUM.EXE C:\Program Files\Norton Internet Security\ccPxySvc.exe C:\WINNT\system32\cisvc.exe C:\WINNT\CommuniGatePro\CGStarter.exe C:\WINNT\CommuniGatePro\CGServer.exe C:\WINNT\system32\crypserv.exe C:\WINNT\System32\inetsrv\inetinfo.exe C:\Program Files\Tiny Personal Firewall\persfw.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\cidaemon.exe C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-ca\msnappau.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINNT\System32\devldr32.exe C:\WINNT\System32\wuauclt.exe C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe C:\Program Files\Exif Launcher\QuickDCF.exe C:\Program Files\Hewlett-Packard\AiO\hp psc 900 series\Bin\hpobrt07.exe C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasDtServ.exe C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CapMan.exe C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\ElogErr.exe C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\BROADC~1.EXE C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\SCRFS.exe C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\WINNT\System32\hpoipm07.exe C:\WINNT\system32\rundll32.exe C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe C:\Program Files\Internet Explorer\iexplore.exe C:\PROGRA~1\WINZIP\winzip32.exe C:\WINNT\explorer.exe C:\HJT\hijackthis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\about.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\about.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - Default URLSearchHook is missing O1 - Hosts: 69.20.16.183 search.netscape.com O1 - Hosts: 69.20.16.183 ieautosearch O1 - Hosts: 69.20.16.183 ieautosearch O1 - Hosts: 69.20.16.183 ieautosearch O1 - Hosts: 69.20.16.183 auto.search.msn.com O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-ca\msntb.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot O4 - HKLM\..\Run: [HadithQudsi] C:\Program Files\DivineIslam\Hadith Qudsi 1.0\HadithQudsi.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-ca\msnappau.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [SpywareKilla] "C:\Program Files\SpywareKilla\SpywareKilla.exe" /s O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\Exif Launcher\QuickDCF.exe O4 - Global Startup: HPAiODevice(hp psc 900 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 900 series\Bin\hpobrt07.exe O4 - Global Startup: LimeWire 4.0.8.lnk = C:\Program Files\LimeWire\LimeWire 4.0.8\LimeWire.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Phone Connection Monitor.lnk = ? O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O10 - Unknown file in Winsock LSP: c:\winnt\system32\aklsp.dll O10 - Unknown file in Winsock LSP: c:\winnt\system32\aklsp.dll O10 - Unknown file in Winsock LSP: c:\winnt\system32\aklsp.dll O10 - Unknown file in Winsock LSP: c:\winnt\system32\aklsp.dll O12 - Plugin for .hiv: C:\WINNT\Downloaded Program Files\nphijkjv.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: DigiChat Applet - http://host16.digichat.com/DigiChat/DigiCl...s/Client_IE.cab O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab O16 - DPF: Yahoo! Finance MarketTracker - http://finance.yahoo.com/jmt/mt.cab O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstall...l?1_compaq&true O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab O16 - DPF: {1B9935E4-8A50-4DD8-BD09-A7518723BF97} (eAssist NetAgent Customer ActiveX Control version 3) - https://intuitcanada.ehosts.net/netagent/ob...s/custappx3.CAB O16 - DPF: {1C955F3B-5B32-4393-A05D-24B4970CD2A1} - http://streamg.redhotnetworks.com/cabs/videox.cab O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} (RdxIE Class) - http://207.188.7.150/05f5e2eb4eeda18aae01/netzip/RdxIE.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1097782091742 O16 - DPF: {75565ED2-1560-4F15-B841-20358DE6A0D1} (ImageControl Class) - http://content.ancestry.com/asfiles/files/...ll/MFImgVwr.cab O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://ra.camh.net/QSTSweb/msrdp.cab O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://carpoint.msn.com/Components/Ocx/SurVid/MSSurVid.cab O16 - DPF: {BB47CA33-8B4D-11D0-9511-00C04FD9152D} (ExteriorSurround Object) - http://carpoint.msn.com/Components/Ocx/Exterior/Outside.cab O16 - DPF: {BC26D98E-4F8E-11D4-B523-94ED45C04971} (PrintQuickActiveXSetup Class) - http://www.pqvalet.com/plugin/win/ie/printQuick.cab O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! WebCam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup145.cab O16 - DPF: {EF0DBA6F-43CE-4B26-9808-2AB38FA0DB29} (MSN Money Ticker) - http://fdl.msn.com/public/investor/v13/ticker.cab O16 - DPF: {F5820AD3-9B20-423E-B2AA-7AF2B4055746} (CRegistryDownload Class) - http://download.paltalk.com/download/0.x/regdload.cab Files Found--- Additional Files--- C:\WINNT\System32\spOrder.dll Keys Under Notify---AdminDebug Keys Under Notify---crypt32chain Keys Under Notify---cryptnet Keys Under Notify---cscdll Keys Under Notify---ScCertProp Keys Under Notify---Schedule Keys Under Notify---sclgntfy Keys Under Notify---SensLogn Keys Under Notify---termsrv Keys Under Notify---wlballoon Guardian Key--- is called: User Agent String--- {F5236793-603A-4E52-842E-A51574DF02BC}

fabian View Member Profile	Dec 5 2004, 02:48 AM Post #2
Active Member Group: Member Posts: 37 Joined: 5-December 04 Member No.: 12041	Logfile of Browser Hijack Recover(BHR) v1.01 http://www.browser-hijack.com/hijack/ Log created on 12/4/2004 9:07:20 PM Microsoft Windows XP Professional Service Pack 1 (Build 2600) Internet Explorer v6.0.2800.1106 Update Versions: ;SP1;Q832894;Q330994; [Process Manager] - [Process] C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Norton Internet Security\NISUM.EXE C:\Program Files\Norton Internet Security\ccPxySvc.exe C:\WINNT\system32\cisvc.exe C:\WINNT\CommuniGatePro\CGStarter.exe C:\WINNT\CommuniGatePro\CGServer.exe C:\WINNT\system32\crypserv.exe C:\WINNT\System32\inetsrv\inetinfo.exe C:\Program Files\Tiny Personal Firewall\persfw.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\cidaemon.exe C:\WINNT\Explorer.EXE C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-ca\msnappau.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINNT\System32\devldr32.exe C:\WINNT\System32\wuauclt.exe C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe C:\Program Files\Exif Launcher\QuickDCF.exe C:\Program Files\Hewlett-Packard\AiO\hp psc 900 series\Bin\hpobrt07.exe C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasDtServ.exe C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CapMan.exe C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\ElogErr.exe C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\BROADC~1.EXE C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\SCRFS.exe C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\WINNT\System32\hpoipm07.exe C:\WINNT\system32\rundll32.exe C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe C:\Program Files\Real\RealOne Player\realplay.exe C:\Program Files\Browser Hijack Recover\bhr.exe [Process Manager] - [NT Services] [IE Options] [IE Options] - [Normal] R0 - HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R0 - HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome R0 - HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main,Window Title = [IE Options] - [IE Menu] O6 - HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions, NoBrowserSaveAs = 0 O6 - HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions, NoFileNew = 0 O6 - HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions, NoBrowserClose = 0 O6 - HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions, NoFileOpen = 0 O6 - HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions, NoTheaterMode = 0 O6 - HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions, NoViewSource = 0 O6 - HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions, NoBandCustomize = 0 O6 - HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions, NoToolbarCustomize = 0 O6 - HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions, NoFavorites = 0 O6 - HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions, NoAddingChannels = 0 O6 - HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions, NoBrowserOptions = 0 O6 - HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions, NoBrowserContextMenu = 0 O6 - HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions, NoOpeninNewWnd = 0 O6 - HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions, NoSplash = 0 O6 - HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions, NoJITSetup = 0 [IE Options] - [Internet Options] O6 - HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel, GeneralTab = 0 O6 - HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel, HomePage = 0 O6 - HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel, Cache = 0 O6 - HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel, History = 0 O6 - HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel, Colors = 0 O6 - HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel, links = 0 O6 - HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel, Fonts = 0 O6 - HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel, Languages = 0 O6 - HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel, Accessibility = 0 O6 - HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel, SecurityTab = 0 O6 - HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel, ContentTab = 0 O6 - HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel, Ratings = 0 O6 - HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel, Certificates = 0 O6 - HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel, FormSuggest = 0 O6 - HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel, FormSuggest Passwords = 0 O6 - HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel, Profiles = 0 O6 - HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel, ConnectionsTab = 0 O6 - HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel, DialupAutodetect = 0 O6 - HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel, EnableAutoProxyResultCache = 0 O6 - HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel, Connection Settings = 0 O6 - HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel, Connwiz Admin Lock = 0 O6 - HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel, Proxy = 0 [IE Options] - [IE Search Hooks] [IE Add-Ons] - [Toolbars] O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-ca\msntb.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll [IE Add-Ons] - [Explorer Bars] O9 - Extra "View" Explorer Bars: Search Band - {30D02401-6A81-11D0-8274-00C04FD5AE38} - C:\WINNT\System32\browseui.dll O9 - Extra "View" Explorer Bars: Media Band - {32683183-48a0-441b-a342-7c2a440a9478} - C:\WINNT\System32\browseui.dll O9 - Extra "View" Explorer Bars: (No Name) - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - (No File) O9 - Extra "View" Explorer Bars: File Search Explorer Band - {C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} - C:\WINNT\system32\SHELL32.dll O9 - Extra "View" Explorer Bars: Favorites Band - {EFA24E61-B078-11D0-89E4-00C04FC9E26E} - C:\WINNT\System32\shdocvw.dll O9 - Extra "View" Explorer Bars: Explorer Band - {EFA24E64-B078-11D0-89E4-00C04FC9E26E} - C:\WINNT\System32\shdocvw.dll [IE Add-Ons] - [Context Menu] [IE Add-Ons] - [BHOs] O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-ca\msntb.dll [IE Add-Ons] - [Tools Menu] O9 - Extra "Tool" Menu Item: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE [IE Add-Ons] - [Tools Button] O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE [System Options] [AutoLoad] 04 - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run msnmsgr = C:\Program Files\MSN Messenger\msnmsgr.exe" /background 04 - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run SpywareKilla = C:\Program Files\SpywareKilla\SpywareKilla.exe" /s 04 - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run Symantec NetDriver Monitor = C:\PROGRA~1\SYMNET~1\SNDMon.exe 04 - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run Yahoo! Pager = C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet 04 - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run Synchronization Manager = mobsync.exe /logon 04 - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run TkBellExe = C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot 04 - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run HadithQudsi = C:\Program Files\DivineIslam\Hadith Qudsi 1.0\HadithQudsi.exe 04 - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run KernelFaultCheck = C:\WINNT\system32\dumprep 0 -k 04 - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run ccApp = C:\Program Files\Common Files\Symantec Shared\ccApp.exe 04 - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run ccRegVfy = C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe 04 - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run msnappau = C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-ca\msnappau.exe 04 - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run QuickTime Task = C:\Program Files\QuickTime\qttask.exe" -atboottime 04 - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run gcasServ = C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe O4 - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\PROGRA~1\Adobe\ACROBA~1.0\Distillr\AcroTray.exe O4 - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Exif Launcher.lnk = C:\PROGRA~1\EXIFLA~1\QuickDCF.exe O4 - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HPAiODevice(hp psc 900 series) - 1.lnk = C:\PROGRA~1\HEWLET~1\AiO\HPPSC9~1\Bin\hpobrt07.exe O4 - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\LimeWire 4.0.8.lnk = C:\PROGRA~1\LimeWire\LIMEWI~1.8\LimeWire.exe O4 - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\PROGRA~1\MICROS~2\Office\OSA9.EXE O4 - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Phone Connection Monitor.lnk = C:\PROGRA~1\SONYER~1\Mobile\AUDEVI~1.EXE

Bobbi Flekman View Member Profile	Dec 5 2004, 02:11 PM Post #3
The computer whisperer Group: Admin Posts: 5988 Joined: 17-April 04 From: Isla Nublar Member No.: 6954	Hi fabian, Download LSPfix here: www.cexx.org/lspfix.htm Start the application, and click the "I know what I'm doing" checkbox. Check all instances of aklsp.dll (and nothing else), and move them to the "Remove" pane. Then click Finish and reboot. Run HijackThis, click on "Scan" and check the boxes next to all these items. R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\about.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\about.htm R3 - Default URLSearchHook is missing O1 - Hosts: 69.20.16.183 search.netscape.com O1 - Hosts: 69.20.16.183 ieautosearch O1 - Hosts: 69.20.16.183 ieautosearch O1 - Hosts: 69.20.16.183 ieautosearch O1 - Hosts: 69.20.16.183 auto.search.msn.com SpywareKilla is on Spyware Warrior's Rogue List. Uninstall this program! O4 - HKCU\..\Run: [SpywareKilla] "C:\Program Files\SpywareKilla\SpywareKilla.exe" /s You are using LimeWire. This is not technically malware by itself, but it installs malware in order to run properly and it opens the door for every other nasty program you can think of. I strongly recommend that you remove it. Read this article for alternatives that will provide some of the same function without the garbage: http://www.spywareinfo.com/articles/p2p/ If you opt to remove it, first use "Add/Remove Program" to remove it and any reference to LimeWire. This is another article: http://www.cexx.org/adware.htm If you are going to uninstall this program, also check this item: O4 - Global Startup: LimeWire 4.0.8.lnk = C:\Program Files\LimeWire\LimeWire 4.0.8\LimeWire.exe O12 - Plugin for .hiv: C:\WINNT\Downloaded Program Files\nphijkjv.dll O16 - DPF: {1C955F3B-5B32-4393-A05D-24B4970CD2A1} - http://streamg.redhotnetworks.com/cabs/videox.cab O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} (RdxIE Class) - http://207.188.7.150/05f5e2eb4eeda18aae01/netzip/RdxIE.cab Then close all windows, and browsers, except HijackThis. Tell HijackThis to "Fix checked". Restart your computer in Safe Mode. How do I Safe Boot my computer? Show hidden files. How do I show hidden files? Folders and files with a tilde (~), means that there is a file/folder that starts with the six characters in front of the tilde, note that there may be spaces in the name. If there are more than one, please report them back and do not delete! Delete the following files in red (it could be that they are deleted already): C:\WINNT\about.htm C:\WINNT\Downloaded Program Files\nphijkjv.dll Delete the following folders in red (it could be that they are deleted already): C:\Program Files\SpywareKilla if you uninstalled LimeWire C:\Program Files\LimeWire Restart your computer. Sign off and stay off the internet until the entire procedure is complete. Run vx2finder. Press "Click to Find VX2.BetterInternet" Select all the files found Press "Delete These Files" The program will delete all files. Once deleted: a. Press "User Agent$" b. Press "Restore Desktop" c. Press "Import Reg" Then... Download Ad-aware SE from: http://www.majorgeeks.com/download506.html Install the program and launch it. First, in the main window, look in the bottom right corner and click on Check for updates now and download the latest reference files. Next, we need to configure Ad-aware for a full scan. user posted image Click on the Gear icon (second from the left) to access the preferences/settings window 1. In the General window make sure the following are selected: * Automatically save log-file * Automatically quarantine objects prior to removal * Safe Mode (always request confirmation) 2. Click on the Scanning button on the left and select : * Scan Within Archives * Scan Active Processes * Scan Registry * Deep Scan Registry * Scan my IE favorites for banned URL's * Scan my Hosts file * Under Click here to select drives + folders, choose: * All of your hard drives 3. Click on the Advanced button on the left and select: * Include additional process information * Include additional file information * Include environment information 4. Click the Tweak button and select: * Under the Scanning Engine: o Unload recognized processes & modules during scan o Include additional Ad-aware settings in logfile * Under the Cleaning Engine: o Let Windows remove files in use at next reboot 5. Click on Proceed to save the settings. 6. Click Start and on the next screen choose Activate in-depth Scan at the bottom of the page and then choose: * Use Custom Scanning Options 7. Click Next and Ad-aware will scan your hard drive(s) with the options you have selected. 8. Save the log file when it asks and then click Finish 9. When finished, mark everything for removal and get rid of it. (Right-click the window and choose Select All from the drop down menu and click Next). 10.Reboot your computer. Run HiJackThis again and post a new log in this thread. --------------------

Bobbi Flekman View Member Profile	Dec 6 2004, 11:18 AM Post #5
The computer whisperer Group: Admin Posts: 5988 Joined: 17-April 04 From: Isla Nublar Member No.: 6954	Hi fabian, QUOTE when i launch IE, what follows is the opening of another browser looking for what i was looking for........ Unfortunately this is a new piece of malware that we are currently working on to fix. I'm not completely sure what to do with this information, but be assured a lot of people are looking into this problem including your thread. So I'm a kind of intermediary. Set hidden files showing. How do I show hidden files? Open Windows Explorer, navigate to the folder "c:\Windows\System32". From the "View" menu, choose "Arrange icons by" and "Date modified". Find the file "Guard.tmp". Check its properties for the date of creation, and report that back to me. Check for .dll files that are near "Guard.tmp". Check their properties for a matching date and report them as well. Launch Notepad, and copy/paste the box below into a new text file. Save it as Export.bat and save it on your Desktop. CODE regedit /e Notify.reg "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify" Locate Export.bat on your Desktop and double-click on it. This will create a file on your desktop named Notify.reg. Attach this to a new post. --------------------

fabian View Member Profile	Dec 6 2004, 08:24 PM Post #6
Active Member Group: Member Posts: 37 Joined: 5-December 04 Member No.: 12041	Thanks for your efforts, you're awesome! I couldnt locate the file guard.tmp anywhere Today the virus installed shortcut links onto my desktop to online dating, online -- Look for another playground --, auction sites.... Also any idea how to get my recycle bin back? Anything i deleted cannot be recovered...my recycle bin has died....... This post has been edited by fabian: Dec 6 2004, 08:34 PM Attached File(s) Notify.reg ( 0bytes ) Number of downloads: 0

fabian View Member Profile	Dec 6 2004, 08:35 PM Post #7
Active Member Group: Member Posts: 37 Joined: 5-December 04 Member No.: 12041	i took a screenshot of the place you told me to search... im sure u can see those nasty .exe programs sitting there........ Attached image(s)

Bobbi Flekman View Member Profile	Dec 7 2004, 12:56 PM Post #8
The computer whisperer Group: Admin Posts: 5988 Joined: 17-April 04 From: Isla Nublar Member No.: 6954	It seems that we have a solution. Can you download and extract the attached zip file. There is a batch file in it named Find.bat. This will create a log, please post it. Attached File(s) Find_It.zip ( 0bytes ) Number of downloads: 13 --------------------

Bobbi Flekman View Member Profile	Dec 7 2004, 06:00 PM Post #10
The computer whisperer Group: Admin Posts: 5988 Joined: 17-April 04 From: Isla Nublar Member No.: 6954	Hi fabian, Can you zip the files in red for me: C:\WINNT\System32\guard.tmp C:\WINNT\System32\dnpq0175e.dll C:\WINNT\System32\g0402ahmgd4a2.dll C:\WINNT\System32\idgcmn.dll C:\WINNT\System32\lwfax11n.dll C:\WINNT\System32\lvlu0939e.dll C:\WINNT\System32\irp6l57s1.dll C:\WINNT\System32\l86o0ij3e8o.dll Send the zip file to my email address. Launch Notepad, and copy/paste the box below into a new text file. Save it as fixme.reg and save it on your Desktop. CODE REGEDIT4 [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Setup] Locate fixme.reg on your Desktop and double-click on it. You will receive a prompt similar to: "Do you wish to merge the information into the registry?". Answer "Yes" and wait for a message to appear similar to "Merged Successfully". Download Killbox by Option^Explicit. Extract it from the zip file then double-click on Killbox.exe to run it. Click on "Delete on Reboot", in the "Full Path of File to Delete" box, enter C:\WINNT\System32\guard.tmp and click on the button with the white cross in a red circle. You will get a question "File will be Deleted on Next Reboot, Process & Reboot now?", answer "No". Do the same for the these files: C:\WINNT\System32\dnpq0175e.dll C:\WINNT\System32\g0402ahmgd4a2.dll C:\WINNT\System32\idgcmn.dll C:\WINNT\System32\lwfax11n.dll C:\WINNT\System32\lvlu0939e.dll C:\WINNT\System32\irp6l57s1.dll C:\WINNT\System32\l86o0ij3e8o.dll after the last one click the button and answer "Yes". Let Killbox do it's work. --------------------

fabian View Member Profile	Dec 7 2004, 06:04 PM Post #11
Active Member Group: Member Posts: 37 Joined: 5-December 04 Member No.: 12041	i cant find guard.tmp.....looking for the others

Bobbi Flekman View Member Profile	Dec 7 2004, 06:12 PM Post #12
The computer whisperer Group: Admin Posts: 5988 Joined: 17-April 04 From: Isla Nublar Member No.: 6954	QUOTE (fabian @ Dec 7 2004, 07:04 PM) i cant find guard.tmp.....looking for the others Let Killbox handle it! Just copy the line and paste it into Killbox. --------------------

fabian View Member Profile	Dec 7 2004, 07:22 PM Post #13
Active Member Group: Member Posts: 37 Joined: 5-December 04 Member No.: 12041	ok done....then?

fabian View Member Profile	Dec 7 2004, 07:53 PM Post #14
Active Member Group: Member Posts: 37 Joined: 5-December 04 Member No.: 12041	Logfile of HijackThis v1.98.2 Scan saved at 2:47:28 PM, on 12/7/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Norton Internet Security\NISUM.EXE C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Norton Internet Security\ccPxySvc.exe C:\WINNT\system32\cisvc.exe C:\WINNT\CommuniGatePro\CGStarter.exe C:\WINNT\CommuniGatePro\CGServer.exe C:\WINNT\system32\crypserv.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\WINNT\System32\inetsrv\inetinfo.exe C:\Program Files\Tiny Personal Firewall\persfw.exe C:\Program Files\Symantec AntiVirus\SavRoam.exe C:\WINNT\System32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\WINNT\system32\rundll32.exe C:\WINNT\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe C:\Program Files\QuickTime\qttask.exe C:\WINNT\System32\devldr32.exe C:\WINNT\System32\wuauclt.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe C:\Program Files\Exif Launcher\QuickDCF.exe C:\Program Files\Hewlett-Packard\AiO\hp psc 900 series\Bin\hpobrt07.exe C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe C:\WINNT\System32\hpoipm07.exe C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CapMan.exe C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\ElogErr.exe C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\BROADC~1.EXE C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\SCRFS.exe C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINNT\system32\cidaemon.exe C:\HJT\hijackthis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: 69.20.16.183 auto.search.msn.com O1 - Hosts: 69.20.16.183 search.netscape.com O1 - Hosts: 69.20.16.183 ieautosearch O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-ca\msntb.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\Exif Launcher\QuickDCF.exe O4 - Global Startup: HPAiODevice(hp psc 900 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 900 series\Bin\hpobrt07.exe O4 - Global Startup: Phone Connection Monitor.lnk = ? O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: DigiChat Applet - http://host16.digichat.com/DigiChat/DigiCl...s/Client_IE.cab O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab O16 - DPF: Yahoo! Finance MarketTracker - http://finance.yahoo.com/jmt/mt.cab O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1097782091742 O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://carpoint.msn.com/Components/Ocx/SurVid/MSSurVid.cab O16 - DPF: {BB47CA33-8B4D-11D0-9511-00C04FD9152D} (ExteriorSurround Object) - http://carpoint.msn.com/Components/Ocx/Exterior/Outside.cab O16 - DPF: {D30CA0FD-1CA0-11D4-AC78-006008A9A8BC} (WebBasedClientInstall Class) - https://endor.erin.utoronto.ca/cgi-bin/nav/...nst/webinst.cab O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! WebCam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab O16 - DPF: {EF0DBA6F-43CE-4B26-9808-2AB38FA0DB29} (MSN Money Ticker) - http://fdl.msn.com/public/investor/v13/ticker.cab O16 - DPF: {F5820AD3-9B20-423E-B2AA-7AF2B4055746} (CRegistryDownload Class) - http://download.paltalk.com/download/0.x/regdload.cab

Bobbi Flekman View Member Profile	Dec 8 2004, 11:16 AM Post #15
The computer whisperer Group: Admin Posts: 5988 Joined: 17-April 04 From: Isla Nublar Member No.: 6954	Can you also post a log from Find.bat. --------------------

« Next Oldest · HELP! Think you are Infected? · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members: