1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Various connectivity problems and error messages

Discussion in 'Virus & Other Malware Removal' started by Tiansen, Jul 17, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. Tiansen

    Tiansen Thread Starter

    Joined:
    Mar 22, 2007
    Messages:
    39
    Hello!

    I received a computer from my friend to repair. The user reports various internet connectivity problems and some error messages. Bitdefender also crashes at startup.

    Here is HJT log:

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 21:43:55, on 17.7.2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\S24EvMon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\hfcaqhmg.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\System32\RegSrvc.exe
    C:\WINDOWS\System32\PAStiSvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\igfxtray.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\ltmoh\Ltmoh.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\PROGRA~1\MYWEBS~1\bar\e.bin\mwsoemon.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
    C:\Program Files\Gamevance\gamevance32.exe
    C:\RECYCLER\msnservice.exe
    C:\WINDOWS\ApiWin.exe
    C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
    C:\Program Files\Softwin\BitDefender9\bdnagent.exe
    C:\Program Files\Softwin\BitDefender9\bdswitch.exe
    C:\WINDOWS\system32\messengerr.exe
    C:\Progra~1\Common~1\System\IIS\msn_update.exe
    C:\Program Files\Common Files\System\microsoft.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    c:\progra~1\intern~1\iexplore.exe
    C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Documents and Settings\oste\Desktop\HiJackThis_v2.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.starware.com/dp/startpage?src_id=349
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?x=...m7Mb8epJ4A89oV0Ay1zEFk3/r3m507Xbv4k1VqFOXokw=
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
    R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\e.bin\MWSSRCAS.DLL
    O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\e.bin\MWSSRCAS.DLL
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\e.bin\MWSBAR.DLL
    O2 - BHO: (no name) - {182B90A3-F372-438A-800C-6814B4DE417B} - C:\WINDOWS\system32\pmnnmmk.dll
    O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
    O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - C:\Program Files\VSAdd-in\VSAdd-in.dll
    O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - C:\WINDOWS\system32\skgflrpw.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: (no name) - {B8E13797-B24D-40B6-B31D-DFBF915C818B} - C:\WINDOWS\system32\jkhhe.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
    O2 - BHO: (no name) - {CA356D79-679B-4b4c-8E49-5AF97014F4C1} - C:\Program Files\Starware349\bin\Starware349.dll
    O2 - BHO: (no name) - {EA1660EF-9AD2-4007-AD57-99CA09384D74} - C:\WINDOWS\system32\wobgumck.dll
    O2 - BHO: (no name) - {FE39E54D-9A1F-5D82-D9D6-79EB6DCAF671} - C:\DOCUME~1\oste\APPLIC~1\MFCDAM~1\bend meta.exe (file missing)
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
    O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\e.bin\MWSBAR.DLL
    O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll
    O3 - Toolbar: Starware Horoscopes Toolbar - {D49E9D35-254C-4c6a-9D17-95018D228FF5} - C:\Program Files\Starware349\bin\Starware349.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
    O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\e.bin\mwsoemon.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
    O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\e.bin\MWSBAR.DLL,S
    O4 - HKLM\..\Run: [I downloaded pirated Software from P2P ] Need for Speed Carbon
    O4 - HKLM\..\Run: [Gamevance] C:\Program Files\Gamevance\gamevance32.exe
    O4 - HKLM\..\Run: [MSN Services] C:\RECYCLER\msnservice.exe
    O4 - HKLM\..\Run: [j1271938] rundll32 C:\WINDOWS\system32\j1271938.dll sook
    O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender9\bdmcon.exe"
    O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
    O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender9\bdnagent.exe"
    O4 - HKLM\..\Run: [BDSwitchAgent] "C:\Program Files\Softwin\BitDefender9\bdswitch.exe"
    O4 - HKLM\..\Run: [MSN MESSENGER 9.0] messengerr.exe
    O4 - HKLM\..\Run: [IIS_Update2] C:\Progra~1\Common~1\System\IIS\msnve.exe C:\Progra~1\Common~1\System\IIS\msn_update.exe
    O4 - HKLM\..\Run: [That Rdr Stop Mpeg] C:\Documents and Settings\All Users\Application Data\linkdefaultthatrdr\sixthbird.exe
    O4 - HKLM\..\Run: [WindowsSystem32] C:\Program Files\Common Files\System\microsoft.exe
    O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\mppvmohc.dll",realset
    O4 - HKLM\..\RunServices: [MSN MESSENGER 9.0] messengerr.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\e.bin\mwsoemon.exe
    O4 - HKCU\..\Run: [Shim safe] C:\DOCUME~1\oste\APPLIC~1\PINGTR~1\32 blah.exe
    O4 - HKCU\..\Run: [18Wheels_of_Steel.exe] C:\DOWNLO~1\18WHEE~1.EXE /r
    O4 - HKCU\..\Run: [CinemaTycoon-WinSetup.exe] C:\DOWNLO~1\CINEMA~1.EXE /r
    O4 - HKCU\..\Run: [SchoolTycoonSetup.exe] C:\DOWNLO~1\SCHOOL~1.EXE /r
    O4 - HKCU\..\Run: [PrisonTycoonSetup.exe] C:\DOWNLO~1\PRISON~1.EXE /r
    O4 - HKCU\..\Run: [RegPowerClean] "C:\Program Files\Winferno\RegistryPowerCleaner\RegPowerClean.exe"
    O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    O4 - HKCU\..\Run: [MSN MESSENGER 9.0] messengerr.exe
    O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - S-1-5-18 Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\b.bin\MWSOEMON.EXE (User 'SYSTEM')
    O4 - .DEFAULT Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\b.bin\MWSOEMON.EXE (User 'Default user')
    O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\b.bin\MWSOEMON.EXE
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\b.bin\MWSOEMON.EXE
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNfox000
    O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {F2D35D99-63B1-46D3-970C-6E22320D5DCB} (kSoloCntrlIE Class) - http://www.ksolo.com/playerBase/kSoloIEHDSD.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{21A3EB0B-89C3-4B7A-BE50-BFBDDC63AEF0}: NameServer = 193.189.160.13,193.189.160.14
    O20 - Winlogon Notify: jkhhe - C:\WINDOWS\system32\jkhhe.dll
    O20 - Winlogon Notify: pmnnmmk - C:\WINDOWS\SYSTEM32\pmnnmmk.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
    O23 - Service: DomainService - - C:\WINDOWS\system32\hfcaqhmg.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
    O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender9\vsserv.exe
    O23 - Service: winconfig.exe - Unknown owner - C:\WINDOWS\ApiWin.exe
    O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

    --
    End of file - 13201 bytes
     
  2. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Wow this system is VERY infected.

    Download the Trial version of Superantispyware Pro (SAS):
    http://www.superantispyware.com/superantispyware.html?rid=3132


    Install it and double-click the icon on your desktop to run it.
    · It will ask if you want to update the program definitions, click Yes.
    · Under Configuration and Preferences, click the Preferences button.
    · Click the Scanning Control tab.
    · Under Scanner Options make sure the following are checked:
    o Close browsers before scanning
    o Scan for tracking cookies
    o Terminate memory threats before quarantining.
    o Please leave the others unchecked.
    o Click the Close button to leave the control center screen.
    · On the main screen, under Scan for Harmful Software click Scan your computer.
    · On the left check C:\Fixed Drive.
    · On the right, under Complete Scan, choose Perform Complete Scan.
    · Click Next to start the scan. Please be patient while it scans your computer.
    · After the scan is complete a summary box will appear. Click OK.
    · Make sure everything in the white box has a check next to it, then click Next.
    · It will quarantine what it found and if it asks if you want to reboot, click Yes.
    · To retrieve the removal information for me please do the following:
    o After reboot, double-click the SUPERAntispyware icon on your desktop.
    o Click Preferences. Click the Statistics/Logs tab.
    o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    o It will open in your default text editor (such as Notepad/Wordpad).
    o Please highlight everything in the notepad, then right-click and choose copy.
    · Click close and close again to exit the program.
    · Please paste that information here for me with a new Hijack This log.
     
  3. Tiansen

    Tiansen Thread Starter

    Joined:
    Mar 22, 2007
    Messages:
    39
    Thank you very much for your quick answer! (y)

    This system is heavily infected indeed. After restart CPU was running at 100% and processes eating it were in this order: csrss.exe, apiwin.exe.... and superantispyware pro too. I wait for a while but nothing happened, CPU still at 100%. Internet worked very slowly or didnt work at all. I also noticed a lot of weird files in root of C:\ that I am sure are malicious.
    Files as: irab.exe, jojg.exe, kosjlqeb.exe... and a lot more.

    Computer was running with Bitdefender protection disabled because trial expired. :mad:

    Because of internet not working, I am posting this from Safe Mode with Networking. Here it works. Please be sure that your help is much appreciated here in this tough case.

    And here is HJT log (SuperAntispyware log is attached because it is too long :eek: )


    HIJACK THIS LOG!

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 18:37:59, on 18.7.2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\S24EvMon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\System32\RegSrvc.exe
    C:\WINDOWS\System32\PAStiSvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\ApiWin.exe
    C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
    C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\igfxtray.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\ltmoh\Ltmoh.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\Gamevance\gamevance32.exe
    C:\RECYCLER\msnservice.exe
    C:\Program Files\Softwin\BitDefender9\bdmcon.exe
    C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
    C:\Program Files\Softwin\BitDefender9\bdnagent.exe
    C:\Program Files\Softwin\BitDefender9\bdswitch.exe
    C:\WINDOWS\system32\messengerr.exe
    C:\WINDOWS\system32\svcUpdate.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Progra~1\Common~1\System\IIS\msn_update.exe
    C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Softwin\BitDefender9\vsserv.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\oste\Desktop\HiJackThis_v2.exe
    C:\WINDOWS\ApiWin.exe
    C:\WINDOWS\ApiWin.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.starware.com/dp/startpage?src_id=349
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?x=...m7Mb8epJ4A89oV0Ay1zEFk3/r3m507Xbv4k1VqFOXokw=
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
    O2 - BHO: (no name) - {FE39E54D-9A1F-5D82-D9D6-79EB6DCAF671} - C:\DOCUME~1\oste\APPLIC~1\MFCDAM~1\bend meta.exe (file missing)
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
    O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [I downloaded pirated Software from P2P ] Need for Speed Carbon
    O4 - HKLM\..\Run: [Gamevance] C:\Program Files\Gamevance\gamevance32.exe
    O4 - HKLM\..\Run: [MSN Services] C:\RECYCLER\msnservice.exe
    O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender9\bdmcon.exe"
    O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
    O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender9\bdnagent.exe"
    O4 - HKLM\..\Run: [BDSwitchAgent] "C:\Program Files\Softwin\BitDefender9\bdswitch.exe"
    O4 - HKLM\..\Run: [MSN MESSENGER 9.0] messengerr.exe
    O4 - HKLM\..\Run: [IIS_Update2] C:\Progra~1\Common~1\System\IIS\msnve.exe C:\Progra~1\Common~1\System\IIS\msn_update.exe
    O4 - HKLM\..\Run: [Microsoft] svcUpdate.exe
    O4 - HKLM\..\RunServices: [MSN MESSENGER 9.0] messengerr.exe
    O4 - HKLM\..\RunServices: [Microsoft] svcUpdate.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [18Wheels_of_Steel.exe] C:\DOWNLO~1\18WHEE~1.EXE /r
    O4 - HKCU\..\Run: [CinemaTycoon-WinSetup.exe] C:\DOWNLO~1\CINEMA~1.EXE /r
    O4 - HKCU\..\Run: [SchoolTycoonSetup.exe] C:\DOWNLO~1\SCHOOL~1.EXE /r
    O4 - HKCU\..\Run: [PrisonTycoonSetup.exe] C:\DOWNLO~1\PRISON~1.EXE /r
    O4 - HKCU\..\Run: [RegPowerClean] "C:\Program Files\Winferno\RegistryPowerCleaner\RegPowerClean.exe"
    O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    O4 - HKCU\..\Run: [MSN MESSENGER 9.0] messengerr.exe
    O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - S-1-5-18 Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\b.bin\MWSOEMON.EXE (User 'SYSTEM')
    O4 - .DEFAULT Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\b.bin\MWSOEMON.EXE (User 'Default user')
    O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\b.bin\MWSOEMON.EXE
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\b.bin\MWSOEMON.EXE
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNfox000
    O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {F2D35D99-63B1-46D3-970C-6E22320D5DCB} (kSoloCntrlIE Class) - http://www.ksolo.com/playerBase/kSoloIEHDSD.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{21A3EB0B-89C3-4B7A-BE50-BFBDDC63AEF0}: NameServer = 193.189.160.13,193.189.160.14
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
    O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender9\vsserv.exe
    O23 - Service: winconfig.exe - Unknown owner - C:\WINDOWS\ApiWin.exe
    O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

    --
    End of file - 11516 bytes


    Thank you again!
     

    Attached Files:

  4. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Please do this next

    Download ComboFix to your Desktop.

    Reboot to Safe mode:

    Restart your computer and begin tapping the F8 key on your keyboard just before Windows starts to load. If done properly a Windows Advanced Options menu will appear. Select the Safe Mode option and press Enter.

    Perform the following actions in Safe Mode.
    • Double click combofix.exe and follow the prompts.
    • When finished, it will produce a log for you. Post that log and a new HijackThis log in your next reply
    Note: Do not mouseclick combofix's window while it's running as that may cause it to stall
     
  5. Tiansen

    Tiansen Thread Starter

    Joined:
    Mar 22, 2007
    Messages:
    39
    OK, here is Combofix log:

    "Administrator" - 2007-07-19 10:17:53 - ComboFix 07-07-14.6 - Service Pack 2 NTFS [SAFE MODE]


    (((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\system32\apkynrbu.dll
    C:\WINDOWS\system32\jyjndmav.dll
    C:\WINDOWS\system32\kkuijokv.dll
    C:\WINDOWS\system32\lfsliaph.dll
    C:\WINDOWS\system32\pwmnuimd.dll
    C:\WINDOWS\system32\ehhkj.bak1
    C:\WINDOWS\system32\ehhkj.bak2
    C:\WINDOWS\system32\ehhkj.ini
    C:\WINDOWS\system32\ehhkj.tmp


    * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\303.exe
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware349
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware349\buttons\ebaykeyword.bmp
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware349\buttons\ebaykeyword.png
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware349\buttons\ebaysearch.bmp
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware349\buttons\ebaysearch.png
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware349\buttons\FindIt.bmp
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware349\buttons\FindItHot.bmp
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware349\buttons\findithotxp.png
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware349\buttons\finditxp.png
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware349\buttons\Highlight.bmp
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware349\buttons\HighlightHot.bmp
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware349\buttons\highlighthotxp.png
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware349\buttons\highlightxp.png
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware349\buttons\Reference.bmp
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware349\buttons\ReferenceHot.bmp
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware349\buttons\referencehotxp.png
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware349\buttons\referencexp.png
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware349\buttons\starware_toolbar_icon.bmp
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware349\buttons\Weather.bmp
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware349\buttons\weatherhotxp.png
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware349\buttons\weatherxp.png
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware349\contexts\error.xml
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware349\contexts\Related.xml
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware349\contexts\Travel.xml
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware349\images\walertXP.bmp
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware349\SimpleUpdate\ProductMessagingConfig.xml
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware349\SimpleUpdate\ProductMessagingConfig.xml.backup
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware349\SimpleUpdate\SimpleUpdateConfig.xml
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware349\SimpleUpdate\SimpleUpdateConfig.xml.backup
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware349\SimpleUpdate\TimerManagerConfig.xml
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware349\SimpleUpdate\TimerManagerConfig.xml.backup
    C:\DOCUME~1\oste\APPLIC~1\Starware349
    C:\DOCUME~1\oste\APPLIC~1\Starware349\BrowserSearch\BrowserSearch.xml
    C:\DOCUME~1\oste\APPLIC~1\Starware349\BrowserSearch\BrowserSearch.xml.backup
    C:\DOCUME~1\oste\APPLIC~1\Starware349\Configurator\Configurator.xml
    C:\DOCUME~1\oste\APPLIC~1\Starware349\Configurator\Configurator.xml.backup
    C:\DOCUME~1\oste\APPLIC~1\Starware349\EbayKeyword\EbayKeywordOptions.xml
    C:\DOCUME~1\oste\APPLIC~1\Starware349\EbayKeyword\EbayKeywordOptions.xml.backup
    C:\DOCUME~1\oste\APPLIC~1\Starware349\EbaySearch\EbaySearchOptions.xml
    C:\DOCUME~1\oste\APPLIC~1\Starware349\EbaySearch\EbaySearchOptions.xml.backup
    C:\DOCUME~1\oste\APPLIC~1\Starware349\ErrorSearch\ErrorSearchOptions.xml
    C:\DOCUME~1\oste\APPLIC~1\Starware349\ErrorSearch\ErrorSearchOptions.xml.backup
    C:\DOCUME~1\oste\APPLIC~1\Starware349\Games\GamesOptions.xml
    C:\DOCUME~1\oste\APPLIC~1\Starware349\Games\GamesOptions.xml.backup
    C:\DOCUME~1\oste\APPLIC~1\Starware349\Games\images\active\Games0.bmp
    C:\DOCUME~1\oste\APPLIC~1\Starware349\HoroscopesMarketingSitePager\HoroscopesMarketingSitePagerOptions.xml
    C:\DOCUME~1\oste\APPLIC~1\Starware349\HoroscopesMarketingSitePager\HoroscopesMarketingSitePagerOptions.xml.backup
    C:\DOCUME~1\oste\APPLIC~1\Starware349\HoroscopesMarketingSitePager\images\active\HoroscopesMarketingSitePager0.bmp
    C:\DOCUME~1\oste\APPLIC~1\Starware349\Layouts\ToolbarLayout.xml
    C:\DOCUME~1\oste\APPLIC~1\Starware349\Layouts\ToolbarLayout.xml.backup
    C:\DOCUME~1\oste\APPLIC~1\Starware349\Manager\ManagerOptions.xml
    C:\DOCUME~1\oste\APPLIC~1\Starware349\Manager\ManagerOptions.xml.backup
    C:\DOCUME~1\oste\APPLIC~1\Starware349\Movies\images\active\Movies0.bmp
    C:\DOCUME~1\oste\APPLIC~1\Starware349\Movies\MoviesOptions.xml
    C:\DOCUME~1\oste\APPLIC~1\Starware349\Movies\MoviesOptions.xml.backup
    C:\DOCUME~1\oste\APPLIC~1\Starware349\Reference\ReferenceOptions.xml
    C:\DOCUME~1\oste\APPLIC~1\Starware349\Reference\ReferenceOptions.xml.backup
    C:\DOCUME~1\oste\APPLIC~1\Starware349\RelatedSearch\RelatedSearchOptions.xml
    C:\DOCUME~1\oste\APPLIC~1\Starware349\RelatedSearch\RelatedSearchOptions.xml.backup
    C:\DOCUME~1\oste\APPLIC~1\Starware349\ScreensaversMarketingSitePager\images\active\ScreensaversMarketingSitePager0.bmp
    C:\DOCUME~1\oste\APPLIC~1\Starware349\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml
    C:\DOCUME~1\oste\APPLIC~1\Starware349\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup
    C:\DOCUME~1\oste\APPLIC~1\Starware349\Toolbar\TBProductsOptions.xml
    C:\DOCUME~1\oste\APPLIC~1\Starware349\Toolbar\TBProductsOptions.xml.backup
    C:\DOCUME~1\oste\APPLIC~1\Starware349\ToolbarLogo\ToolbarLogoOptions.xml
    C:\DOCUME~1\oste\APPLIC~1\Starware349\ToolbarLogo\ToolbarLogoOptions.xml.backup
    C:\DOCUME~1\oste\APPLIC~1\Starware349\ToolbarSearch\ToolbarSearchOptions.xml
    C:\DOCUME~1\oste\APPLIC~1\Starware349\ToolbarSearch\ToolbarSearchOptions.xml.backup
    C:\DOCUME~1\oste\APPLIC~1\Starware349\TravelSearch\TravelSearchOptions.xml
    C:\DOCUME~1\oste\APPLIC~1\Starware349\TravelSearch\TravelSearchOptions.xml.backup
    C:\DOCUME~1\oste\APPLIC~1\Starware349\Weather\AlertArchive.xml
    C:\DOCUME~1\oste\APPLIC~1\Starware349\Weather\WeatherOptions.xml
    C:\DOCUME~1\oste\APPLIC~1\Starware349\Weather\WeatherOptions.xml.backup
    c:\RECYCLER\microsoft.exe
    c:\RECYCLER\msnservice.exe
    c:\RECYCLER\myphoto.zip
    C:\uniq
    C:\WINDOWS\system32\citqtvlg.exe
    C:\WINDOWS\system32\gpievlqe.exe
    C:\WINDOWS\system32\knlqkuqk.exe
    C:\WINDOWS\system32\nqlwwjpv.exe
    C:\WINDOWS\system32\nvhbeblf.exe
    C:\WINDOWS\system32\sqgowbol.exe
    C:\WINDOWS\system32\twmdxkgk.exe
    C:\WINDOWS\system32\wifqents.exe


    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


    -------\LEGACY_DOMAINSERVICE
    -------\LEGACY_HPDRIVER


    ((((((((((((((((((((((((( Files Created from 2007-06-19 to 2007-07-19 )))))))))))))))))))))))))))))))


    2007-07-19 10:17 51,200 --a------ C:\WINDOWS\nircmd.exe
    2007-07-18 18:44 524,288 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
    2007-07-18 18:44 <DIR> d--hs---- C:\WINDOWS\CSC
    2007-07-18 18:41 <DIR> d-------- C:\temp
    2007-07-18 10:21 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
    2007-07-18 10:20 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
    2007-07-18 10:20 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2007-07-18 10:20 <DIR> d-------- C:\DOCUME~1\oste\APPLIC~1\SUPERAntiSpyware.com
    2007-07-15 11:09 557,601 --a------ C:\doe.exe
    2007-07-15 11:06 557,601 --a------ C:\virgina10.exe
    2007-07-15 10:47 2,513,684 --a------ C:\ee.exe
    2007-07-15 10:38 <DIR> d-------- C:\WINDOWS\system32\Dap
    2007-07-15 10:37 <DIR> d-------- C:\kit
    2007-07-15 10:36 2,513,684 --a------ C:\edu.exe
    2007-07-14 22:50 <DIR> d-------- C:\Program Files\PhotoFiltre
    2007-07-13 15:44 <DIR> d-------- C:\Program Files\Ping Trust Help
    2007-07-11 10:45 166,912 --a------ C:\irab.exe
    2007-07-11 10:42 648,225 --a------ C:\russian.exe
    2007-07-11 10:33 853,583 --a------ C:\eie.exe
    2007-07-08 15:00 696,777 --a------ C:\s9w3.exe
    2007-07-06 11:20 21,504 --a------ C:\WINDOWS\system32\drivers\motmodem.sys
    2007-07-06 11:20 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
    2007-07-06 11:20 <DIR> d-------- C:\Program Files\Common Files\Motorola Shared
    2007-07-06 11:18 92,064 --a------ C:\DOCUME~1\oste\mqdmmdm.sys
    2007-07-06 11:18 9,232 --a------ C:\DOCUME~1\oste\mqdmmdfl.sys
    2007-07-06 11:18 79,328 --a------ C:\DOCUME~1\oste\mqdmserd.sys
    2007-07-06 11:18 66,656 --a------ C:\DOCUME~1\oste\mqdmbus.sys
    2007-07-06 11:18 6,208 --a------ C:\DOCUME~1\oste\mqdmcmnt.sys
    2007-07-06 11:18 5,936 --a------ C:\DOCUME~1\oste\mqdmwhnt.sys
    2007-07-06 11:18 4,048 --a------ C:\DOCUME~1\oste\mqdmcr.sys
    2007-07-06 11:10 <DIR> d-------- C:\DOCUME~1\oste\APPLIC~1\InstallShield
    2007-07-06 11:05 <DIR> d-------- C:\Program Files\Motorola Phone Tools
    2007-07-06 11:04 25,600 --a------ C:\DOCUME~1\oste\usbsermptxp.sys
    2007-07-06 11:04 22,768 --a------ C:\DOCUME~1\oste\usbsermpt.sys
    2007-07-06 11:01 853,583 --a------ C:\r43ed.exe
    2007-07-05 12:47 <DIR> d-------- C:\DOCUME~1\oste\APPLIC~1\MySpace
    2007-07-05 08:56 7,168 --a------ C:\WINDOWS\system32\hpdriver.sys
    2007-07-04 12:39 648,225 -r-hs---- C:\WINDOWS\ApiWin.exe
    2007-06-26 18:54 <DIR> d-------- C:\Program Files\Infogrames
    2007-06-26 15:46 <DIR> d-------- C:\Program Files\BlueByte
    2007-06-26 13:33 <DIR> d-------- C:\Program Files\EA GAMES
    2007-06-26 12:42 <DIR> d-------- C:\Program Files\EuroTalk
    2007-06-24 23:04 <DIR> d-------- C:\Program Files\Windows Live
    2007-06-23 19:49 <DIR> d-------- C:\Program Files\Maxis
    2007-06-19 18:01 <DIR> d-------- C:\DOCUME~1\oste\APPLIC~1\PlayFirst
    2007-06-19 18:01 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\PlayFirst
    2007-06-19 16:43 <DIR> d-------- C:\DOCUME~1\oste\APPLIC~1\GetRightToGo


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-07-18 16:21:01 -------- d-----w C:\Program Files\Adverts
    2007-07-18 08:26:52 30 ----a-w C:\WINDOWS\system32\getfile.dat
    2007-07-15 08:41:17 -------- d-----w C:\Program Files\MSN Games
    2007-07-15 08:34:49 -------- d-----w C:\Program Files\eMule
    2007-07-15 08:24:48 -------- d-----w C:\Program Files\MSN Messenger
    2007-07-15 08:24:48 -------- d-----w C:\Program Files\Messenger Plus! Live
    2007-07-06 11:27:18 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
    2007-07-06 11:26:53 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
    2007-07-06 09:10:12 -------- d-----w C:\Program Files\LiveUpdate
    2007-07-06 09:05:09 -------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-07-03 19:16:23 28,672 ----a-w C:\WINDOWS\system32\f3PSSavr.scr
    2007-06-14 05:45:03 42,496 ----a-w C:\tajeawe.exe
    2007-06-14 05:42:07 42,496 ----a-w C:\this.exe
    2007-06-10 15:20:04 -------- d-----w C:\Program Files\FunWebProducts
    2007-05-31 18:59:49 -------- d-----w C:\Program Files\Valusoft
    2007-05-24 12:07:01 58,728 ----a-w C:\Program Files\scriptina.zip
    2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
    2007-05-02 11:21:00 245,488 ----a-w C:\WINDOWS\Mall Tycoon 2 Uninstaller.exe
    2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
    2007-04-08 18:01:06 22,322 ----a-w C:\Program Files\serial.zip
    2007-04-08 18:01:06 22,322 ----a-w C:\Program Files\serial.dat
    2007-03-08 11:37:07 0 ----a-w C:\Program Files\cqwydcgt.exe
    2007-01-26 17:34:52 270,799 ----a-w C:\Program Files\Nvu-.xpi
    2006-08-03 14:28:02 461 ----a-w C:\Program Files\INSTALL.LOG
    2006-07-18 13:41:13 1,019,094 --sha-r C:\Program Files\serial.tde
    2006-07-15 01:06:58 279,552 ----a-w C:\Program Files\user32.exe
    2006-07-13 19:23:56 291,956 ----a-w C:\Program Files\shell32.exe
    2006-05-28 16:46:51 397,306 --sha-r C:\Program Files\wunauclt.zip
    2006-05-28 16:46:51 397,306 --sha-r C:\Program Files\wunauclt.tbe
    2006-05-28 16:34:30 435,756 ----a-w C:\Program Files\wunauclt.exe
    2005-11-30 10:50:39 1,427,547 ----a-w C:\Program Files\WinRAR.rar
    2005-09-29 09:51:38 976,020 ----a-w C:\Program Files\BDAXP.cab
    2005-09-29 09:51:38 15,493,481 ----a-w C:\Program Files\DirectX.cab
    2005-09-29 09:51:36 916,815 ----a-w C:\Program Files\Oct2005_MDX_x86.cab
    2005-09-29 09:51:36 86,784 ----a-w C:\Program Files\Oct2005_xinput_x64.cab
    2005-09-29 09:51:36 74,430 ----a-w C:\Program Files\dxupdate.cab
    2005-09-29 09:51:36 703,080 ----a-w C:\Program Files\BDA.cab
    2005-09-29 09:51:36 488,656 ----a-w C:\Program Files\DXSETUP.exe
    2005-09-29 09:51:36 46,085 ----a-w C:\Program Files\Oct2005_xinput_x86.cab
    2005-09-29 09:51:36 1,351,430 ----a-w C:\Program Files\Aug2005_d3dx9_27_x64.cab
    2005-09-29 09:51:36 1,156,363 ----a-w C:\Program Files\BDANT.cab
    2005-09-29 09:51:36 1,078,532 ----a-w C:\Program Files\Aug2005_d3dx9_27_x86.cab
    2005-09-29 09:51:32 74,448 ----a-w C:\Program Files\DSETUP.dll
    2005-09-29 09:51:32 41,888 ----a-w C:\Program Files\dxdllreg_x86.cab
    2005-09-29 09:51:32 2,245,840 ----a-w C:\Program Files\dsetup32.dll
    2005-09-29 09:51:32 13,265,040 ----a-w C:\Program Files\dxnt.cab
    2005-09-28 09:56:46 185,856 ----a-w C:\Program Files\7za.exe
    2004-08-04 07:56:49 128,512 --sh--r C:\WINDOWS\system32\messengerr.exe
    2004-08-04 07:56:49 1,384,548 --sh--r C:\WINDOWS\system32\svcUpdate.exe
    2007-04-08 18:05:19 43 --sha-w C:\WINDOWS\Temp\removalfile.bat


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    2001-04-16 17:39 37808 --a------ C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A}]
    2006-11-05 16:44 548992 -ra------ C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    2007-03-14 03:43 501400 --a------ C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    2006-07-07 13:29 324416 --a------ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9394EDE7-C8B5-483E-8773-474BF36AF6E4}]
    2004-08-13 18:42 155648 --a------ C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
    2005-12-15 19:30 770048 -ra------ c:\program files\google\googletoolbar1.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
    2006-01-17 16:04 282624 --a------ C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FE39E54D-9A1F-5D82-D9D6-79EB6DCAF671}]
    C:\DOCUME~1\oste\APPLIC~1\MFCDAM~1\bend meta.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AGRSMMSG"="AGRSMMSG.exe" [2003-02-14 04:59 C:\WINDOWS\AGRSMMSG.exe]
    "LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2002-11-25 03:23]
    "PRONoMgr.exe"="C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe" [2003-12-10 03:36]
    "InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2003-07-31 19:17]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 09:56 C:\WINDOWS\system32\bthprops.cpl]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-11-18 22:02]
    "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2005-10-27 01:01]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
    "I downloaded pirated Software from P2P "="Need for Speed Carbon" []
    "Gamevance"="C:\Program Files\Gamevance\gamevance32.exe" [2007-04-29 16:22]
    "MSN Services"="C:\RECYCLER\msnservice.exe" []
    "BDMCon"="C:\Program Files\Softwin\BitDefender9\bdmcon.exe" [2005-11-03 16:36]
    "BDOESRV"="C:\Program Files\Softwin\BitDefender9\bdoesrv.exe" [2005-03-11 17:53]
    "BDNewsAgent"="C:\Program Files\Softwin\BitDefender9\bdnagent.exe" [2005-06-09 10:28]
    "BDSwitchAgent"="C:\Program Files\Softwin\BitDefender9\bdswitch.exe" [2005-04-06 13:09]
    "MSN MESSENGER 9.0"="messengerr.exe" [2004-08-04 09:56 C:\WINDOWS\system32\messengerr.exe]
    "IIS_Update2"="C:\Progra~1\Common~1\System\IIS\msnve.exe" [2005-01-08 00:36]
    "Microsoft"="svcUpdate.exe" [2004-08-04 09:56 C:\WINDOWS\system32\svcUpdate.exe]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:56]
    "18Wheels_of_Steel.exe"="C:\DOWNLO~1\18WHEE~1.exe" []
    "CinemaTycoon-WinSetup.exe"="C:\DOWNLO~1\CINEMA~1.exe" []
    "SchoolTycoonSetup.exe"="C:\DOWNLO~1\SCHOOL~1.exe" []
    "PrisonTycoonSetup.exe"="C:\DOWNLO~1\PRISON~1.exe" []
    "RegPowerClean"="C:\Program Files\Winferno\RegistryPowerCleaner\RegPowerClean.exe" [2007-01-05 17:03]
    "SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2006-12-27 16:53]
    "MSN MESSENGER 9.0"="messengerr.exe" [2004-08-04 09:56 C:\WINDOWS\system32\messengerr.exe]
    "MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" []
    "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
    "MSN MESSENGER 9.0"=messengerr.exe
    "Microsoft"=svcUpdate.exe

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 13:55]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    C:\Program Files\SUPERAntiSpyware\SASWINLO.dll --a------ 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
    C:\WINDOWS\System32\LgNotify.dll --a------ 2003-12-16 17:49 110592 C:\WINDOWS\system32\LgNotify.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs BthServ


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2c010600-9c2c-11db-aa5c-000e35a2be45}]
    AutoRun\command- E:\LaunchU3.exe -a

    *Newly Created Service* - HPDRIVER

    Contents of the 'Scheduled Tasks' folder
    2007-07-08 18:00:01 C:\WINDOWS\tasks\At1.job
    2007-03-08 13:00:22 C:\WINDOWS\tasks\At10.job
    2007-07-08 18:00:01 C:\WINDOWS\tasks\At11.job
    2007-07-08 12:00:00 C:\WINDOWS\tasks\At12.job
    2007-07-08 08:00:00 C:\WINDOWS\tasks\At13.job
    2007-03-08 19:00:15 C:\WINDOWS\tasks\At14.job
    2007-03-08 19:00:29 C:\WINDOWS\tasks\At15.job
    2007-04-08 12:00:28 C:\WINDOWS\tasks\At16.job
    2007-04-08 12:00:34 C:\WINDOWS\tasks\At17.job
    2007-04-08 18:04:47 C:\WINDOWS\tasks\At18.job
    2007-04-08 18:04:47 C:\WINDOWS\tasks\At19.job
    2007-07-08 12:00:02 C:\WINDOWS\tasks\At2.job
    2007-04-08 18:04:51 C:\WINDOWS\tasks\At20.job
    2007-07-08 08:00:00 C:\WINDOWS\tasks\At3.job
    2007-07-08 12:00:03 C:\WINDOWS\tasks\At4.job
    2007-07-08 18:00:02 C:\WINDOWS\tasks\At5.job
    2007-07-08 08:00:00 C:\WINDOWS\tasks\At6.job
    2007-07-08 18:00:02 C:\WINDOWS\tasks\At7.job
    2007-07-08 08:00:00 C:\WINDOWS\tasks\At8.job
    2007-07-08 12:00:03 C:\WINDOWS\tasks\At9.job
    2007-07-18 16:00:02 C:\WINDOWS\tasks\B2A92A279752A337.job
    2007-07-18 15:43:01 C:\WINDOWS\tasks\Symantec NetDetect.job

    **************************************************************************

    catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-07-19 10:24:35
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    **************************************************************************

    Completion time: 2007-07-19 10:27:17 - machine was rebooted
    C:\ComboFix-quarantined-files.txt ... 2007-07-19 10:26

    --- E O F ---


    A new HJT log is attached - too long post.
     

    Attached Files:

  6. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    One more scan. There is a lot of infection there

    * Click here to download Webroot SpySweeper.

    (It's a 2 week trial.)

    * Click the Free Trial link under "SpySweeper" to download the program.
    * Install it. Once the program is installed, it will open.
    * It will prompt you to update to the latest definitions, click Yes.
    * Once the definitions are installed, click Options on the left side.
    * Click the Sweep Options tab.
    * Under What to Sweep please put a check next to the following:
    o Sweep Memory
    o Sweep Registry
    o Sweep Cookies
    o Sweep All User Accounts
    o Enable Direct Disk Sweeping
    o Sweep Contents of Compressed Files
    o Sweep for Rootkits

    o Please UNCHECK Do not Sweep System Restore Folder.

    * Click Sweep Now on the left side.
    * Click the Start button.
    * When it's done scanning, click the Next button.
    * Make sure everything has a check next to it, then click the Next button.
    * It will remove all of the items found.
    * Click Session Log in the upper right corner, copy everything in that window.
    * Click the Summary tab and click Finish.
    * Paste the contents of the session log you copied into your next reply.

    Also post a new Hijack This log.
     
  7. Tiansen

    Tiansen Thread Starter

    Joined:
    Mar 22, 2007
    Messages:
    39
    Do you think we will succeed in cleaning this sick machine or would it be better to reformat it?
     
  8. Tiansen

    Tiansen Thread Starter

    Joined:
    Mar 22, 2007
    Messages:
    39
    Internet is still very slow under normal mode. Posting from safe mode. Log is attached because it is too long.
     

    Attached Files:

  9. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    I honestly do feel it is too infected to even attempt anymore scans.
    Are you comfortable with reformatting?
     
  10. Tiansen

    Tiansen Thread Starter

    Joined:
    Mar 22, 2007
    Messages:
    39
    Well, I will do as you say. Certainly it would be better if we succeed in cleaning it, but if you think it would be better to reformat it, I will do that.
     
  11. Tiansen

    Tiansen Thread Starter

    Joined:
    Mar 22, 2007
    Messages:
    39
    So.... reformat or we try something more? :D
     
  12. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    I don't normally throw in the towel so easy, but I think this system is too hosed.
     
  13. Tiansen

    Tiansen Thread Starter

    Joined:
    Mar 22, 2007
    Messages:
    39
    OK, thank you very much for your help!
     
  14. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    You're welcome
     
  15. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/596988

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice